Agent not communicating with server

[Judg3man 0]

Hello all,

 

I've made a master image to deploy out to my computers. Eset agent and Endpoint Security version 6.4 was installed. Everything was working fine and the machine was communicating with the server. I pushed this image out to a few new computers and everything on the client side seems to be working fine. Server side they are showing up as un-managed. I've tried repairing the agent installation with no luck. Is there a way to force the agents to start taking to the server again? 

[Judg3man 0]

I think i figured out why it wasn't connecting. When you push out an image through the server to individual machines, it uses your admin credentials. Same way if you use the agent installer files. If its already apart of the image it doesn't receive those credentials. Repairing the agent installation doesn't offer a chance to put them in. Had to uninstall the agent and push it out to my computers from my Eset server and everything came up just fine. If anyone has any other ideas so i wont have to go about this every time i push out to a new computer that would be great.

[MartinK 378]

Your problem seems to be different. In case you clone machine with already installed AGENT, it will be connecting to SERVER, but in Webconsole you will see all clones as one machine - logs from all machines will be mixed. Current version of ERA does not offer other solution except running Reset cloned agent task on cloned machines. This will have the same effect as if you have re-installed AGENT on all cloned machines (and also on master image if it is running and connecting to SERVER).

 

I have described also more complicated steps how to automatize this (see my older post) suitable for larger deployments.

[Judg3man 0]

Thanks for the tip Martin. Ill look in to it and see what i can do.

[Judg3man 0]

On 12/3/2016 at 3:16 PM, MartinK said:

Your problem seems to be different. In case you clone machine with already installed AGENT, it will be connecting to SERVER, but in Webconsole you will see all clones as one machine - logs from all machines will be mixed. Current version of ERA does not offer other solution except running Reset cloned agent task on cloned machines. This will have the same effect as if you have re-installed AGENT on all cloned machines (and also on master image if it is running and connecting to SERVER).

 

I have described also more complicated steps how to automatize this (see my older post) suitable for larger deployments.

Sorry its taken so long to try this. Got pretty busy.

My favorite procedure for this scenario (cloning live image) is:

• Install AGENT on base image and let it normally connect to ERA
• Create special static group for base image computer(s) (i.e. "Base images")
• Create dynamic group template "Non base image", that will never be matched by base image(s): for example add condition on MAC address or other identifier distinguishing your base images
• Create dynamic group "Clones" under static group "Base images" containing only base images using dynamic group template from previous step. Group should be empty if everything is configured properly.
• Attach reset cloned agent task to this dynamic group

This seems like itll work. The only thing i dont undestand is the new template part. I build my reference PC. Install agent like normal. PC starts communicating with server. Build the base image static group on the server. Move the reference PC to that group. How exactly should the template be built? Use device identifiers by type. Make it false against the reference PC serial number or mac? Then make the Dynamic group inside the static group and specify the new template. When i push this image out to a new PC will it automatically be moved to the new dynamic group?

[MartinK 378]

Purpose of mentioned dynamic group is to distinguish based image from it's clones. We do not want to run mentioned task on base image, but on all others that were made of it and problem is that both base and cloned images will be seen in console as one, which make is impossible to run task only on clones.

You may build dynamic group template exactly as you wrote, both MAC address or computer identifier should work. We are using dynamic groups in this configuration because they are evaluated on client, and even when multiple computers are show in console as one, they may or may not be in dynamic group independently - which makes this work.

Once you create dynamic group, your base image should not be matching it. Also be aware that in console, you will see not correct data for base image from moment you clone it. For example if two clones will be reporting different data (i.e. whether they are or are not in dynamic group), result in console will be undefined = do not rely on content of this dynamic group visible in console.

[Judg3man 0]

Thanks again Martin. Seemed to work for the most part. Only problem that I'm having is the Reset Cloned Agent task doesn't complete, just continues to run with no progress. Do I run the task individually as i clone PC's? Or is there a way to make it automatically run the task as computers are placed in to the Dynamic Group.

[MartinK 378]

18 minutes ago, Judg3man said:

Thanks again Martin. Seemed to work for the most part. Only problem that I'm having is the Reset Cloned Agent task doesn't complete, just continues to run with no progress. Do I run the task individually as i clone PC's? Or is there a way to make it automatically run the task as computers are placed in to the Dynamic Group.

Unfortunately there is currently no way how to avoid those end-less task progress indications. Actually most of data shown for "master" image may be not accurate, as it is showing mix of logs from multiple computers

Dynamic group you created based on previously linked steps is designed to be used for this task, i.e. to automatize this process. It is also possible to run cloned agent task manually, but that will also "reset" master image, which may not be what you want.