Cp3p0 6 Posted January 29, 2020 Share Posted January 29, 2020 Hi All, I'm turning to the forums for help. I'm experiencing trouble getting my EEI Agents to report back to the EEI Server. After EEI Agent installation I receive the warning messages from within the ESMC: "Missing or invalid SSL certificate or certificate authority" & "Can't connect to Enterprise Inspector Server" From the trace log found under "C:\ProgramData\ESET\EnterpriseInspector\Agent\logs" on the machine I can see errors like: "Error while sending request to server at "xxxx.local:8093". unknown protocol" "Error while sending request to server at "xxxx.local:8093". certificate verify failed" Please help! I've been scratching my head but cannot see where I went wrong with the configuration? I will outline the steps I've taken below: 1) Install the EEI Agent using the following Client Task from the ESMC console: 2) Apply a new ESET Enterprise Inspector Agent Policy where I define the only CA found in my ESMC under "Certificate Authorities". Please note there are no other Enterprise Inspector Policies applied: 3) After a replication or two these are the errors visible from the ESMC: 4) Trace log from the EEI Agent Machine: Re-installing the Agent both via Client task/Manual Repair does not resolve the issue :(. Any advice would truly be appreciated! Thank you. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 948 Posted January 29, 2020 ESET Moderators Share Posted January 29, 2020 Hello @Cp3p0, a colleague wit EEI expertise spoke to me regarding it, so please check the EEI server cert in the ESMC - in the host field you need to have host name and/or IP address of the server. So you probably will have to create the new cert from, of course using the same CA and reinstall the EEI server with it, please let us know if that helped. Peter Link to comment Share on other sites More sharing options...
ESET Staff IgorK82 2 Posted January 29, 2020 ESET Staff Share Posted January 29, 2020 Hi, please make sure that the proxy server has TLS enabled. And as my colleague mentioned before, better to prepare new EEI Server certificate. It can be easily done during the Installation/Repair process https://help.eset.com/eei/1.3/en-US/gui_server_installation.html Martin Bergeron and Peter Randziak 2 Link to comment Share on other sites More sharing options...
Cp3p0 6 Posted January 30, 2020 Author Share Posted January 30, 2020 (edited) Thank you guys for the response! With your help I figured out what the issue was. The EI Server certificate only contained the EI Server host name. However, my EI Agents used the my server Alias as the "Connect to Server" address. Note to self, if you're going to use the alias for connecting your Agents, make sure it's also mentioned on the EI Server Certificate. (Not just the server hostname.... Duh) Edited January 30, 2020 by Cp3p0 Martin Bergeron 1 Link to comment Share on other sites More sharing options...
Recommended Posts