MartinK

Just be aware, that if testing instance will be created on top of your existing ESMC database (as described in migration scenario), your original and new ESMC instances will share synchronized licenses in a way that when you modify list of synchronized licenses in one instance, it will impact also original/production servers, so my recommendation is to deploy completely new testing ESMC instance, instead of re-using existing database.

Indeed only DER format is supported for both import and export of CA certificates. We will have to check whether it is clearly communicated.

I think this is resolved in just-released ESMC 7.2 where it look like this:

On https://help.eset.com/eea/7/en-US/installation_command_line.html I've found parameters that can be used for specifying GUI language with MSI file that is used in the client task: PRODUCT_LANG and PRODUCT_LANG_CODE
I successfully tested the following settings in my client task specification that installs ESET Endpoint Antivirus in US English:

I think this is resolved in just-released ESMC 7.2 where it look like this:

I think this is resolved in just-released ESMC 7.2 where it look like this:

There are technically two possible ways:
Using "Software installation task" which can install arbitrary MSI installer files. IT has to be available locally on target system or via HTTP, which will be entered into task configuration. In case of network share, permissions has to be set in a way that local service can access shared installer (this causes most common issues). Using "Run command task". In this case it might be more complicated, as whole installation logic, including package download and execution has to be written as command. But If I recall correctly there are few powerhshell snippets to be found on the forum that might help.

It is possible to create custom report with current data set:

and with filter configured as follows:

which will filter devices that has not performed scan for some time, or devices that has never performed as scan:

Please remove sorting from column "Problem detail": Unfortunately there was an issue in console that results in such state where alerts without problem detail are not visible.

Please remove sorting from column "Problem detail": Unfortunately there was an issue in console that results in such state where alerts without problem detail are not visible.

I am not certain but it seems that HW fingerprint of this device change in a way that ESMC requires manual approval for this device - it might have been evaluated as cloned.
Could you please check this client's details in console, whether there is no "Question" in respective subsection? It should be indicated by blue number. Also such questions from whole network should be listed in "Status overview" dashboard, if there are any.
If question will be reported for this device, please check documentation for it and resolve -> once done, device should be connecting. 

Could you be please more specific? You have created mapping for AD security group but users from this group are not able to log in? Asking because it is not clear, as users won't be automatically shown until they first log-in into ESMC, nor they will be removed from ESMC once removed from AD.

Unfortunately I am not able to provide any official recommendation, but any chance you tried third-party repositories? For example this one seems to provide QtWebkit based on Ot4: https://centos.pkgs.org/8/getpagespeed-x86_64/qtwebkit-2.3.4-23.el8.x86_64.rpm.html

This is an early announcement related to the end of life for ema.eset.com (EMA1). As we're completing the migration of MSPs to EMA2 (msp.eset.com), the aim is to phase out EMA1 completely by the end of the year.
 
For more in-depth information and details, please consult the below links:
ESET MSP Administrator V1 to V2 Migration Process FAQ: https://help.eset.com/ema/en-US/migration_faq.html  ESET MSP Administrator versions feature comparison (EMA1/EMA2): https://www.eset.com/int/business/msp-administrator/ More about ESET MSP Administrator V2: https://help.eset.com/ema/2/en-US/ How to use EMA2 with your ESMC https://help.eset.com/msp_getting_started/en-INT/  There will be more detailed information about what this specifically means coming via the usual channels and you'll be informed about any action steps that may arise as part of this EOL initiative.

Finally got this working, it looks like the issue was Microsoft blocking the SMTP AUTH as it was deemed "Risky". I had to log into Azure portal and manually mark it as safe, then after about an hour it started to work with Automatic authentication selected. 

Connection between AGENT and ESMC is using TLS/SSL and thus is is secured and confidential. In case HTTP proxy is in between, it servers just as forwarding element, i.e. it is not introspecting communication. In other words, both AGENT and ESMC are performing or validity checks of TLS certificate as if there is no proxy and connection will be rejected in case certificate of remote peer is not considered as trusted
Credentials of HTTP proxy are suitable only to protect proxy itself from connections of unauthorized clients, i.e. those that do not have right credentials, but even if there is no authentication on proxy, whole AGENT-to-ESMC communication is protected on TLS layer where mutual authorization via certificates is performed.

