Jump to content

Timos

Former ESET Employees
  • Posts

    60
  • Joined

  • Last visited

Everything posted by Timos

  1. There should be no problems when 6.5 comes out. These versions are compatible. You can check it also in future versions: hxxp://support.eset.com/kb3690/
  2. I recommend this: Short version: Backup your tomcat installation or whole machine Uninstall tomcat/webconsole Install tomcat/webconsole using Setup.exe Apply again your custom changes you did in tomcat earlier (SSL cert, ...) Long version: Use Setup.exe (according version to server, 6.4 in your case) to uninstall webconsole/tomcat. Tomcat uninstaller will ask you if you want to delete webapps directory, accept it. Run Setup.exe again Setup.exe now lets you to install webconsole/tomcat only. Tomcat is now hardened by Setup.exe: selfsigned ssl cert, sslProtocol, ... Tomcat is up and running now. Try to login into webconsole, it should work. You have to apply your custom changes, your custom ssl cert. You know better what was your changes. If you did not applied custom changes to tomcat/webconsole, you can skip step 6, and it is easy I use this quite a lot when testing ERA, you shouldn't get in any big troubles.
  3. Releases of ERA always contains newest Tomcat 7, but upgrade task applies only to webconsole, not to Tomcat. Your 7.0.55 is from your first installation. For more security I recommend to use another machine which will serve only webconsole: You have installed ERA Server on machine A. Install webconsole+tomcat on some machine B with all-in-one installer. (Possible if you run Setup.exe from commandline with parameters: Setup.exe --mode webconsole). Before install, you can substitute tomcat installer with newer version of Tomcat 7. You must use all-in-installer with same version as the server is, because webconsole and server wouldn't work together. Set up tomcat to your needs (you mentioned ssl cert). Set up webconsole to connect to ERA Server on machine A. It is possible by configuration file located in C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\era\WEB-INF\classes\sk\eset\era\g2webconsole\server\modules\config\EraWebServerConfig.properties (default: localhost 2223). For more security, you can set here public key of ERA Cert Authority which signed server certificate. Webconsole would then connect only to servers, which authenticates by certificates signed with this CA. Set firewall to allow tcp connections from machine B to machine A on incoming port 2223. Advantages are: On internet is exposed only machine B with tomcat/webconsole. If some attacks it, there is less chance, they will get to ERA database, where are all data are stored. Machine A still exposes to internet only port 2222, where agents connect. You do not have to backup machine A when setting this up. All of the setup is performed on machine B.
  4. You can create policy for Security Product with disabled firewall, and then assign it to clients or groups.
  5. Googling for the error gave me this result hxxp://databasebestpractices.com/sql-server-configuration-manager-access-denied/
  6. I think it requires SQL Server 2008 R2. If it's possible I'd recommend you to install SQL Server 2014. Follow the instructions hxxp://support.eset.com/kb3671/ Be careful. If you are installing 2 different versions on same machine: https://msdn.microsoft.com/en-us/library/ms143694.aspx You should be careful, another SQL Server can interfere with applications already using the 2008 SQL Server. Backup your data before major changes like this. I recommend you to install on some clean system, Setup.exe will install SQL Server without user interaction a and set it up for ERA packages.
  7. Hi vanroy, Because of limitation of Microsoft SQL Server 2014 Installer, it is unable to install it from folder path with special characters (the wider characters than 16 bits). To resolve your problem, please copy contents of ESET All in one installer (Setup.exe and files in the same directory) to some folder path with simple characters (for example C:\EsetInstaller\) and run Setup.exe from there.
  8. If above doesn't help: 1. Start notepad (or whatever text editor you are using) As Administrator and open server.xml 2. There should be line with <Connector and port="8080", change that port to something else, for example port="9080" 3. Webconsole should be accessible on https://localhost:9080/era
  9. Please try access webconsole on hxxp://localhost:8080/era
  10. Better solution for step 5 is: Rename era.war to era.zip. Rename "era" in webapps to "era_backup". Extract era.zip in to "era" in webapps Why? If Apache Tomcat is installed by All in one installer (Setup.exe), Tomcat runs as network service, so it cannot write to disk, thus it cannot extract era.war package into webapps.
  11. Try restart the services or machine. Try CTRL+F5 in browser. I have no other ideas for now.
