Jump to content

Can't login to webconsole after changing 2223 port


Recommended Posts

I've change the 2223 port in de ERA webconsole.

After this change I'm not able to login anymore.

The Eset Remote appliance is installed on a CentOS 6.8 machine.

Is there a way to change the port back to port 2223?

I've search in some config files, but a can't find it.

 

Link to post
Share on other sites
  • ESET Staff

In case you changed only this port, most probable problem is that Webconsole is not able to connect to SERVER (can you actually access Webconsole login screen?). In this case you have to manually modify WebConsole configuration and change SERVER's port. Configuration file is located in:

/var/lib/tomcat6/webapps/era/WEB-INF/classes/sk/eset/era/g2webconsole/server/modules/config/EraWebServerConfig.properties

and you have to change value on line:

server_port=2223

Once this is done, login should be possible. Also be aware that port different than 2223 may not be opened in firewall, therefore server assisted installation may be failing in your environment.

 

Was there any specific reason why to change this port number?

Link to post
Share on other sites

I can actually acces the loginscreen, after trying to login the errror "Login failed: Connection has failed with state 'Not connected'" displays.

 

In the EraWebServerConfig.properties file the 2223 port is specified.

The only thing I've change is the Webconsole port to port 2222.

See Figure 1-5 at this page hxxp://support.eset.com/kb3701/

Could is be that this specific setting is configured in another file?

 
After a reboot the first error specified is this one:
2016-11-22 14:18:39 Error: NetworkModule [Thread 7fb91fb8f700]: bind: Address already in use
Edited by Teun Althuizen
Link to post
Share on other sites
  • ESET Staff
In the EraWebServerConfig.properties file the 2223 port is specified.

The only thing I've change is the Webconsole port to port 2222.

See Figure 1-5 at this page hxxp://support.eset.com/kb3701/

Could is be that this specific setting is configured in another file?

 

ERA uses two ports by default (server port=2222 and console port=2223). In case you changed console port to 2222, it will fail during startup because of already used port. I am little surprised this is even possible (we should add some kind of check so that it is not even possible to break configuration in such way).

 

You have not mentioned version of ERA you are currently using, but in order to repair this in ERA 6.4, you have to manually run:

/opt/eset/RemoteAdministrator/Server/setup/installer_backup.sh --skip-license --console-port=2223

which will perform installation repair and console port will be set to 2223.

 

 

Could you also describe what was the reason you were trying to change this port?

Link to post
Share on other sites

Thanks, that worked!

I've change the port because we had some issues with the era agents.

The eraserver is running version 6.4.304 with the agent 6.4.293 on CentOS 6.8

 

All of a suddon the aren't connection anymore.

Nmap show's port 2222 is open on the server.

 

The trace.log from the client shows the following:

2016-11-22 16:22:38 Error: CAgentSecurityModule [Thread 1d48]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-22 16:22:38 Error: NetworkModule [Thread 1754]: Verify user failed for all computers: 10.31.1.250: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-22 16:22:38 Error: NetworkModule [Thread 1754]: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format., ResolvedIpAddress:10.31.1.250, ResolvedHostname:, ResolvedPort:2222
2016-11-22 16:22:38 Error: NetworkModule [Thread 1754]: Protocol failure for session id 327, error:Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.
2016-11-22 16:22:38 Error: CReplicationModule [Thread 1858]: CReplicationManager: Replication (network) connection to 'host: "era.xebic.com" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.
2016-11-22 16:23:38 Error: CAgentSecurityModule [Thread 1ee4]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-22 16:23:38 Error: NetworkModule [Thread 1754]: Verify user failed for all computers: 10.31.1.250: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-22 16:23:38 Error: NetworkModule [Thread 1754]: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format., ResolvedIpAddress:10.31.1.250, ResolvedHostname:, ResolvedPort:2222
2016-11-22 16:23:38 Error: NetworkModule [Thread 1754]: Protocol failure for session id 328, error:Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.
2016-11-22 16:23:38 Error: CReplicationModule [Thread 2614]: CReplicationManager: Replication (network) connection to 'host: "era.xebic.com" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.
Edited by Teun Althuizen
Link to post
Share on other sites
  • ESET Staff

The trace.log from the client shows the following:

2016-11-22 16:22:38 Error: CAgentSecurityModule [Thread 1d48]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain

 

This error indicates that AGENT is not able to verify SERVER's certificate because it is missing CA certificate that was used to sign SERVER's certificate.

Have you been changing SERVER certificate recently in configuration?

Link to post
Share on other sites

Nothing has changed at the server or client certificates.

The only thing that changed is the IP-address off the ERA-server.

Previously this was a static lease configured in the firewall as of now this ip-address is configure on the ERA-server itself.

Link to post
Share on other sites
  • ESET Staff

Nothing has changed at the server or client certificates.

The only thing that changed is the IP-address off the ERA-server.

Previously this was a static lease configured in the firewall as of now this ip-address is configure on the ERA-server itself.

 

This is really strange. Are you absolutely sure AGENTs are connecting to correct machine? Could you check SERVER's trace.log on appliance for possible issues?

Link to post
Share on other sites

Servers trace.log isn't showing any error's, only 1 waring:

2016-11-23 10:04:52 Warning: CDatabaseModule [Thread 7f1b67bf6700]: Dependability checks of underlaying layer failed with: The underlying unixodbc implementation has not support for multithreading.

