Jump to content

tobiasperschon

Members
  • Posts

    30
  • Joined

  • Last visited

Posts posted by tobiasperschon

  1. I was talking about my Wildcard Domain Certificate which I used for Tomcat to secure the https connection to ERA Webconsole. The cert was fairly cheep so it uses an intermediary CA. The PFX file that tomcat uses to secure the Websonsole contains the Domain-Wildcard Cert and the Intermediare CA (the Root is present on all? devices - GlobalTrust)

     

    When installing MDM you are supposed to choose a cert for the https (Options: --https-cert-path= and --https-cert-password=) and also an agent cert (when you do an "offline install") otherwise you have to pass the installer the ERA login credentials and it will pick an agent cert.

    For https you would use a normal domain cert with an public CA so that end users have no trouble opening the MDM site (e.g. enrollment page) without warnings. The problem (as stated above) is that the MDM webserver does only send the domain and not also the intermediary CA to the browser.

    So I don't think you have to (or should) use an public ("purchased") as an agent cert.

  2. I installed MDM and used a pfx file for securing the website that is shown on Port 9980.

    The PFX file contained an Cert and also an Intermediary CA Cert. But this is not used by the MDM webserver that listens on Port 9980.

     

    I used the same PFX for the Tomcat server that delivers the ERA Console. Tomcat delivers the Intermediary CA Cert to the clients, as seen on the comparison via an SSL checker (https://www.sslshopper.com/ssl-checker.html)

     

    Could you please fix this or tell me where I can change the MDM webserver settings?

  3. I'm using ERA on an CentOS 7 x64 with MariaDB. ERA, MDM, an Agent, MariaDB, Tomcat are installed on the server. (Firewall Ports opened are 2223,2222,9981,9980,443)

    Everything seems to be working - ASAP tasks are starting with +30 min delay but thats not the issue at hand.

     

    After installing updates I rebooted the server and now all the clients and the server itself wich were displayed with the Symbols for Agent and MDM are now in the list but the symbols are missing.

    The MDM server is now not selectable for device enrolment tasks, but everything worked before the reboot.

    New Clients with Agents show up in the Lost and Found but don't get the symbol for "agent". There is also some of the client info missing (under details)

     

    There are no really useful (to me) error messages in the logs:

     

    /var/log/eset/RemoteAdministrator/Server/trace.log

    2015-08-30 09:36:49 Error: CReplicationModule [Thread 7f53097f2700]: CStepProcessor: Failed to process network message of type 202 because of missing replication context
    2015-08-30 10:10:00 Error: CReplicationModule [Thread 7f530aff5700]: CStepProcessor: Failed to process network message of type 202 because of missing replication context
    2015-08-30 11:01:46 Error: CReplicationModule [Thread 7f530cff9700]: CStepProcessor: Failed to process network message of type 204 because of missing replication context
    2015-08-30 13:06:08 Error: CReplicationModule [Thread 7f530a7f4700]: CStepProcessor: Failed to process network message of type 204 because of missing replication context
    2015-08-30 18:14:03 Error: NetworkModule [Thread 7f5326ffd700]: Error in SendCallback: Broken pipe;Error code: 32; SessionId:2132
    2015-08-30 19:38:01 Error: CReplicationModule [Thread 7f530b7f6700]: CStepProcessor: Failed to process network message of type 209 because of missing replication context
    2015-08-30 19:38:01 Error: CReplicationModule [Thread 7f530b7f6700]: CStepProcessor: Failed to process network message of type 209 because of missing replication context
    2015-08-30 19:38:01 Error: CReplicationModule [Thread 7f530b7f6700]: CStepProcessor: Failed to process network message of type 209 because of missing replication context
    2015-08-30 19:38:01 Error: CReplicationModule [Thread 7f530b7f6700]: CStepProcessor: Failed to process network message of type 209 because of missing replication context
     

     

    /var/log/eset/RemoteAdministrator/Agent/trace.log

    2015-08-30 08:47:32 Error: CMDMCoreConnectorModule [Thread 7fa7d77f6700]: Cannot connect to MDMCore using IPv6: Net Exception, Address family not supported
    2015-08-30 08:47:32 Error: CMDMCoreConnectorModule [Thread 7fa7d77f6700]: Net Exception
    2015-08-30 08:47:32 Error: CMDMCoreConnectorModule [Thread 7fa7d77f6700]: Net Exception

     

    but these errors don't occur periodically...

     

    Can somebody point me in the right direction?

    Do you need additional infos?

×
×
  • Create New...