Huain Gomez 0 Posted July 12, 2017 Share Posted July 12, 2017 For some reason i had to uninstall the ERA from one server to install it again, the ERA was working pretty fine but since the uninstall i'm unable to make my agents to interact with the ERA Server. I have reinstalled the server 3 times already and the only thing the console doesn't tag as "unknown" is the server itself. Prior to this mess i was able to deploy my agents through GPO using Orca to create to proper transform, right now nothing seems to work. Can anybody help me with this. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,250 Posted July 12, 2017 Administrators Share Posted July 12, 2017 It sounds like you didn't export the CA and agent peer certificate before uninstalling ERA. Therefore you'll need to re-deploy agent on clients with the current CA and agent peer certificate. Link to comment Share on other sites More sharing options...
Huain Gomez 0 Posted July 12, 2017 Author Share Posted July 12, 2017 (edited) No i did not, but i generate new certificates and then using Orca modificate the MST but nothing happens. I also, as you said, redeployed the agents. Edited July 12, 2017 by Huain Gomez Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted July 13, 2017 ESET Staff Share Posted July 13, 2017 Please check non-connecting AGENT's status.html (see documentation for path) so that we can check what is the problem. My guess that there is either problem with new certificates (maybe signed for wrong SERVER hostname?) or redeploy did not went as expected - did you uninstalled old AGENTs, or repaired already installed ones? Link to comment Share on other sites More sharing options...
Huain Gomez 0 Posted July 13, 2017 Author Share Posted July 13, 2017 (edited) The logs keep showing replication error. When you redeploy software through GPO there is an option to reinstall the software, the Agent is being installed because the date in the Programs and Characteristics shows the date i run the GPO yet the computer appears in "unknown" state. In my opinion the agents are being installed but they are not communicating with ERA. There is anyway to troubleshoot the agents communications issues with the ERA?, to determine if the error is in the client certificate or the CA? Do you suggest i should uninstall manually all the agents before redeploy them? Edited July 13, 2017 by Huain Gomez Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted July 14, 2017 ESET Staff Share Posted July 14, 2017 Per my knowledge, when ERA agent is installed via the GPO, it does not take into consideration the property file, meaning it won´t work, to do "repair" of agent, using GPO, to distribute new certificates (we are planning to change this, into future versions). As of now, you will have to uninstall ERA agents, and install them again. For the future, the safest thing to do, is to have the certificates backed up, so when you will have for any reason re-deploy ERA server, you will be able to do it with the same set of certificates: http://help.eset.com/era_install/65/en-US/index.html?migration_same_version.htm Link to comment Share on other sites More sharing options...
Huain Gomez 0 Posted July 14, 2017 Author Share Posted July 14, 2017 (edited) I already did that, uninstalled the agent on one of my computers and then reinstalled it and the ERA do not recognize it. How can i troubleshoot certificate problems?. Edited July 14, 2017 by Huain Gomez Link to comment Share on other sites More sharing options...
ESET Staff janoo 11 Posted July 26, 2017 ESET Staff Share Posted July 26, 2017 Hi Huain, for troubleshooting, you can start with looking into Agent logs http://help.eset.com/era_install/65/en-US/index.html?log_file.htm But if there is really problem with certificate, I would suggest you to export Agent Certificate and a CA from your ERA Server (such a CA which was used to sign the Server Certificate which is in use on ERA Server) and use those in the Repair installation of the Agent. Of course, use current IP address of ERA Server during the repair installation as hostname. PS: Dont you use ERA Proxy? Link to comment Share on other sites More sharing options...
Recommended Posts