MartinK

Actually that is different problem. Adapters should be shown in the same order/priority as configured in system. Could you please check that physical adapter is first in list?

Could you please check how many open files / sockets has ESMC service, using command: lsof | grep ERAServer | wc -l executed in appliance terminal? If number will be somewhere near ~1024, could you please also provide number of AGENT connecting to this appliance? Is there any functionality problem reported by ESMC in console? We have recently identified problem with socket limits in appliance to be too low for new AGENTs that are using persistent connections. If previous command was reaching ~1024, please execute following command: echo -e "*\tsoft\tnofile\t65535\n*\thard\tnofile\t65535" > /etc/security/limits.d/50-nofile.conf and restart ESMC (I would recommend to reboot whole appliance). It will increase problematic socket limits.

It seems that issue with wrong order of multiple IP addresses used by the same adapter was not targeted previously, so there is no change in behavior. Problem is that IPs are reported in exactly opposite order as expected -> issue should be fixed for upcoming releases (including potential 7.0 service release).

Unfortunately more detailed activation failure is not traced into ERA/ESMC logs -> error you posted indicates there were problems in AGENT-to-ESMC connection, caused by hostname resolution failure (maybe some network outage) during that time, but in case activation task is executed and results are reported, this issue resolved itself automatically. Regarding activation: my recommendation is to attempt to activate product manually, i.e. use endpoint UI to do so. It will provide more details and will possibly offer solution, especially in case failure is caused by wrong configuration (for example there might be used HTTP proxy that is not accessible).

Unfortunately there is currently no way how to disable it ... is it wrong, or you would like to completely hide it? If so, could you please elaborate more on reasons?

It depends on your configuration. In this case, different IP means that AGENTs has to be configured to use new IP address prior to migration. In case you are using hostnames in AGENTs configuration (hostname of ESMC/ERA where they are connecting), it should be even simpler and AGENTs will start to connect to correct ERA/ESMC after DNS entries are updated.

Computer name as shown in console is static, and was "detected" after installation, where detection was either made on SERVER using reverse-DNS lookup, or it was provided by AGENT just after installation -> this depends on version you are using. I would recommend to check FQDN/ComputerName in "client details" of this device as it will show currently reported hostname of device. It is possible that is has changed since installation which resulted in this inconsistency. As device name in console is static, i.e. it does not change automatically, you have two possibilities: rename device in console manually -> you can actually use any name you wish you can use "Rename computers" task to schedule renaming automatically, based on data provided from client. See documentation of this task for more details. Be aware that task relies on data reported by client, so it is crucial that FQDN or computer name value in client details view is correct as it will be used as source for renaming.

Actually dynamic groups are evaluated on AGENT instantly, upon detection of change in monitored data. Logged users detection is based on WMI notifications, so there is very high probability that group as this one would work almost instantly.

I am not sure DB migration and upgrade will work in one step, but it is definitely possible to relocate your current ERA to another server. Seems that most suitable scenario in your enrinment will be moving with the same ip address or at least the same hostname, as described in documentation.

Could you please specify version and language you selected? Are you trying to install product using software installation task or attempting to create all-in-one installer?

Could you please verify that linux machine (or ESMC appliance) where ESMC is running is properly joined into domain? It seems that is has no access to domain controller or it is completely missing such configuration.

Unfortunately this is known issue. Please check my older post describing potential workaround that can be used to resolve this problem.

It seems problem are spaces between IP address and instance/database name. Problematic part "10.9.8.112 \ ERA_DB" does not seem to be correct - in case you followed linked article, you are missing -d before ERA_DB, and maybe there should be also DB instance name just after hostname (IP).

Not sure which report is this, but I guess that "Computer Name" in this case is device where RogueDetectionSensor is installed, i.e. it is machine which made detection. Is actually RDSensor installed on the same machine as ESMC?

Fix should be ready for next release (even minor), currently without specific release date.