sanlucas 0 Posted March 10, 2020 Share Posted March 10, 2020 Hi I have about 40 pcs that shows me this error Peer certificate is invalid What should I check? Server: ESET Security Management Center (Server), Version 7.1 (7.1.503.0) ESET Security Management Center (Web Console), Version 7.1 (7.1.393.0) Clients: Agente 6.5.522.0 ERA 7.1.2053.0 Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted March 10, 2020 Administrators Share Posted March 10, 2020 Did you upgrade to ESMC 7.1 from ERA 6.5 or you installed it from scratch without backing up certificates? Link to comment Share on other sites More sharing options...
sanlucas 0 Posted March 10, 2020 Author Share Posted March 10, 2020 (edited) Hi Marcos, I made that update in July last year and had to update all the clients win7 and XP manually. At the time create a completely new server from 0. Edited March 10, 2020 by sanlucas Link to comment Share on other sites More sharing options...
Administrators Marcos 5,259 Posted March 10, 2020 Administrators Share Posted March 10, 2020 What error is reported in C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html ? Once the agent starts reporting to ESMC. send an ESMC upgrade task to it so that it upgrades to v7. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted March 10, 2020 ESET Staff Share Posted March 10, 2020 In case clients are still connecting, it probably means that AGENT's are not able to verify their own certificate. This might be caused by fact that they are missing CA certificate that was used to sign this certificate. If this is true, it also means that SERVER's peer certificate is signed by different CA certificate: was there any kind of certificate customization applied? Or ERA/ESMC migration scenarios were used? Link to comment Share on other sites More sharing options...
sanlucas 0 Posted March 11, 2020 Author Share Posted March 11, 2020 Marcos: this is the status.html3 Scope Time Text Last authentication 2020-Mar-11 11:26:49 Enrollment OK Last replication 2020-Mar-11 11:26:50 ERROR: InitializeConnection: Initiating replication connection to 'host: "192.168.0.100" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "192.168.0.100" port: 2222 with proxy set as: Proxy: Connection: 192.168.0.54:3128, Credentials: Name: gaston, Password: ******, Enabled:1, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 192.168.0.100:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: c9571c4d-bc84-11e9-9313-1a4868efc0ac, Sent logs: 0, Cached static objects: 53, Cached static object groups: 10, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] All replication attempts: 33123 Last successful replication 2020-Mar-09 11:02:49 OK Successful replications: 30217 All replication attempts: 30219 Connection: 192.168.0.100:2222 Scenario: REGULAR Peer certificate 2020-Mar-11 10:59:49 Error Agent peer certificate with subject 'CN=Agent at *, C=US' issued by 'CN=Server Certification Authority, C=US' with serial number '018437f343bd744248ba7128a7e21ba08501' is invalid now (NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain) Peer certificate may be valid but can not be verified on this machine Check time validity and presence of issuing certification authority Product 2020-Feb-17 11:29:38 Product install configuration: Product type: Agent Product version: 7.0.577.0 Product locale: en_US Replication security 2020-Mar-11 11:26:50 OK Remote host: 192.168.0.100 Remote product: Server Link to comment Share on other sites More sharing options...
sanlucas 0 Posted March 12, 2020 Author Share Posted March 12, 2020 Hi MartinK, I have not changed any certificate not in clients or servers, I have only run updates for the server through the console Link to comment Share on other sites More sharing options...
Recommended Posts