 

I've tried to create a new agent certificate, after this the following error appear in the trace.log.

2016-11-23 10:20:20 Error: CServerSecurityModule [Thread 7f1b47fff700]: ParsePkcs12: Could not verify password (invalid password or corrupted pkcs12 structure)

2016-11-23 10:20:20 Error: ConsoleApiModule [Thread 7f1aabfdf700]: 45 Error while sending CreatePeerCertificateAndPrivateKey request: ParsePkcs12: Could not verify password (invalid password or corrupted pkcs12 structure)

 

Could it be the server certificate change because of the change from dynamic ip (lease bij firewall) to a static configure IP?

OK
Failed to create certificate: Creating and signing peer certificate failed. Check input parameters for invalid or reserved characters, check certification authority pfx/pkcs12 signing certificate and corresponding password.: Trace info: ParsePkcs12: Could not verify password (invalid password or corrupted pkcs12 structure)
Link to post
Share on other sites
  • ESET Staff

This error means that you used wrong password for CA certificate but that is not related.

I have expected many error here because of failed AGENT connections -> from this it seems that AGENT are not connecting to SERVER - is there anything between them? Firewall? Could you try to generate live installer and try to manually install it on one of problematic machines whether it will "repair" it to state that it will be able to connect?

Link to post
Share on other sites

After a reinstall this is the error shown in the trace.log

Besides this the status.html is showing an error in the peer certificate. (Before the reinstall this was ok)

2016-11-23 12:36:01 Error: CAgentSecurityModule [Thread 27d4]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-23 12:36:01 Error: NetworkModule [Thread 331c]: Verify user failed for all computers: 10.31.1.250: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-23 12:36:01 Error: NetworkModule [Thread 331c]: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format., ResolvedIpAddress:10.31.1.250, ResolvedHostname:, ResolvedPort:2222
2016-11-23 12:36:01 Error: NetworkModule [Thread 331c]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.
2016-11-23 12:36:01 Error: CReplicationModule [Thread 3228]: CReplicationManager: Replication (network) connection to 'host: "era.xebic.com" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.
2016-11-23 12:36:06 Error: CAgentSecurityModule [Thread 27d4]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-23 12:36:06 Error: NetworkModule [Thread 331c]: Verify user failed for all computers: 10.31.1.250: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-23 12:36:06 Error: NetworkModule [Thread 331c]: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format., ResolvedIpAddress:10.31.1.250, ResolvedHostname:, ResolvedPort:2222
2016-11-23 12:36:06 Error: NetworkModule [Thread 331c]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.
2016-11-23 12:36:06 Error: CReplicationModule [Thread 3228]: CReplicationManager: Replication (network) connection to 'host: "era.xebic.com" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.
Edited by Teun Althuizen
Link to post
Share on other sites
  • ESET Staff

One last idea is that you have something wrong with CA certificates as imported in SERVER. If this is the case, AGENT would connect exactly one time just after it was repaired - can you see successful connection in Webconsole from time of repair?

Link to post
Share on other sites

The agent never connected to the ERA server, so there isn't any successfull connection to the ERA server.

 

After some research I've found some error in the trace.log from the Agent on the ERA server.

2016-11-24 10:52:44 Error: CAgentSecurityModule [Thread 7fb906bfd700]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain

2016-11-24 10:52:44 Error: NetworkModule [Thread 7fb904dfa700]: Verify user failed for all computers: 127.0.0.1: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-24 10:52:44 Error: NetworkModule [Thread 7fb904dfa700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:127.0.0.1, ResolvedHostname:, ResolvedPort:2222
2016-11-24 10:52:44 Error: NetworkModule [Thread 7fb904dfa700]: Protocol failure for session id 1134, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
2016-11-24 10:52:44 Error: CReplicationModule [Thread 7fb883fff700]: CReplicationManager: Replication (network) connection to 'host: "127.0.0.1" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
2016-11-24 10:53:44 Error: CAgentSecurityModule [Thread 7fb906bfd700]: Certificated user verification failed with: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-24 10:53:44 Error: NetworkModule [Thread 7fb904dfa700]: Verify user failed for all computers: 127.0.0.1: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain
2016-11-24 10:53:44 Error: NetworkModule [Thread 7fb904dfa700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:127.0.0.1, ResolvedHostname:, ResolvedPort:2222
2016-11-24 10:53:44 Error: NetworkModule [Thread 7fb904dfa700]: Protocol failure for session id 1135, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
2016-11-24 10:53:44 Error: CReplicationModule [Thread 7fb883fff700]: CReplicationManager: Replication (network) connection to 'host: "127.0.0.1" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
 
So it seems the era agent on the server itself isn't even able to connect.
Besides this I've check with nmap that port 2222 is open on the era server
Edited by Teun Althuizen
Link to post
Share on other sites
  • ESET Staff

In this case we can exclude possible network issues. Unfortunately I do not understand what could possibly be wrong -> as I mentioned previously, this error means that AGENT does not trust SERVER's certificate because it is missing CA certificate for verification. Could you please check SERVER's configuration, especially whether it is using certificate that was created during ERA installation (you can even explicitly re-save it to be sure). Also please check whether all used certificates (AGENT, SERVER, CA) are valid in terms of time.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...