PyrexxData 0 Posted August 22, 2017 Posted August 22, 2017 Hello, We are currently configuring over 70 new Android tablets and installing ESET Endpoint Security on them. Since yesterday we have the problem, that devices which are enrolled do not seem to fully update their status. What I mean is that we enroll them and they are shown to be ok in the web interface. But if I click on the device it shows that the product is not activated, signature database is not up to date and and and... even though it is. The second problem is that these devices do not update their Last Connection status, only when I turn Wifi off and on. What also happens is, that when I send a task to these devices the task gets executed but in ESET ERA it shows that it is waiting to execute the task. Called the support in Germany for over 2 hours and they told me I have to do it manually because they can not identify the problem. Sorry, but that is not going to work for so many devices in the timeframe we have. Hopefully some one here can help, my software versions are: MDM: 6.5.449.0 Agent version on MDM: 6.5.417.0 ERA: 6.5.417.0 Agent version on Server: 6.5.417.0 Rouge Detection Sensor version: 1.0.1079.0 If anything else is needed, like logfiles, please tell me! Thanks and regards, Serkan Siller Pyrexx Data GmbH
BobMan 2 Posted October 3, 2017 Posted October 3, 2017 I am experiencing exactly the same issue, with no client data being received back from the mobile devices. Mobile devices that were previously setup (and working correctly) are not reporting back 'new' data and new devices never report in at all. All commands issued by ERA are received by the devices and policy changes are applied and enforced. I had a support call open with ESET briefly but they have reported a bug in this version of ERA/MDM (identical version numbering to yours) which will be fixed in the next release. No timescale was offered for the next release so we are left in limbo with potentially insecure devices and no device tracking. Not great ESET.
PyrexxData 0 Posted October 4, 2017 Author Posted October 4, 2017 Yes I should have updated this. I send them like a Gigabyte of logfiles and MySQL-Dumps and they told me that they found that bug. I was told from the support that there may be a release this or next week.
PyrexxData 0 Posted October 17, 2017 Author Posted October 17, 2017 3 minutes ago, SilentDave said: Any luck with that. Sadly not. Matters got even worse, we get an error that the HTTP-Certificate-Chain is incomplete and we don't know how to fix that. Now we cannot even enroll devices.
SilentDave 2 Posted October 17, 2017 Posted October 17, 2017 I got Certificate-chain errors after system update. Please guys come on. At least write something. A lot of things are not working as should.
PyrexxData 0 Posted October 17, 2017 Author Posted October 17, 2017 Yeah I got it too after an system update. This looks like another bug we stumbled across. Wish one of the mods would react so we could help resolve that too. But as you see, nothing is happening here.
BobMan 2 Posted October 17, 2017 Posted October 17, 2017 After my last update to MDM I too got the certificate chain is incomplete error. I raised this as a ticket with support who resolved this on a remote session. Just a case of generating a new MDM cert and adding to the policy.
BobMan 2 Posted October 17, 2017 Posted October 17, 2017 Correction: It was an OS update to both our ERAS server (appliance) and MDM server (also an appliance) that caused the cert error.
PyrexxData 0 Posted October 17, 2017 Author Posted October 17, 2017 1 hour ago, BobMan said: After my last update to MDM I too got the certificate chain is incomplete error. I raised this as a ticket with support who resolved this on a remote session. Just a case of generating a new MDM cert and adding to the policy. Could you explain this a bit in detail please?
PyrexxData 0 Posted October 17, 2017 Author Posted October 17, 2017 (edited) Okay, I got an answer from the support now which worked very well. For anyone who has a virtual appliance for the ERA-Server and the MDC, this is what helped me: 1) Export the CA on the webinterface of the ERA-Server into a *.der file 2) Move it to the MDC 3) Copy it to /etc/pki/ca-trust/source/anchors/ 4) From command line run the following command: update-ca-trust I don't know if you have to restart the MDC-Service, but to do so you can type: systemctl restart eramdmcore.service Then again, this is what helped me, it may not work for you, so try it on your own behalf. Edited October 17, 2017 by PyrexxData Added a bit more detail
BobMan 2 Posted October 24, 2017 Posted October 24, 2017 Hey PyrexxData - I am assuming this did not resolve the client update issues, just the cert chain problem? There is another thread in the forum here intimating a patch is coming for MDM after they have identified a problem in the code - I have asked for an update in that thread.
PyrexxData 0 Posted October 24, 2017 Author Posted October 24, 2017 1 hour ago, BobMan said: Hey PyrexxData - I am assuming this did not resolve the client update issues, just the cert chain problem? There is another thread in the forum here intimating a patch is coming for MDM after they have identified a problem in the code - I have asked for an update in that thread. Hello, yes, only the cert chain problem. The only information I have is the same as you have. They have identified it but don't know when a fix is ging to be released.
BobMan 2 Posted October 25, 2017 Posted October 25, 2017 Just had a call back from support and apparently the release is imminent. It was due before now but a bug has been identified that has delayed release. He did say however, that if a customer was experiencing major issues they would make the MDM update available to those in need immediately. This was an answerphone message left for me last night. I think on balance I am going to get hold of the pre-release version today and see if it does actually fix the issues we have.
SilentDave 2 Posted October 25, 2017 Posted October 25, 2017 Yes yes finaly, give us the update please!
BobMan 2 Posted November 2, 2017 Posted November 2, 2017 Okay, so I wasn't able to do any testing on this as there is no planned release for the appliance as yet. However, there is a new version released of the MDM connector which should be installable via a Remote Administrator Component Upgrade task, taking you from v6.5.449 to v6.5.510. I have just upgraded via this method, time to see if the hotfix has fixed our issues...
BobMan 2 Posted November 3, 2017 Posted November 3, 2017 Although there were a few issues directly after upgrade, having left it to settle overnight everything now looks to be working perfectly. All the mobile devices have now reported back and are displaying updated status's in ERAS. I have tested with location and everything looks good. Finally!
Recommended Posts