smash007 0 Posted September 20, 2019 Share Posted September 20, 2019 Hello. Please forgive me that it may be strange English because it is posted by machine translation. EsetSeucrityManager and EsetManagerAgent can no longer be connected. There was a temporary network failure and EsetManagerAgent could not connect to EsetSeucrityManager. After that date, we confirmed that EsetManagerAgent is still unable to connect to EsetSeucrityManager. Therefore, when I checked the Log of EsetManagerAgent, it was confirmed that the IP of the connection destination was rewritten to 127.0.0.1 without permission. As a countermeasure It was confirmed that the IP address of EsetSeucrityManager was re-specified when the program was repaired. However, it is hard because there are a lot of EsetManagerAgent. Can these operations be repaired remotely from EsetSeucrityManager? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted September 20, 2019 Administrators Share Posted September 20, 2019 For a start let's check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log for details about the problem. You can post status.html here as well. If agent is not reporting to your ESMC server because its IP address or certificates have changed, re-deploy agent with a correct address of the ESMC server and the current peer and CA certificates. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 434 Posted September 20, 2019 ESET Staff Share Posted September 20, 2019 @smash007 In general, there might be one thing you can do. If the IP address of the ESMC server changed, if you revert it back to its original value, agents will be bale to connect. However, it depends, whether the certificate / address was configured for the IP, or the hostname. If you revert both to original values, no redeployment might be needed. Link to comment Share on other sites More sharing options...
smash007 0 Posted September 20, 2019 Author Share Posted September 20, 2019 (edited) Thank you for your reply. The IP of the Mgr server has never been changed. Also, the server certificate has never been changed. What is worrisome is the day when the last connection date stopped. The PCs implemented WindowsUpdate. Does WindowsUpdate break settings? We will upload status.html. Is it possible to redeploy a certificate to each client PC by executing a task from EsetMgr? Edited September 20, 2019 by smash007 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted September 20, 2019 Administrators Share Posted September 20, 2019 A lot of information is missing there. Please attach status.html as is. Link to comment Share on other sites More sharing options...
smash007 0 Posted September 20, 2019 Author Share Posted September 20, 2019 status.html uploaded. However, the image and information uploaded earlier are the same. status.zip Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted September 21, 2019 ESET Staff Share Posted September 21, 2019 This was log captured just 7 seconds after AGENT service startup and that is why most of the details are missing. This itself is suspicious and might indicate problems with stability or correctness of installation -> AGENT is probably not able to start and thus not connecting to ESMC. Please attach also trace.log which might show at least basic error message and confirm whether AGENT service is able to start or it is restarting itself due to some configuration or system issue. Link to comment Share on other sites More sharing options...
smash007 0 Posted September 27, 2019 Author Share Posted September 27, 2019 I delayed to reply. I checked the log. When the history is confirmed, the log is not output at the end of "Thread 9e4]: No such node (result.strIssuer)" In the end, you can connect by manually resetting the certificate on the AGT side. Is there any chance that the certificate will be damaged when EsetAgent cannot connect to EsetMgr? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted September 27, 2019 Administrators Share Posted September 27, 2019 2 hours ago, smash007 said: In the end, you can connect by manually resetting the certificate on the AGT side. By AGT you mean ESMC agent? What do you mean by manually resetting the certificate? You can generate Agent Live installer from the ESMC console and run in on a client which will upgrade to a newer version in the first round, if applicable and install current certificates in the 2nd round (meaning the second time you run it). However, if there was a problem with certificates, it would be visible in status.html. Please provide trace.log from the troublesome machine as requested by MartinK above. Link to comment Share on other sites More sharing options...
smash007 0 Posted September 27, 2019 Author Share Posted September 27, 2019 By AGT you mean ESMC agent? ⇒yes Thank you for your reply. Attach the log. trace.zip Link to comment Share on other sites More sharing options...
Administrators Marcos 5,404 Posted September 27, 2019 Administrators Share Posted September 27, 2019 There are 2 issues: 1, with EPNS 019-09-12 00:59:33 Warning: CPushNotificationsModule [Thread 256c]: Failed to configure EPNS resource (retrying in 10 seconds): Error calling PNS API 'PnsRegisterClient' (return code = 19108) Please make sure that clients can connect to epns.eset.com on poets 8883 and 443:https://help.eset.com/esmc_admin/70/en-US/epns.html 2, with session token unavailable: 2019-09-12 00:59:43 Warning: CReplicationModule [Thread 26bc]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet) The error is network related. Most probably it is not possible to establish connection to the specific port. Either it is blocked, or another application is listening on the port. Might be also caused by exceeded limits for connections, especially in case that migration to ESMC 7 AGENT started and the old appliance is used. Link to comment Share on other sites More sharing options...
smash007 0 Posted September 27, 2019 Author Share Posted September 27, 2019 (edited) Thank you for confirmation. In the time zone when the error occurred, it was not possible to connect due to network failure. After the network failure was restored, I could no longer connect to EsetManeger. In the end, I restored the manual certificate on the EsetAgent terminal. The problem is that there are a large number of terminals that have similar events. It is difficult to reset the certificate manually by one machine. Is it possible to reset the certificate for each EsetAgent terminal from EsetManager side? Edited September 27, 2019 by smash007 Link to comment Share on other sites More sharing options...
Recommended Posts