Jump to content

tobiasperschon

Members
  • Posts

    28
  • Joined

  • Last visited

Posts posted by tobiasperschon

  1. Downloading an all-in-one installer package (32 or 64bit) results in an Internal Server Error at about 60% progress.

    these lines are from trace.log:

    2019-04-30 09:26:08 Error: CInstallersModule [Thread 7f90648bc700]: CInstallerPackageProcessor::BuilderThread end unexpected with error: I/O error
    2019-04-30 09:26:08 Error: ConsoleApiModule [Thread 7f9067ff7700]: 14179 Unexpected error while processing GetFileProgress request: I/O error

    ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
    ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)

    Debian (64-bit), Version 8.11

    Update module1072 (20180813)

    Translation support module1733 (20190319)

    Configuration module1663.15 (20181129)

    SysInspector module1274 (20180918)

    SSL module1028.1 (20190327)

    Push Notification Service module1052 (20190122)

  2. Hi, yes I did that. I checked the installed application list and the new app does not appear and I looked through the list and a lot of installed apps (from before a couple of days) do not appear and a lot of them have old versions listed.

    Interestingly the "Last Connection" Time is current... Is there a way to "force refresh" the infos from the device?

    cheers

  3. Just now, MichalJ said:

    I have just learned, that there was a hot-fix release on Google play, so you are right, that version 2.1.18.0 is available. It is however unknown to ERA repository (which we will process shortly). Concerning not showing the correct information, I will get in touch with the developers, in order to find out, why the information is not correctly displayed in ERA.

    thank you!

  4. Hi,

    this is what I see under "outdated applications":

    Group by (Application name)
    Group by (Application vendor)
    Group by (Application version)
    Group by (Latest application version)
           

    this is what is displayed under "Installed Applications" for the device:

    ESET Endpoint Security 2.1.11.0
    Latest Application Version 2.1.16.0

    but now it gets interesting, this is what is displayed in the device list:

    ESET Endpoint Security 2.1.18.0

    here the correct version is listed (2.1.18.0) which is also displayed if I open the app and check the version on the phone.

    do you have an idea what caused this and how to fix it?

     
    ESET Remote Administrator (Server), Version 6.5 (6.5.417.0)
    ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)
    Debian (64-bit), Version 8.8

    what additional infos do you need?
     

    Thanks in advance!

     

         
           
           

     

    deviceInfo.png

    device_list.png

  5. I applied the fix. I will check if the second problem is gone. I will also check the server if the first problem occurs again. Interestingly the server was running fine for over a year now. I apt-get upgraded it many times in this year but the first problem I mentioned just started recently. (I did not add more clients...)

     

    anyway, we'll see and I will get back to you! thanks for the advice so far!

     

    Update:

    so far no more errors... lets see how long the server will keep running

     

    Update2:

    The patch seems to have fixed both issues. Server is running fine now.

  6. Hi,
     
    I noticed that the server dies every 2 days or so.
    The trace log shows these lines ever 10 seconds:
    2016-04-23 22:51:39 Error: NetworkModule [Thread 7fbab4ff9700]: remote_endpoint: Bad file descriptor
    2016-04-23 22:51:49 Error: NetworkModule [Thread 7fbab77fe700]: remote_endpoint: Bad file descriptor
    2016-04-23 22:51:49 Error: NetworkModule [Thread 7fbab4ff9700]: remote_endpoint: Bad file descriptor
     
    the last entries in the last-error.html:
     
     

