Jump to content

GPO Agent and AV install and connecting to ERA server


Recommended Posts

  • Most Valued Members

Hi,

I'm uncertain where I went wrong in deploying Agents & AVs with the GPO.  I'm now wondering if I even need to deploy the AVs.  I had done this before but have completely forgotten how to do it.

Here's what I've done:

1) in ERA web console, I create the install_config.ini and stick that in an accessible UNC path.  [in the install_config.ini, the host *is* set to my era server)

2) download the agents and avs msi file and store that in the unc path

3) Create GPOs for the Agent and AV deployment, setting to Advanced deployment (as opposed to Assigned).

3) Reboot all the systems which then install the Agent and AVs

4) in ERA web console, I sync with the AD.

At this point, all the domain systems are in the COMPUTERS group, all of which have "No status".  I've now waited for an hour and still only two machines have connected.  Not even the ERA server's agent has called in. 

I'm thinking it is a firewall issue so I set up a GPO to allow tcp 2222 access, but still no go.

Am I missing something?

Thanks

ed

Link to comment
Share on other sites

  • Most Valued Members

Forgot to mention,

All the other systems do have Agent and AV installed via GPO.  They just need product activation; which I can't provide since the ERA server can't connect with them.

I'm thinking of rebooting the ERA system... hope that unhorks it.

Ed

Link to comment
Share on other sites

  • Most Valued Members

As an another addendum, only 2 systems connect to the ERA server.  Both are XPs (the others are Win7 pros).  Not sure what's going on.

[Note: Yes, Not my choice in the matter wrt the XP situation... will need to wait for them to bust.. at least one of 'em]

Link to comment
Share on other sites

  • ESET Staff

Could you please check AGENT tatus logs (see documentation) for errors? Please verify that AGENT is actually installed and running.

Just to be sure, have you checked Lost&Found group for newly connected devices? It is possible that newly installed AGENTs are reporting different hostname as is present in your AD, which may result in creation of duplicate entries in ERA console.

Link to comment
Share on other sites

  • Most Valued Members

Hi MartinK,

Yes, I've looked at the Lost&Found and there are no computers mentioned. They are all in COMPUTERS but all (except the XP machines) have O status.

I've rebooted and while the ERA server now has FS and Agent installed, it's not even registering itself to the itself.

There are two issues that I think I'm finding particularly weird.

1) Going to Control Panel and look up the list of installed programs on a system (say, the ERA), it should list all the ERA software (incl. Agent).  And it does.. However, going into c:\Program Files\ESET\RemoteAdministrator,  I see no Agent folder (so no status logs).

2) Now when I go to one of the machines and try to repair the ESET Remote Administrator Agent,  it shows "localhost" as the server.  Should "repair" show the saved server host and not a default 'localhost'?

Any clarifications appreciated.

Ed

 

Link to comment
Share on other sites

  • ESET Staff
3 hours ago, ewong said:

1) Going to Control Panel and look up the list of installed programs on a system (say, the ERA), it should list all the ERA software (incl. Agent).  And it does.. However, going into c:\Program Files\ESET\RemoteAdministrator,  I see no Agent folder (so no status logs).

This is really strange. For me it seems AGENT was actually not installed. Not sure how GPO deployment works, but there are similar methods that create wrapper installater over package actually installed (with the same name), and those methods may results in this -> it is possible, that what you see in "Installed software" list is actually reference to wrapper instead of AGENT itself.

3 hours ago, ewong said:

2) Now when I go to one of the machines and try to repair the ESET Remote Administrator Agent,  it shows "localhost" as the server.  Should "repair" show the saved server host and not a default 'localhost'?

It depends on how repair was run. In case you started it without Administrator privileges, repair wizard won't be able to read hostname of already installed AGENT and thus it will show default value.

Would it be possible to choose one machine that is not connecting, clean it of all AGENT references (=uninstall), and try to install it manually using the same install_config.ini and AGENT installation package? When you run AGENT installer in silent mode, configuration should be read from configuration file in case it is located in the same directory. Silent installation may be initialized from administrator command line:

msiexec /i /qn <network-path-to-installer>\Agent_x64.msi /L*v log.txt

This would help us to eliminate potential AGENT installer issues in your environment, and we could focus on GPO deployment itself.

Link to comment
Share on other sites

  • Most Valued Members
Quote

This is really strange. For me it seems AGENT was actually not installed. Not sure how GPO deployment works, but there are similar methods that create wrapper installater over package actually installed (with the same name), and those methods may results in this -> it is possible, that what you see in "Installed software" list is actually reference to wrapper instead of AGENT itself.

I think you're correct because now when I try to uninstall it, I'd get a critical error.

So what I need to do is to run the EsetUninstaller manually on all machines.

I've tested it with one machine and while the control panel still shows the Agent as installed, the agent installation directory isn't in c:\program files. 

So I think I'm going to have to junk all those MSI files and redo the whole shebang.  I'm wondering if the msi file is corrupted or something.  Will report back...

 

Link to comment
Share on other sites

  • Most Valued Members

I think I am doing something wrong.  

Do I also GPO-deploy the AV as well or do I do that within the Agent?   I did a GPO deploy for both the Agent and the AV, and it's screwing up in the process.  I think this might not be the right approach.

 

Link to comment
Share on other sites

  • Most Valued Members

Here's what I've done:

1) Ran EsetUninstaller on all systems.  (copy file to system, boot to safe mode, run esetuninstaller, uninstalled All ESET products, rebooted, logged in as administrator, ran "gpupdate /force", rebooted, and it would then install the Agent

2) I then did a software install (AV install) task on all the systems.

Now more or less, things are 'normal'.  Though I'm having some difficulty with getting the agent gpo for a 2012 server to work.

So I am guessing that it isn't a good idea to do both Agent and AV/FS GPOs.

Thanks!

 

Ed

Edited by ewong
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...