Hi,
I just published a brief guide to ESMC implementation in Proxmox :
ESET Security Management Center 7 deployment in Proxmox VE
I hope it is useful.
Regards

Thanks for new logs. Now, script works correctly, package is successfully downloaded, installation parameters are ready and installation itself of PKG file is started. Unfortunately more details of installation failure will be available in different log file:
/var/log/install.log but in case of macOS 10.15 it won't be meaningful, as in such case, even executing of helper tools bundled in installer with fail. There are multiple reasons for this:
ERA 6.4 Agent for macOS is 32bit application and support for them was dropped in macOs 10.15 ERA 6.4 Agent is not notarized, which is process required for all applications to be installed on macOS 10.15 ERA 6.4 Agent might try to use old OpenSSL library available in macOS 10.15 resulting in operation abort

Unfortunately that is hard to confirm without testing or more date, but ERA 6.4 was definitely not tested in such environment. Errors seems to be more related to installer script, nor ERA Agent, but it might have the same issue - incompatibility with macOS 10.15 environment.

Just to let you know: please contact me privately (PM) in case you have interest in receiving "new" and not yet published version of MirrorTool which resolves this issue.

Could you please instruct customer to configure Apache Tomcat to configure underlying Java to use en_US locale? It should look like this in Tomcat's configuration tool:

where relevant parameters are -Duser.country=US and -Duser.language=en.
This problem seems to affect only customers hosting ESMC Webconsole on Turkish Windowses. If this is the case, reconfiguration and Apache Tomcat service restart should be sufficient to resolve this issue.

In case you are using ESET Apache HTTP proxy, it is probable that connections to port 8883 are blocked but it is not clear whether this is the issue. Could you verify configuration of:
AllowCONNECT 443 563 2222 in httpd.conf? It is possible that enabling this port 8883 will helps AGENT to connect successfully.
In case direct connection to EPNS servers is not possible, multiple alternatives, including port variants (443,8883) are tried to ensure that connection is made even when configuration is not possible.

Unfortunately there is fatal problem in downloading metadata3 which results in this issue. I expect there will be new version available at least for testing during upcoming week.
Only possible workaround for now is to download metadata3 files manually - there should be one for each application and it is identical to file available on ESET servers = it is digitally signed. Great help would be output you already provided with list of metadata3 files downloaded by ESMC - only files for applications you are actually using is required to simplify things.

My recommendation is to check ports usage documentation: https://help.eset.com/esmc_install/71/en-US/ports_used.html
Technically ESMC + Webconsole (tomcat) are listening on following ports:
2222 (can be changed, for example to 443 to reduce possible firewall issues): this port is used by ESMC Agents to connect to ESMC. This one has to be open for client devices. It could possibly be limited to specific IP addresses if possible, but that could possibly block roaming devices 2223: port is used for (my recommendation is to not open this port from outside of server) for Webconsole-to-ESMC communication. If webconsole will be installed on the same machine (= default scenario), there is no need to expose this port for console to work correctly second use is for ESMC Agent installers in case of "Server assisted installation". I would strongly recommend to omit this functionality, it is deprecated in favor of all-in-one installers which are much more suitable for MSP scenario. 443: standard port for access to ESMC Webconsole via browser. Port has to be opened for ESMC users to access console. My recommendation is to enable access to this port only for known IP addresses if possible. There is also possibility to perform additional hardening of Apache Tomcat configuration to enable only most secure TLS ciphers, you just have to be sure your browser will support it. Also make sure that when installing ESMC, so called "Advanced security mode" is enabled in it's configuration. It will prevent connections of older ERA Agents but should work for ESMC 7.1 Agents installed even on oldest supported systems (Windows XP).

For me sorting by status works. Make sure there is no number next to the arrow. As of ESMC 7.1, you can define primary, secondary and tertiary sorting which is indicated by numbers 1,2,3 respectively.

In such case, click the column title until the number disappears and records are sorted by the Status column: