Jump to content

Timos

Former ESET Employees
  • Posts

    60
  • Joined

  • Last visited

Everything posted by Timos

  1. The only supported ODBC driver for linux is this 64bit https://www.microsoft.com/en-us/download/details.aspx?id=28160 ERA Server may work with other drivers, but I never tried it, so I cannot help you. Here are my old notes from installation on Ubuntu x64, hope it helps. Ubuntu: cd /tmp/ wget hxxp://download.microsoft.com/download/6/A/B/6AB27E13-46AE-4CE9-AFFD-406367CADC1D/Linux6/sqlncli-11.0.1790.0.tar.gz tar xvf sqlncli-11.0.1790.0.tar.gz sudo apt-get update sudo apt-get install unixodbc sudo apt-get install libssl-dev libssl1.0.0 libssl1.0.0-dbg Ubuntu: sudo ln -s /lib/x86_64-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so.10 sudo ln -s /lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.10 Debian: sudo ln -s /usr/lib/x86_64-linux-gnu/libssl.so.1.0.0 /usr/lib/libssl.so.10 sudo ln -s /usr/lib/x86_64-linux-gnu/libcrypto.so.1.0.0 /usr/lib/libcrypto.so.10 ldd sqlncli-11.0.1790.0/lib64/libsqlncli-11.0.so.1790.0 sudo ldconfig /usr/local/lib cd sqlncli-11.0.1790.0/ sudo bash ./install.sh install --accept-license --force Driver name can be found at /etc/odbcinst.ini
  2. Please contact ESET Support, it looks there is bug. But I still recommend to use era_mdm.ova, you should have less problems with it.
  3. Set and apply policy on era agent to connect more frequently (for example every 1 minute). Try to restart ERA Agent or reboot the machine. After some amount of time, you should see MDC there.
  4. Enable firewall ports for MDC by adding these lines to /root/firewall-ports.sh and run /root/firewall-ports.sh /root/firewall-ports.sh is ran every machine startup, so this will permanently enable these ports in appliance. echo iptables -A INPUT -p tcp --dport 9980 -j ACCEPT echo ip6tables -A INPUT -p tcp --dport 9980 -j ACCEPT echo iptables -A INPUT -p tcp --dport 9981 -j ACCEPT echo ip6tables -A INPUT -p tcp --dport 9981 -j ACCEPT
  5. Maybe firewall is blocking this. Or look at MDMCore trace.log, if there are any errors.
  6. Especially: - where to find the https certificate - which other params are needed? .\MDMCore.sh--db-type="MySQL Server" --db-driver=MySQL --db-hostname=localhost --db-port=3306 --db-admin-username=root --db-admin-password=xxxx --db-user-username=mdm_user --db-user-password=xxxxxx --https-cert-path=/tmp/https.pfx --https-cert-password=xxxx --hostname=era-server --port=2222 --cert-path=/tmp/agent.pfx --cert-password=xxxxx --mdm-hostname=machine_public_hostname You must create your own HTTPS certificate in pfx format. This should be helpful for you hxxp://stackoverflow.com/questions/14267010/how-to-create-self-signed-ssl-certificate-for-test-purposes - which is the password for the certificate if created pfx is not secured with password, using this param is not needed - --db-use-existing-db= ... should this be the ERAS DB? Or is there no parameter necessary (as in example) do not use this param, Mobile device connector needs to create its own database
  7. If possible, use ERA_MDM.ova in new virtual machine. It is the easiest way to install and manage Mobile device connector.
  8. New version should be available in couple of weeks. Until then there is a temporary workaround: Set default language to English for the database root login and era login as well (both are provided to ERA server setup). Please note that it is not satisfactory to set the language to only one of the mentioned logins. Both must be set! The root login only for the time of ERA setup. ERA login language must remain permanent. Also note that changing the default language for a DB login may influence other applications (if they share the same login).
  9. This is known issue when installing on non-english SQL Server. It is fixed in upcoming release, please wait for it.
  10. Create dynamic group with template: OS Name contains Windows 7. Create dynamic group with template: ESET product not installed. Move one group under another like this: And in the lower group should see computers with following condition met: OS Name contains Windows 7 AND ESET product not installed
  11. Information about belonging to dynamic group comes from Agent. There should be at least 2 replications of Agent to Server. So if you have replication interval set to 20 minutes, you will see computer in dynamic group after 20+20 minutes. Solution for you, when testing, is to set shorter replication interval, for example every 20 seconds.
  12. 0 0/10 * * * ? * This CRON will trigger every 10 minutes, every year, every day, every hour at 00 minutes. For example 9:00, 9:10, 9:20, ... Immiadietely is not possible, it will start on nearest 10 minute interval. You can find more about ESET Cron here: hxxp://help.eset.com/era/6/en-US/index.html?cron_expression.htm
  13. Error: Cannot load from mysql.proc. Does this solve the problem? hxxp://webcheatsheet.com/sql/Fix_Cannot_load_from_mysql.proc._The_table_is_probably_corrupted.php