  12. Importing CA that signed Agent certificates into the Trusted Root Certificates on server machine should work. Server will accept these certificates. (It must be in Computer account, not My User nor Service account) BUT, agents will still reject server certificate unless they have CA that signed Server certificate. If they get this CA in installation, they should accept Server certificate.
  13. Ensure SQL Server is listening on port 1433. If it did not help, try using database type "MS SQL Server via Windows Authentication" on port 1433 instead of "MS SQL Server"
  14. Everything you need can be set in server's Generate Report task - How can I get report by date interval / monthly Set trigger in task- How can I export/save the report Select Save to file or Send email.- How can I export Client list as HTML/TXT/CSV Set this setting in task, choices are PDF, Postscript or csv. We have also help page for reports hxxp://help.eset.com/era/6/en-US/index.html?reports.htm
  15. This will be fixed in new version. Apache HTTP Proxy will be installed, but configured access to ESET servers only.
  16. This works only on first install, name of objects in database will be set accordingly to locale setting. Correct usage: --locale=xx_YY Here is the list: sk_SK ar_EG zh_CN zh_TW de_DE en_US es_CL es_ES fr_FR fr_CA hr_HR it_IT ja_JP ko_KR pl_PL pt_BR ru_RU cs_CZ
  17. Check ERA Server is running. Check if it is listening on port 2223. Try open this port with telnet. Look at servers trace.log after unsuccessful login, there could be more info what is worng.
  18. Looks like ERAS v5 is still installed on machine. If true, follow this KB to upgrade from v5 to v6 hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3607
  19. Linux logs are located here: /var/log/eset/RemoteAdministrator/Agent/status.html /var/log/eset/RemoteAdministrator/Agent/trace.log
  20. I think there are running 2 instances on port 1433, and they cannot both run on same port. Try to set ERA sql instance port to something else than 1433. Use SQL Server Configuration Manager for this, it should be installed with sql server. In next version of ERA, Setup.exe will install "ERA" instance for you, running on port 14222. Until then, you must install sql server manually.
  21. Install ERA database to your MSSQL Express, or install manually new instance of MSSQL Express and use this instance as db server for ERA.
  22. In fact, you do not need to use openssl. Java keytool should be enough. hxxp://kb.eset.com/esetkb/index?page=content&id=SOLN3724 Following step 1 and 5 let you generate self signed certificate with your values and setting tomcat's server xml to use generated keystore. Create a keystore with an SSL certificate. You must have Java JRE installed, and it is preferable that you are running the latest version, because it includes the Java Keytool (keytool.exe), which allows you to create the certificate via command line. You need to generate a new certificate for each tomcat instance (in case you have multiple tomcat instances) to ensure that, if one certificate is compromised, other tomcat instances will remain secure. Below is an example command that creates a keystore with an SSL certificate (to perform this step, navigate to exact location of keytool.exe file, for example C:\Program Files (x86)\Java\jre1.8.0_40\bin>, and then run the command):keytool.exe -genkey -alias "tomcat" -keyalg RSA -keysize 4096 -validity 3650 -keystore "C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\tomcat.keystore" -storepass "yourpassword" -keypass "yourpassword" -dname "CN=Unknown, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=Unknown" Edit the server.xml configuration file so that tag is written similar to the example below:<Connector server="OtherWebServer" port="443" protocol="HTTP/1.1" SSLEnabled="true" maxThreads="150" scheme="https" secure="true" clientAuth="false" sslProtocol="TLS" keystoreFile="C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\tomcat.keystore" keystorePass="yourpassword" keyAlias="tomcat"/>
  23. Installing new database instance for ERA should be best for you. Of course you can install in any instance, if you want. In this instance you can install databases for Server, Proxy, and Mobile Connector. Installers needs "sa" login for installing databases and each installer create user and password, which will access its own product database. 1. Database should be accessible on opened tcp port, this is why "mixed mode" is "must". 2. Windows Authentication is optional, but it is used only in installation. It is for users who do not know password for "sa" user 3. Both are valid, it is same as Server. For small network, there is no need for Proxy, and it can be installed later if needed. 4. Same as (3) 5. None of these use database connection. If Windows Authentication is used for install, you do not have to create some administrator user, you do not even need to know "sa" user password in this case. Other logins are created by installers.
  24. Only computers with Agent can be in dynamic groups. So Agentless computer cannot be member of dynamic group. But, you can sort computers by Status in Computers screen and run deployment task on them.
×
×
  • Create New...