Jump to content

MartinK

ESET Staff
  • Posts

    2,353
  • Joined

  • Last visited

  • Days Won

    67

Kudos

  1. Upvote
    MartinK received kudos from MichalJ in ESMC computer name mismatch (hostname vs FQDN)   
    Yes please verify that hostname of macOS machine is correctly set. Otherwise AGENT won't be able to report FQDN name to ESMC, and thus ESMC won't be able to pair device with FQDN entries in domain.
    Recently we were solving similar issue as support ticket, and customer used command:
    sudo scutil --set HostName devicename.example.com to correctly set FQDN name on macOS device.
  2. Upvote
    MartinK received kudos from Mauricio Osorio in Migration Case   
    Yes, it is possible, but you have to be careful as it might result in inability of AGENT to connect even to their original ESMC.
    Roughly you have to:
    choose new ESMC (i. e. one of existing, or install completely new ESMC) -> I will reference it as "primary ESMC" ensure that ESMC's peer certificate (as set in server settings) contains all required hostnames (or wildcard *), so that AGENTs can connect using various hostnames/IP address. export CA certificate from "primary ESMC". It has to be CA certificate that has been used to sign certificate used for incoming connections, set in server settings. import CA certificate from previous steps into all original ESMC instances. export CA certificates from all original ESMC instances and import them into "master ESMC".  in this moment, all connecting AGENTs should have all 6 CA certificates (5 original + 1 from new ESMC), which means that they can connect to master ESMC, as they will trust it's certificate. This works also other way around -> master ESMC will trust all original AGENT certificates, which means it will accept connections of AGENTs from all previous instances. In each original ESMC instance, create new configuration policy for "ESET Management Agent" and specify servers to connect to in a way that list of hostnames is used, where first in list is hostname of master ESMC, and second is hostname of original server. This is just to be sure that in case AGENT cannot reach new hostname, it will be still connecting to original ESMC. In case hostname will be the same for all AGENTs, you can simplify process by export/import capability. Policies should be assigned to all clients. From this moment, AGENTs should start connecting to master ESMC. You could optionally create policy for "ESET Management Agent" which changes list of server to connect to and AGENT peer certificate so those available in master ESMC, so all remnants of original ESMC servers is removed.
  3. Upvote
    MartinK received kudos from greyjoy99 in ESMC last scan info   
    Unfortunately it was lost during re-design, but it was already re-added for new versions. It should be still possible to create custom report for fetching this client detail.
  4. Upvote
    MartinK received kudos from MichalJ in two licenses issue   
    Number as you see in License management view is provided by ESET licensing servers, i.e. should be more precise. In oppose to that, ESMC reports shows only devices that are managed by ESMC, or more precise are reporting license usage to ESMC.
    In you case, there are few possibilities:
    there might be devices that are not managed by ESMC, but are activated using license there has been hardware changes on clients, or clients were reinstalled, which resulted in duplication on license servers. In both cases I would recommend to visit ESET licensing portals (EBA or ELA) and check list of activated devices as listed there. In case of duplicates, it should be clear from "seat name". This portal can be also used to manually deactivate or remove device that is no longer active.
  5. Upvote
    MartinK received kudos from Peter_J in KB6666 Computers with less than 1,000 MB free disk space   
    I think there are two possibilities (but had not confirmed it is actually enabled):
    configure notification over this dynamic group. Unfortunately you will be receiving notification without list, and most probably for each device separately. use scheduled reports. It should be possible to prepare report which shows devices in specific group (or maybe dynamic groups can be completely bypassed here). Once reports is prepared, it is possible to schedule it to be sent to email, and there should be possibility to not send empty data.
  6. Upvote
    MartinK received kudos from MichalJ in KB6666 Computers with less than 1,000 MB free disk space   
    Problem is that group as you defined it will be matching devices, where at least one devices has capacity less than 1GB -> so for example devices with connected USB key or even devices with CD/DVD ROM, which mostly reports capacity 0MB.
    I would recommend to add another condition, either explicitly specifying id of storage, or possibly requiring that reported capacity is >0. For example:

    where only one of additional conditions should be required, byt it depends on your environment. I would recommend to use "Storage Id", especially in case you are interested only in system disks and devices are using default "C:".
  7. Upvote
    MartinK gave kudos to katycomputersystems in KB6666 Computers with less than 1,000 MB free disk space   
    You did it! Thanks.
    Using custom headers, I am able to specify who gets my reply message Wednesday morning.
    Here is the report:

     
    And the group that identifies the computers in need of attention:

     
    RMM, I don't need no stinking RMM, I have ESMC!
     
