davey 0 Posted July 6, 2018 Share Posted July 6, 2018 Hi all I have migrated my ERA server (6.5.522.0) to another server. followed https://support.eset.com/kb6498/?locale=en_US&viewlocale=en_US and proceeding instructions and all good. However, my clients in the new server only communicated once with the new server ( with or without the old server era service off ) and fail to speak to it, presumably I am doing something stupid here with the certificates. If i switch the old ERA back on clients revert to that even though i can see the correct policy applying to the client to divert to the new server. I will most probably go through the whole process again, but if any big pointers, would be appreciated Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted July 6, 2018 ESET Staff Share Posted July 6, 2018 Please provide logs (status.html) from client machine that is not connecting. In case clients were able to connect exactly once, it means there is indeed problem either with certificates or maybe configuration policies. Once client successfully connected to new ERA server, it actually dropped all data from old ERA, and started to using only data from new ERA. This means that client stopped using CA certificates from old ERA and that is why one of crucial migration steps was to import CA certificates (described in step III. in https://support.eset.com/kb6490/ , referenced in document you mentioned). If this is the case, maybe changing SERVER's certificate to certificate generated during new ERA installation will be sufficient, as clients that already connected should have proper CA certificate. Another alternative is that clients received malformed configuration policy upon first connection, which might have changed their certificates, or maybe it changes they hostname:port where they are supposed to connect? Link to comment Share on other sites More sharing options...
davey 0 Posted July 6, 2018 Author Share Posted July 6, 2018 MartinK Thanks for the reply and the heads up on the status.html. Yes indeed the clients are still connecting to the old ERA and as i can see in the Last-error.html, the policy applying the new ERA server has correctly served its purposed, but, yes I have done something ridiculous with the certificates because of the error 'CReplicationManager: Replication (network) connection to 'host: "***********" port: ****' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.' I will retrace my steps on the https://support.eset.com/kb6490/ Thanks Link to comment Share on other sites More sharing options...
davey 0 Posted July 6, 2018 Author Share Posted July 6, 2018 MartinK Ok, I am now all up to all clients connecting on the new ERA I am not convinced it was certificate after retracing the instructions, I added another step https://support.eset.com/kb6492/ II. Apply the Agent Certificate in a new Agent Policy on your new ERA server, Server Two in this example. and added the new ERA server on this step as technically this step only specifies adding the agent certificate ( even though the screen shot show otherwise under step 6 ( servers to connect to ). I am not sure if this was missing in the instructions or i inadvertently adding something just to let you know in case the instructions need tweaking Dave Link to comment Share on other sites More sharing options...
Recommended Posts