    Scope	Time	Text
    NetworkModule	2016-Apr-22 17:09:32	remote_endpoint: Bad file descriptor
    SchedulerModule	2016-Apr-22 17:09:35	Received message: RegisterSleepEvent
    NetworkModule	2016-Apr-22 17:09:42	No descriptors available. Active session count:2
    NetworkModule	2016-Apr-22 17:09:42	remote_endpoint: Bad file descriptor
    NetworkModule	2016-Apr-22 17:09:52	No descriptors available. Active session count:2
    NetworkModule	2016-Apr-22 17:09:52	remote_endpoint: Bad file descriptor
    CCleanupModule	2016-Apr-22 17:09:55	Initiating calculation of status snapshots
    CCleanupModule	2016-Apr-22 17:09:55	Finished calculation of status snapshots
    SchedulerModule	2016-Apr-22 17:09:55	Received message: RegisterSleepEvent
    AutomationModule	2016-Apr-22 17:10:00	ReportManager: ProcessWatchdogCheck: Watchdog reports normal behaviour.
    ConsoleApiModule	2016-Apr-22 17:10:00	Session data cleanup timeout.
    CReplicationModule	2016-Apr-22 17:10:00	CStepProcessor: Server state changed to OK
    NetworkModule	2016-Apr-22 17:10:02	No descriptors available. Active session count:2
    NetworkModule	2016-Apr-22 17:10:02	remote_endpoint: Bad file descriptor
    NetworkModule	2016-Apr-22 17:10:02	Socket accepted. Remote ip address: 178.191.54.94 remote port: 55989
    NetworkModule	2016-Apr-22 17:10:02	Resolving ip address: 178.191.54.94
    NetworkModule	2016-Apr-22 17:10:02	Receiving ip address: 178.191.54.94 from cache
    NetworkModule	2016-Apr-22 17:10:02	Successfully received ip address: 178.191.54.94 from cache
    NetworkModule	2016-Apr-22 17:10:02	remote_endpoint: Transport endpoint is not connected
    NetworkModule	2016-Apr-22 17:10:02	Socket accepted. Remote ip address: 213.47.170.12 remote port: 54350
    NetworkModule	2016-Apr-22 17:10:02	Resolving ip address: 213.47.170.12
    NetworkModule	2016-Apr-22 17:10:02	Receiving ip address: 213.47.170.12 from cache
    NetworkModule	2016-Apr-22 17:10:02	Successfully received ip address: 213.47.170.12 from cache
    NetworkModule	2016-Apr-22 17:10:02	Socket connection (isClientConnection:0) established for id 32342
    NetworkModule	2016-Apr-22 17:10:02	Socket connection (isClientConnection:0) established for id 32343
    NetworkModule	2016-Apr-22 17:10:02	Connection closed by remote peer for session id 32342
    NetworkModule	2016-Apr-22 17:10:02	Connection closed by remote peer for session id 32343
    NetworkModule	2016-Apr-22 17:10:02	Forcibly closing sessionId:32342, isClosing:0
    NetworkModule	2016-Apr-22 17:10:02	Removing session 32342
    NetworkModule	2016-Apr-22 17:10:02	Closing connection , session id:32342
    NetworkModule	2016-Apr-22 17:10:02	Forcibly closing sessionId:32343, isClosing:0
    NetworkModule	2016-Apr-22 17:10:02	Removing session 32343
    NetworkModule	2016-Apr-22 17:10:02	Closing connection , session id:32343
    NetworkModule	2016-Apr-22 17:10:03	No descriptors available. Active session count:2
    NetworkModule	2016-Apr-22 17:10:03	remote_endpoint: Bad file descriptor
    NetworkModule	2016-Apr-22 17:10:03	Socket accepted. Remote ip address: 213.47.170.12 remote port: 55358
    NetworkModule	2016-Apr-22 17:10:03	Resolving ip address: 213.47.170.12
    NetworkModule	2016-Apr-22 17:10:03	Receiving ip address: 213.47.170.12 from cache
    NetworkModule	2016-Apr-22 17:10:03	Successfully received ip address: 213.47.170.12 from cache
    NetworkModule	2016-Apr-22 17:10:03	remote_endpoint: Transport endpoint is not connected
    

     
    I also notice a lot of the following warnings and errors in the tracelog:
     
    2016-04-21 16:32:04 Warning: NetworkModule [Thread 7fbab7fff700]: The connection will be closed due to timeout. Resolved endpoint is NULL
    2016-04-21 16:32:05 Error: NetworkModule [Thread 7fbab6ffd700]: Error reported by JobScheduler[Name:Dns job scheduler for not network operation]. Error message is:resolve: Host not found
     
    Installed ERA Server 6.3.148.0
    Agent on Server 6.3.148.0
    Debian (64-bit), Version 8.4
     
    I hope you can help me...
     
    Kind regards

  7. You can find the changelog at the bottom of the download page hxxp://www.eset.com/int/download/business/detail/family/258/.

     

    But as I can only see the changelog for the ERA server. Even if I select the agent at the top of the page.

    Another thing: the current version for the agent reported by ERA Console is 6.2.190 but the download page lists version 6.2.200.0.

