8bit 0 Posted June 28, 2018 Share Posted June 28, 2018 We recently had a catastrophic failure of a server and couldn't restore it so we had to reinstall ESET Remote Admin. The agents are of course still installed on all of our PC's and servers and once the installation was complete I see all of them in the Rogue section. To keep things organized, I synced our AD to a group folder within Computers but those show no information. Unknown modules for all AD accounts. What is the best way to move forward to get my ESET agents pulled back in properly? Will I have to manually move all of my rogue devices? Thanks! Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted June 28, 2018 ESET Staff Share Posted June 28, 2018 Unless you have your certificates backed up, agents won’t communicate with the newly build server, unless it was restored from backup. What you will have to do, is to redeploy agents (if your server is the same version as it was before), so “repair” will be performed and agents will communicate to the new server. Link to comment Share on other sites More sharing options...
8bit 0 Posted June 28, 2018 Author Share Posted June 28, 2018 Thank you for your quick response Michal. I'll have to generate a new cert and push out those agents. Regards, Link to comment Share on other sites More sharing options...
8bit 0 Posted June 29, 2018 Author Share Posted June 29, 2018 My Agents still aren't reporting in or being seen by ERA. See the steps below that were taken: Generated a new Certificate for Agents with a new passphrase Setup a new Agent Installer selecting the new cert I just created Downloaded the BAT file Pushed out the BAT file successfully to two PC's and also ran it on a third manually to ensure installation (using PDQ deploy instead of GPO) BAT file uninstalls the previous agent install and installs the new one Network ports are not being blocked between PC's and ERA server and DNS is working properly It's been almost 24 hours and still no sign of my agent PC's and the only machine showing up is the ERA itself. In the past I had been able to push out the Agent installer I downloaded from the ERA console and push them out with PDQ without issue. Any help you can provide would be greatly appreciated! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,277 Posted June 29, 2018 Administrators Share Posted June 29, 2018 What errors are reported in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log? Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted June 29, 2018 ESET Staff Share Posted June 29, 2018 If the agent was not the same version, upon first "run" it conducted "upgrade" (changed the version of the app, however kept previous configuration). If you execute it again, it should conduct "repair", meaning changing the configuration of the agent. Link to comment Share on other sites More sharing options...
8bit 0 Posted June 29, 2018 Author Share Posted June 29, 2018 Ah! Per the logs the connection failed due to incorrect/unknown certificate or key format Remote machine is not trusted. I have a CA on my ERA. Clearly I've missed a step Many thanks again for your help! Link to comment Share on other sites More sharing options...
Recommended Posts