Jump to content

agents not communicating with newly installed era server on linux


Recommended Posts

Hello,

I installed a new era server on a linux machine. All went well, the web console is working properly, and I imported a first licence in it.

For the sake of completeness, I must add that the era server and console are on a vm with a private ip address, but port 2222 is forwarded from my public host to the private server, and ports 80 and 443 are properly handled by an apache reverse proxy. I don't think that this is the source of the problem, but I had to mention it.

First thing I did was to revoke the default certificates and CA, and create new ones for my company.

Then I created an all in one installer, installed it on a win7 machine, but that machine never appeared on the web console.

I then created an agent live installer, uninstalled the agent and security endpoint previously installed, and reinstalled the agent alone, but again it doesn't appear on the console.

In the agent log, I have an error:

CAgentSecurityModule [Thread 1208]: No such node (result.strIssuer)

google tells me that this ought to be a certificate issue, password related, but why ? I chose an «agent» certificate to create the installers, the password is right otherwise the installers are not created...

Can you help me ?

Thanks,

--

Rémi

Link to comment
Share on other sites

And to be completely complete, here are the installed versions :-)

ESET Remote Administrator (Server), Version 6.5 (6.5.417.0)
ESET Remote Administrator (Web Console), Version 6.5 (6.5.388.0)

Link to comment
Share on other sites

  • ESET Staff

As you found out, there is something wrong with AGENT certificate configuration. Would it be possible to install/reinstall AGENT manually, i.e. go through standard offline installation wizard? There are direct validations of certificate and it might help to identify, why certificate is either missing, or in invalid/password protected state.

Just to be sure, there was no policy applied to AGENT directly in installer?

Link to comment
Share on other sites

no there was no policy applied in installer.

In era I can only create an all in one, or agent live installer. I can download the agent installer from the eset website, but how do I apply the right certificate in that one ?

Link to comment
Share on other sites

ok found it.

I exported the agent certificate, the CA key, copy pasted the certificate password, and launched a repair. Same problem.

Then I completely uninstalled the agent, rebooted, relaunched the install in offline mode, same certificate, key, and password, and same result :-(

Link to comment
Share on other sites

question: I use an automated password generator and copy/paste them, so my passwords are strong and very random. Could it be a problem with some characters in the password ? For example the last character is a '?'. Could that be a problem ?

Link to comment
Share on other sites

urgh, I can't believe it, but the agent has problems with strong passwords: I created a test agent certificate with a weak password (only letters and numbers), and there it works !!!

my previous password had a ], a ", and the last char was a ?. Amazingly, one of these poses problems, even though ERA let's me use it.

Link to comment
Share on other sites

  • ESET Staff

We have replicated the issue and will check what is the reason. We will also update documentation accordingly. Thank you for posting. 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...