    Aparently the latest Linux and Windows Versions are different.

  8. Hi,

    I have a customer with an & in the name added in ELA (e.g Company & Co KG).

    ELA displays the owner name correctly but in ERA the synced license displays only "Co KG" in the owner name section

     

    (ERA 6.2)

     

    This is going to be a problem if I have multiple customers that have a & Co KG in their names...

     

    kind regards

  9. Hi,

     

    when installing MDM on Debian the startup of the service fails because the installer sets the following for systemctl (in /etc/systemd/system/eramdmcore.service)

     

    ExecStart=/opt/eset/RemoteAdministrator/MDMCore/eramdmcore --daemon --pidfile /var/run/eramdmcore.pid

     

    but the file in the directory is named ERAMDMCore.

     

    I edited the config file to the correct uppercase name and did a systemctl daemon-reload

    but this is something that could potentially be overwritten by an MDM update. So please fix this in the next version.

     

    kind regards

  10. Hi,

     

    I would like to setup a fail2ban rule for blocking failed ERA logins. The problem is that in the server trace.log only this is logged:

    "Error: CServerSecurityModule [Thread 7f48f2ffd700]: AuthenticateNativeUser: Native user login failed"

     

    But not the IP from where the login attempt was made.

     

    Is possible that you print the IP in this Error line in any future update?

    (I don't really want to set the log to higher verbosity)

     

    Thanks in advance

  11. Hi,

     

    what is the best practise to switch clients from direct ERA connection to ERA proxy?

     

    I have clients with agents set up to connect to the ERA FQDN (which is outside of the local network). I installed ERA Proxy on the on-premise server and the proxy function is showing up correctly in ERA for this server.

     

    I set up a policy with configurations for the ERA Agents and added the FQDN of  the on-premise server to the "connects to" list. But I also added the remote ERA Address in case the proxy has problems or is off line.

     

    Is this correct? Is the order of the "Servers to connect to" list honoured? Or does the agent connect to all the entries (round-robin like) and I should only set the local proxy address?

     

    Is it possible that the agent on the Proxy Server connects to localhost or must the "proxy agent" connect directly to external ERA?

     

    Thanks in advance

  12. If you don't see an agent icon for a particular computer after reinstalling agent followed by sending a wake-up call, check the agent trace log on the client for errors. You can pm me the trace log for analysis.

     

    thank you for your offer! I just reinstalled the complete server with Debian 8 (with Debian 7 the era console could not connect to era server - maybe because of outdated openssl-lib) and now everything is working perfectly. All added computers are showing up with all symbols. Tasks get executed immediately and results are seen almost instantly in ERA console.

     

    Is it now possible with ERA 6.2 to install MDM on the same server?

  13. Update:

     

    ERA is starting to drive me crazy. I did a full fresh reinstall with ERA 6.2 now only tomcat, era and an agent are present on the server. Era Server appeared in the list with the agent symbol (only the agent symbol, I think there is also a symbol for era server?) then I added some clients - on all of them I removed the old one and did a fresh reinstall of the agent. Replication is working but in ERA Console there is a mixed picture: one out of three displayed agent and endpoint symbol and also PC Infos are displayed correctly (under details) the other two don't display any OS or PC info and no agent symbol and the don't show the installed endpoint AV. In addition after waiting a night the agent symbol from the era server entry disapeared in addition with all the OS and PC information...

     

    what is going on? why is stuff working only sometimes, while other times only working half the way?

  14. I was talking about my Wildcard Domain Certificate which I used for Tomcat to secure the https connection to ERA Webconsole. The cert was fairly cheep so it uses an intermediary CA. The PFX file that tomcat uses to secure the Websonsole contains the Domain-Wildcard Cert and the Intermediare CA (the Root is present on all? devices - GlobalTrust)

     

    When installing MDM you are supposed to choose a cert for the https (Options: --https-cert-path= and --https-cert-password=) and also an agent cert (when you do an "offline install") otherwise you have to pass the installer the ERA login credentials and it will pick an agent cert.

    For https you would use a normal domain cert with an public CA so that end users have no trouble opening the MDM site (e.g. enrollment page) without warnings. The problem (as stated above) is that the MDM webserver does only send the domain and not also the intermediary CA to the browser.

    So I don't think you have to (or should) use an public ("purchased") as an agent cert.

×
×
  • Create New...