hungtt 1 Posted June 27, 2017 Share Posted June 27, 2017 HI all, Today i've been backup SQL database on my ERA server ( win 2k8R2, ERA 6.5, SQL express 2k8R2). After backup finished.I tried delele some things : Agent certificate, Server certificate, polies, groups,...).After that , i restore my backup database.Every thing is ok, almost clients have been connected again.But one client is fail and alert below log. And i repair agent on this client, it can connected normal. Please help me check this issuse.Because if my client about 200 clients, i can not repair agent on each client. THANKS. errorlog.txt Link to comment Share on other sites More sharing options...
ESET Staff janoo 11 Posted June 27, 2017 ESET Staff Share Posted June 27, 2017 Hi hungtt, according to your log, you have a problem with certificates. Why did you backup DB and then deleted certificates? Was that agent different from others? Link to comment Share on other sites More sharing options...
hungtt 1 Posted June 27, 2017 Author Share Posted June 27, 2017 (edited) Hi janoo, I want ensure my backup database on ERA server can working if i restore database when server crash or die. All clients automatic reconnected on ERA server after restore database , i did not do anything. Some clients have that issue.When i repair agent on clients --> check "Keep currently used certifiates " --> these clients connected ERA server normal. Edited June 27, 2017 by hungtt Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted June 27, 2017 ESET Staff Share Posted June 27, 2017 What we can see from log is that AGENT's certificate has been revoked, which technically means that this certificate can no longer be used. Not sure what were you trying to achieve by removing/revoking certificates, but seem there are still AGENTs using those certificates. Link to comment Share on other sites More sharing options...
ESET Staff janoo 11 Posted June 27, 2017 ESET Staff Share Posted June 27, 2017 Hi hungtt, what about original ERA server, did you removed it? Or you have just switched it off and created a new one? What about IP address? Link to comment Share on other sites More sharing options...
hungtt 1 Posted June 27, 2017 Author Share Posted June 27, 2017 Hi Janoo, When i setup ERA server and clients finished.I backup database era_db on sql.After that, i tried remove something ( polices, agent certificate, group,...) on era web console.After do that, all clients will not connected to ERA -> sure. I've restore era_db backup before on THIS ERA SERVER ( just restore database) .After restore finish, almost clients connected this ERA server.I mean that : some clients fail and i must repair AGENT on these clients ( just repair and KEEP CURRENTLY USED CERTIFICATES on cliens). Link to comment Share on other sites More sharing options...
ESET Staff janoo 11 Posted June 27, 2017 ESET Staff Share Posted June 27, 2017 Hi, I think the problem is, that you deleted (revoked) your peer certificate (agent), this was however replicated to only few agents and after db restore, you can not connect those agents which were revoked. Solution would be, do not revoke the peer certificate, just restore the db. Link to comment Share on other sites More sharing options...
hungtt 1 Posted June 27, 2017 Author Share Posted June 27, 2017 Hi janoo, Why almost clients can connected after restore database ? When i restore database, all certificates have been avaiable. Link to comment Share on other sites More sharing options...
ESET Staff janoo 11 Posted June 27, 2017 ESET Staff Share Posted June 27, 2017 (edited) Hi, Clients which got the information about the revoke, those are not working, others are. You should not revoke the certificate which you are planning to use in the future. Even in the manual, https://help.eset.com/era_admin/65/en-US/index.html?admin_cert_peers.htm there is information about that: Quote The revoke action is irreversible, you will not be able to use a certificate that has been revoked. Make sure there are no ERA Agents left using this certificate before you revoke it. Edited June 27, 2017 by janoo provide more info Link to comment Share on other sites More sharing options...
hungtt 1 Posted June 28, 2017 Author Share Posted June 28, 2017 HI janoo, So how to i use this era_db backup to new ERA server when old ERA server not working ( hardware crash) ? Link to comment Share on other sites More sharing options...
ESET Staff janoo 11 Posted June 28, 2017 ESET Staff Share Posted June 28, 2017 Hi, you can do it in the same way you did it, because if hardware is crashed, certificates are not revoked. When the certificate is revoked, it is put on blacklist. If there is software or hardware crash, revoke is not happening, so db restore would work. Link to comment Share on other sites More sharing options...
Recommended Posts