  8. Upvote
    MartinK received kudos from katycomputersystems in KB6666 Computers with less than 1,000 MB free disk space   
    I think there are two possibilities (but had not confirmed it is actually enabled):
    configure notification over this dynamic group. Unfortunately you will be receiving notification without list, and most probably for each device separately. use scheduled reports. It should be possible to prepare report which shows devices in specific group (or maybe dynamic groups can be completely bypassed here). Once reports is prepared, it is possible to schedule it to be sent to email, and there should be possibility to not send empty data.
  9. Upvote
    MartinK received kudos from katycomputersystems in KB6666 Computers with less than 1,000 MB free disk space   
    Problem is that group as you defined it will be matching devices, where at least one devices has capacity less than 1GB -> so for example devices with connected USB key or even devices with CD/DVD ROM, which mostly reports capacity 0MB.
    I would recommend to add another condition, either explicitly specifying id of storage, or possibly requiring that reported capacity is >0. For example:

    where only one of additional conditions should be required, byt it depends on your environment. I would recommend to use "Storage Id", especially in case you are interested only in system disks and devices are using default "C:".
  10. Upvote
    MartinK received kudos from bNetworked in Lateral move/upgrade quirk   
    Both issues (version check & wrong system) are most probably related to state of ESET Management Agent as installed on machine where ESMC Server is installed. Could you verify that is is actually connecting to new ESMC server? In this migration scenario you had to completely reinstall this AGENT which means there should be two entries of ESMC Server in your console, one representing original server, and one "duplicate" representing new installation.
    In order to resolve your issues, you should:
    To resolve wrong OS information, ensure there is ESET Management Agent installed on the same machine as migrated ESMC servers ensure it is connecting to ESMC Server verify that AGENT installed on old ESMC Server is no longer connecting to new (migrated) ESMC Server To resolve version check: Once migration is successfully completed, there should be two entries of ESMC Server in your console. Old one should be no longer updating, and version as reported from history is triggering upgrade prompt -> you should erase this entry from console, but be aware that all data tied to this old device will be lost.
  11. Upvote
    MartinK received kudos from Peter Randziak in ESMC 7 Bad file descriptor   
    This is most probably caused by limits set in your Linux system. Please verify limit for open files in your system, or limits for services in case systemd is used.
    In case you are using ESMC Appliance, please check following forum topic:
     
  12. Upvote
    MartinK received kudos from bNetworked in ERA 6.5 Server MySQL issue - Windows Server 2016   
    Just to be sure, there are two other settings of MySQL server that has to be changed:
    innodb_log_file_size=100M innodb_log_files_in_group=2 Could you verify those too? They can have different values but there are minimal requirements that are larged than default (documentation).
  13. Upvote
    MartinK received kudos from Peter Randziak in ERA 6.5 Server MySQL issue - Windows Server 2016   
    Just to be sure, there are two other settings of MySQL server that has to be changed:
    innodb_log_file_size=100M innodb_log_files_in_group=2 Could you verify those too? They can have different values but there are minimal requirements that are larged than default (documentation).
  14. Upvote
    MartinK received kudos from MichalJ in two licenses issue   
    I would try to create new report with following data set configuration:

