Agent installation error

[mogobjah 0]

Hi,

We are currently in the midst of ESET deployment, and while installing the agent program manually, we are receiving an error with the following message on some client endpoints:

"Error occurred while receiving peer certificate (try to reconnect)."

The affected client endpoints are able to ping the server and get a reply. And they could also establish telnet connection to the server via port 2222 and 2223 successfully.

We tried using the "Offline installation" option instead, but still received an error of certificate password mismatch (Note: We did not set any password for all the certificates).

We wonder what this error means, and why is it occurring on a few endpoints only, while other endpoints are able to successfully complete the Server assisted agent installation without any issue.

Any help is highly appreciated.

 

 

[Oliver 9]

Hello, 

Can you please specify a version of ERA?  If it is Windows server based or ERA_VA? 

And also if you are the Administrator or if it was deployed for you? 

[mogobjah 0]

7 hours ago, Oliver said:

Hello, 

Can you please specify a version of ERA?  If it is Windows server based or ERA_VA? 

And also if you are the Administrator or if it was deployed for you? 

Hi,

I'm using the latest ERA version 6.5 on a Windows server, not VA. And yes, it was set up by me. 

[tmuster2k 22]

what happens when you run the agent live installer batch file? 

[Marcos 5,072]

Perhaps a Wireshark log from installation could shed more light into the communication issue.

[mogobjah 0]

On 10/10/2017 at 4:14 PM, Marcos said:

Perhaps a Wireshark log from installation could shed more light into the communication issue.

I'm attaching the traffic captured while the agent is being installed. Thanks.

Server IP: 192.168.1.23, Client IP: 192.168.62.225

Agent.rar

[MartinK 378]

Unfortunately there is not much visible in network capture, as communication is encrypted - but at least we known that there is no problem with communication over network.

What is very surprising for me is that there is too much traffic to port 2223 - how many CA and AGENT peer certificates do you have in ERA console? Are you using the same ERA account to deploy on all clients (working and non working) and does this account have proper permissions to access certificates (would be true if Administrator account was used)? Are there any obvious differences between working and failing client machines (different system or platform, system language or locale, specific software)?

For further analysis, we will need more detailed logs. Please provide following logs in private message because of sensitivity:

• full installation log from client machine. Details how to run installation with trace logging is described in ERA documentation.
• full trace log from ERA. This requires you to enable full (debug) verbosity in SERVER configuration, re-run AGENT installation, and copy SERVER trace log, which is most probably located in directory C:\ProgramData\ESET\RemoteAdministrator\Server\EraServerApplicationData\Logs . One trace.log file is copied, full trace logging may be disabled in SERVER configuration.