  14. I have a workaround to get computer name from its UUID. This link is used for creating new task in ERA. https://your-era-hostname/era/webconsole/#id=CLIENTS:id=CLIENT_TASKS_WIZARD;trct=COMPUTER;p=1;trc=123e4567-e89b-12d3-a456-426655440000 Replace your-era-hostname with your hostname and 123e4567-e89b-12d3-a456-426655440000 with Source Machine(UUID) at the end. Click on TARGET tab and you should see name of the computer.
  15. P_REPLICATION_INTERVAL needs CRON expression. hxxp://help.eset.com/era/6/en-US/index.html?cron_expression.htm Default is "R R/20 * * * ? *" which means connecting at random second(R=0-60) every random 20th minute (for example 3, 23, 43 or 17,37,57). Random values should be used for load balancing in time. So every Agent is connecting in different random time. If some accurate CRON is used, for example "0 * * * * ? *", all agents with this setting will connect at the same time (every minute at :00 second) there will be load peaks on server in this time.
  16. If I get it right, you created empty database named "era_db" in sql server. You don't have to do this manually, setup will create database and user for you. Only thing you need is connection to database and root user (for Microsoft SQL "sa" or user with rights like "sa"). If you have Windows Authentication enabled on SQL Server, you do not even need sa user, just use option "SQL Server via Windows Authentication". Solution for you is to delete this empty database and Server setup will create era database for you.
  17. Please contact Peter Randziak via PM and send him packed "logs" directory. Error 1603 is very general MSI error, I am afraid there will be no solution for everyone with this error. MSI log should tell us more.
  18. 2015-03-23 11:01:22 Error: CReplicationModule [Thread 7f0ecd7fa700]: CStepProcessor: Replication slave stopped replication during initialization with reason: UNKNOWN_ORIGIN 2015-03-23 11:01:22 Error: CReplicationModule [Thread 7f0ecd7fa700]: CReplicationManager: Failure of scenario (type=Regular, task_id='00000000-0000-0000-7005-000000000001', link='Automatic replication (REGULAR)' (00000000-0000-0000-7007-000000000001), current_step= [], current_step_phase=, remote_peer=host: "OUR_DOMAIN" port: 2222, remote_peer_type=3, remote_peer_id=XXXXX, remote_realm_id=) This error is always in Agent trace log. First replication always fails with "UNKNOWN_ORIGIN" and next replications should be OK. When "UNKNOWN_ORIGIN" is in log, all your certificates are OK and Agent-Server communication is trusted and encrypted.
  19. Dynamic group templates are evaluated by Agent. Computer should be in corresponding dynamic group after second connection of Agent to Server. In first they get the info about dynamic group template, and in second connection Agent sends if it belongs to dynamic group. Because of this you can trigger client tasks on Agent in situations where Agent has no connection to Server.
  20. Is this server certificate set in server configuration? Restart is needed. Or try to look in server configuration if server certificate contains OUR_ERA_DOMAIN or * From the error it looks, there are some certificates used, which are not signed by CA used on server or agent. /etc/ssl/era/Certification Authority BLABLABLA public key.der and other certs(agent.pfx, server.pfx) are created in Webconsole, or created manually? What differences are between your working environment and this environment? For example network setup, server machine OS and version, ...
  21. Is your Sever certificate signed with /etc/ssl/era/Certification Authority BLABLABLA public key.der? If not, Agent will refuse connection to server. Agent accepts connection only when certificate on other side is signed by ca.der from installation or CA in system (/etc/ssl/certs). Try to use the same ca.der file used for install of "connecting computers"
  22. Folder "installers" contains multiple files with "Agent" in filename, therefore Setup.exe cannot decide which Agent it should install. Changing files in "installers" is on own risk. I you want to be sure to have right installers, download fresh copy of All in one installer and unpack it on disk.
  23. After running a task in webconsole, give it at least 60s to first wake-up call. After this time is guaranteed that "run task" information will arrive to Agent. This applies to everything including task, policies, dynamic groups, ... So, when Agent connects (in your case triggered by wake-up call) less than 60s after some change on server, it couldn't receive information about this change.
  24. IP address in grey box is Computer Name. Second IP is IP reported by Agent from operating system. Computer name is created with first connection of Agent. Server then tries to resolve this IP to domain name, and if it fails (most probably happened in your case) the name is IP address from first connection. Try nslookup 10.148.2.24 on Server machine, it should not give you domain name, and this the reason why you see only IP address. Solution: Computer Name can be renamed in Details of computer to whatever name you need.
×
×
  • Create New...