    which should provide you list of devices with public ID of used licenses. It is possible multiple entries per device will be reported in case multiple activated products or multiple licenses are used.
  15. Upvote
    MartinK received kudos from Peter Randziak in ESET SMC Appliance disc full with proxy cache files   
    Indeed it seems that Apache HTTP proxy has taken all of the free space. When configuring appliance and proxy is enabled, service used to cleanup cache regularly should be enabled. It uses htcacheclean utility to clean cache directory. From my point of view it seems this service is not working or your proxy is heavily used and all those ~40GB of cached files were downloaded recently.
    I would recommend to check status of mentioned service:
    service htcacheclean status  
    Any chance you enabled apache HTTP later, i.e. not during initial appliance configuration? It would explain why cleanups are not enabled.
    In order to resolve this issue, easiest would be to clean proxy cache directory. In case it won't help, we will need some trace logs from ESMC services, so that we can check reason why services are not running. It is possible that actually database (MySQL) has to be restarted as it might also stopped working due to insufficient disk space.
  16. Upvote
    MartinK received kudos from Peter Randziak in SMC7: The maximum number of open file descriptors is reached, Agent v7 can't access ESMC   
    Thanks, that means your appliance (VHD) comes from release 7.0.66.0, not latest 7.0.72.0 where we targeted this issue.
    We have decided to resolve this issue by changing default limits for all systemd services, it can be done by commands:
    sed -i "s/.*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=65535 /" /etc/systemd/system.conf sed -i "s/.*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=65535 /" /etc/systemd/user.conf Modification of service file (eraserver.conf) won't "survive" ESMC upgrade and file will be replaced with version bundled in installer.    
  17. Upvote
    MartinK received kudos from bbahes in SMC7: The maximum number of open file descriptors is reached, Agent v7 can't access ESMC   
    Thanks, that means your appliance (VHD) comes from release 7.0.66.0, not latest 7.0.72.0 where we targeted this issue.
    We have decided to resolve this issue by changing default limits for all systemd services, it can be done by commands:
    sed -i "s/.*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=65535 /" /etc/systemd/system.conf sed -i "s/.*DefaultLimitNOFILE=.*/DefaultLimitNOFILE=65535 /" /etc/systemd/user.conf Modification of service file (eraserver.conf) won't "survive" ESMC upgrade and file will be replaced with version bundled in installer.    
  18. Upvote
    MartinK received kudos from Peter Randziak in 7.0.577.0 Agent Upgrade Fails On Hyper-V Guests   
    There should be full-verbosity MSIEXEC installation log with name ra-upgrade-infrastructure.log either in AGENT's Logs directory, or in system temporary directory. It should help us to identify cause of failure of last upgrade attempt.
    From symptoms you describe it is possible that AGENT's service cannot stop and thus upgrade fails - in such case, could you provide us version/type of ESET security product you are using on those clients?
  19. Upvote
    MartinK received kudos from Peter Randziak in ESMC 7 ERA Web Console - How to import 3rd party SSL certificate   
    In appliance, ESMC console is hosted in Apache Tomcat (official CentOS7 package), so you have to modify it's configuration. Configuration file should be located in /etc/tomcat/server.xml. Only known complication is that Apache Tomcat has some special requirements for naming certificate, especially when java keystore file is used.
  20. Upvote
    MartinK received kudos from Peter Randziak in Can't use AD integration   
    Could you please check SERVER's trace.log for "Error:" entries from time that login does not works? When did this started to happen? Are you using "\" delimiter when specifying domain name in login screen or some alternative?
  21. Upvote
    MartinK received kudos from j-gray in All clients are members of all dynamic groups?   
    Unfortunately you are right. Issue has been discovered during ESMC "Early Access" but was not resolved yet. As you noted, it does not respect hierarchy of groups, only results of matching dynamic group templates.
  22. Upvote
    MartinK received kudos from DaveBOpt in ESMC - Agent Outdated   
    It is a client task "Security Management Center Components Upgrade" (see documentation).
  23. Upvote
    MartinK gave kudos to MichalJ in ERA 6.5 to ESMC Components Upgarde Issue   
    ESET Security Management Components Upgrade task is only intended to upgrade agents & other ESMC components. If you want to install a newer version of the endpoint, you need to do it via "software install task". The simplest way, if you already have ESMC V7 would be to navigate to the main dashboard, tab "ESET Applications", locate the table "outdated applications" and click on the individual entries you want to update. You can then click "update installed eset products", and that would automatically create corresponding installation tasks.
  24. Upvote
    MartinK received kudos from 1 079 379 164 in ESMC components upgrade task failed   
    According to provided logs, ESMC server has problem to establish connection to most of ESET services. It is not able to connect to ESET repository, update server, license servers .. could you verify it is properly configured? Maybe there is problem with firewall or proxy configuration?
    Also I would recommend to check AGENT's trace.log -> upgrade of infrastructure is executed by AGENT, so there should be visible also upgrade errors, but my best guess is that AGENT installed on the same machine as ESMC has the same network-related problems.
  25. Upvote
    MartinK received kudos from Timreck in Setting of Proxy Server - which setting has what result   
    Just to clarify, but configuration of AGENT (in ESET Management Agent policy) and configuration of HTTP proxy in policy for security product (i.e. ESET Endpoint Security for Windows) are completely unrelated, and each of them configure only specific product it is targeting.
    Regarding settings, both of policies (Agent vs. other products) are using the same principle: there is possibility to configure one HTTP proxy for all communication (this one is mostly called global), and there is possibility to override this setting for specific services or communication types. In case of ESET Management Agent, you can use different configuration for communication with ESET infrastructure, through internet, and different HTTP proxy (or not at all) for communication between Agent and ERA/ESMC Server.
    This is hard to answer, but it definitely depends on infrastructure. For example there are customers, that has very weak connection between AGENT and ESMC Server (i.e. some kind of VPN between company branches) and installation or download through this link would be killing internal network - also it would mean that ESMC has to be transformed into high-grade HTTP server. There is also alternative to use one HTTP proxy hosted side-by-side ESMC Server which should partially resolve this issue, but it is not enforced.
×
×
  • Create New...