Can not make the agents to communicate with the ERA

[Huain Gomez 0]

For some reason i had to uninstall the ERA from one server to install it again, the ERA was working pretty fine but since the uninstall i'm unable to make my agents to interact with the ERA Server.  I have reinstalled the server 3 times already and the only thing the console doesn't tag as "unknown" is the server itself.

Prior to this mess i was able to deploy my agents through GPO using Orca to create to proper transform, right now nothing seems to work.

 

Can anybody help me with this.

[Marcos 5,074]

It sounds like you didn't export the CA and agent peer certificate before uninstalling ERA. Therefore you'll need to re-deploy agent on clients with the current CA and agent peer certificate.

[Huain Gomez 0]

No i did not, but i generate new certificates and then using Orca modificate the MST but nothing happens.  I also, as you said, redeployed the agents.

Edited July 12, 2017 by Huain Gomez

[MartinK 378]

Please check non-connecting AGENT's status.html (see documentation for path) so that we can check what is the problem.

My guess that there is either problem with new certificates (maybe signed for wrong SERVER hostname?) or redeploy did not went as expected - did you uninstalled old AGENTs, or repaired already installed ones?

[Huain Gomez 0]

The logs keep showing replication error.

When you redeploy software through GPO there is an option to reinstall the software, the Agent is being installed because the date in the Programs and Characteristics shows the date i run the GPO yet the computer appears in "unknown" state.  In my opinion the agents are being installed but they are not communicating with ERA.  There is anyway to troubleshoot the agents communications issues with the ERA?, to determine if the error is in the client certificate or the CA?

Do you suggest i should uninstall manually all the agents before redeploy them?

Edited July 13, 2017 by Huain Gomez

[MichalJ 434]

Per my knowledge, when ERA agent is installed via the GPO, it does not take into consideration the property file, meaning it won´t work, to do "repair" of agent, using GPO, to distribute new certificates (we are planning to change this, into future versions). As of now, you will have to uninstall ERA agents, and install them again.

For the future, the safest thing to do, is to have the certificates backed up, so when you will have for any reason re-deploy ERA server, you will be able to do it with the same set of certificates: http://help.eset.com/era_install/65/en-US/index.html?migration_same_version.htm

[Huain Gomez 0]

I already did that, uninstalled the agent on one of my computers and then reinstalled it and the ERA do not recognize it.

How can i troubleshoot certificate problems?.

Edited July 14, 2017 by Huain Gomez

[janoo 11]

Hi Huain,

for troubleshooting, you can start with looking into Agent logs http://help.eset.com/era_install/65/en-US/index.html?log_file.htm

But if there is really problem with certificate, I would suggest you to export Agent Certificate and a CA from your ERA Server (such a CA which was used to sign the Server Certificate which is in use on ERA Server) and use those in the Repair installation of the Agent. Of course, use current IP address of ERA Server during the repair installation as hostname.

 

PS: Dont you use ERA Proxy?