Jump to content

Can not make the agents to communicate with the ERA


Huain Gomez
 Share

Recommended Posts

For some reason i had to uninstall the ERA from one server to install it again, the ERA was working pretty fine but since the uninstall i'm unable to make my agents to interact with the ERA Server.  I have reinstalled the server 3 times already and the only thing the console doesn't tag as "unknown" is the server itself.

Prior to this mess i was able to deploy my agents through GPO using Orca to create to proper transform, right now nothing seems to work.

 

Can anybody help me with this.

Link to comment
Share on other sites

  • Administrators

It sounds like you didn't export the CA and agent peer certificate before uninstalling ERA. Therefore you'll need to re-deploy agent on clients with the current CA and agent peer certificate.

Link to comment
Share on other sites

No i did not, but i generate new certificates and then using Orca modificate the MST but nothing happens.  I also, as you said, redeployed the agents.

Edited by Huain Gomez
Link to comment
Share on other sites

  • ESET Staff

Please check non-connecting AGENT's status.html (see documentation for path) so that we can check what is the problem.

My guess that there is either problem with new certificates (maybe signed for wrong SERVER hostname?) or redeploy did not went as expected - did you uninstalled old AGENTs, or repaired already installed ones?

Link to comment
Share on other sites

The logs keep showing replication error.

When you redeploy software through GPO there is an option to reinstall the software, the Agent is being installed because the date in the Programs and Characteristics shows the date i run the GPO yet the computer appears in "unknown" state.  In my opinion the agents are being installed but they are not communicating with ERA.  There is anyway to troubleshoot the agents communications issues with the ERA?, to determine if the error is in the client certificate or the CA?

Do you suggest i should uninstall manually all the agents before redeploy them?

Edited by Huain Gomez
Link to comment
Share on other sites

  • ESET Staff

Per my knowledge, when ERA agent is installed via the GPO, it does not take into consideration the property file, meaning it won´t work, to do "repair" of agent, using GPO, to distribute new certificates (we are planning to change this, into future versions). As of now, you will have to uninstall ERA agents, and install them again.

For the future, the safest thing to do, is to have the certificates backed up, so when you will have for any reason re-deploy ERA server, you will be able to do it with the same set of certificates: http://help.eset.com/era_install/65/en-US/index.html?migration_same_version.htm

Link to comment
Share on other sites

I already did that, uninstalled the agent on one of my computers and then reinstalled it and the ERA do not recognize it.

How can i troubleshoot certificate problems?.

Edited by Huain Gomez
Link to comment
Share on other sites

  • 2 weeks later...
  • ESET Staff

Hi Huain,

for troubleshooting, you can start with looking into Agent logs http://help.eset.com/era_install/65/en-US/index.html?log_file.htm

But if there is really problem with certificate, I would suggest you to export Agent Certificate and a CA from your ERA Server (such a CA which was used to sign the Server Certificate which is in use on ERA Server) and use those in the Repair installation of the Agent. Of course, use current IP address of ERA Server during the repair installation as hostname.

 

PS: Dont you use ERA Proxy?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...