veehexx 1 Posted January 21, 2020 Share Posted January 21, 2020 We've recently discovered that I missed the install_config.ini file along side an update to the latest agent.msi. fresh installed clients have the server as localhost and not our esmc FQDN. i've done a search in redgedit HLKM for our fqdn and the install dir but neither have a result. Is there a way to confirm what the agent is currently set to via an external method? Yes, i know we can check the server via add/remove programs and modify the agent install but that requires admin rights and only useful for machines we know are affected. We use SCCM to manage software so looking for something i can use for either deployment detection, or a Compliance Item. Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted January 21, 2020 Administrators Share Posted January 21, 2020 You'll need to reinstall or redeploy agent in order to change connection parameters. Link to comment Share on other sites More sharing options...
veehexx 1 Posted January 21, 2020 Author Share Posted January 21, 2020 Redeploying is fine once we discover what devices are affected. what i'm wondering is if there is a way we can query (regkey, script, etc) what the Agent's Server address is currently set as? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,070 Posted January 21, 2020 Administrators Share Posted January 21, 2020 I assume that connection parameters are stored in agent's database for security reasons. Link to comment Share on other sites More sharing options...
veehexx 1 Posted January 21, 2020 Author Share Posted January 21, 2020 That was my assumption when i couldn't find anything in regedit or install folder. Shame. the deployment guy manually activated the clients so at least they're licenced and protected. He only thought to tell me there was an issue today. Hopefully he has a record of who&what went out in the time period (or look at AD creation timestamp) so we can manually confirm their last connected timestamp in ESMC and handle from there. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted January 21, 2020 ESET Staff Share Posted January 21, 2020 There is a "Diagnostic" tool available in AGENT's programs files directory and it can export current configuration. Passwords will be redacted but connection parameters should be exported in readable format. Link to comment Share on other sites More sharing options...
ESET Staff Mirek S. 18 Posted January 22, 2020 ESET Staff Share Posted January 22, 2020 I believe easiest option would be to redeploy via SCCM (with valid install_config). This will repair installation on all endpoints. Now this might get tricky if You are on SCCM 2012+ as it lost option to rerun, instead detection based on time of installation could be used. As a sidenote it seems to me like quiet installation without valid hostname should not succeed, at least I don't see any use-case for it. Link to comment Share on other sites More sharing options...
Recommended Posts