Jump to content

ERA Server Migration, clients not refreshing


Recommended Posts

Hi all

 

I have migrated my ERA server (6.5.522.0) to another server. followed https://support.eset.com/kb6498/?locale=en_US&viewlocale=en_US and proceeding instructions and all good.

However, my clients in the new server only communicated once with the new server ( with or without the old server era service off ) and fail to speak to it, presumably I am doing something stupid here with the certificates.

If i switch the old ERA back on clients revert to that even though i can see the correct policy applying to the client to divert to the new server.

I will most probably go through the whole process again, but if any big pointers, would be appreciated :)

 

Link to comment
Share on other sites

  • ESET Staff

Please provide logs (status.html) from client machine that is not connecting.

In case clients were able to connect exactly once, it means there is indeed problem either with certificates or maybe configuration policies. Once client successfully connected to new ERA server, it actually dropped all data from old ERA, and started to using only data from new ERA. This means that client stopped using CA certificates from old ERA and that is why one of crucial migration steps was to import CA certificates (described in step III. in https://support.eset.com/kb6490/ , referenced in document you mentioned). If this is the case, maybe changing SERVER's certificate to certificate generated during new ERA installation will be sufficient, as clients that already connected should have proper CA certificate.

Another alternative is that clients received malformed configuration policy upon first connection, which might have changed their certificates, or maybe it changes they hostname:port where they are supposed to connect?

Link to comment
Share on other sites

MartinK

Thanks for the reply and the heads up on the status.html.

Yes indeed the clients are still connecting to the old ERA and as i can see in the Last-error.html, the policy applying the new ERA server has correctly served its purposed, but, yes I have done something ridiculous with the certificates because of the error 'CReplicationManager: Replication (network) connection to 'host: "***********" port: ****' failed with: Receive: NodSslWriteEncryptedData: Incorrect/unknown certificate or key format.'

I will retrace my steps on the https://support.eset.com/kb6490/

 

Thanks

Link to comment
Share on other sites

MartinK 

Ok, I am now all up to all clients connecting on the new ERA

I am not convinced it was certificate after retracing the instructions, I added another step https://support.eset.com/kb6492/  II. Apply the Agent Certificate in a new Agent Policy on your new ERA server, Server Two in this example.   and added the new ERA server on this step as technically this step only specifies adding the agent certificate ( even though the screen shot show otherwise under step 6 ( servers to connect to ).

I am not sure if this was missing in the instructions or i inadvertently adding something just to let you know in case the instructions need tweaking ;)

Dave

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...