ESMC 7.1 migration and agent reinstallation

[Lockbits 10]

Hello guys,

We've a customer that was using and instance of ESMC 7.1 along with 7.1 agents. The server got damaged so we've installed a new instance of ESMC 7.1. The server has the same hostname and IP address but computers are not connecting as the certificate is different (we don't have a backup of original certificate).

We tried to deploy agent using a server task and although the task finished successfully, the computers are not connecting to new instance.

Which parameter can we use so agent is reconfigured with the new certificate? If we deploy agent using GPO, will installed agent got updated with the new certificate?

Thank you.

Edited March 23, 2020 by Lockbits

[MichalJ 434]

@Lockbits Hello. Per my knowledge, if the agent was not the exact same version, it would first perform "upgrade" and on the second attempt it would perform "repair". So it might be required that you deploy the agent twice, in order to make it connect to the new server. Also, what are the errors in the local agent trace log? They might explain if the problem is in the cert, or in anything else. 

[Marcos 5,074]

"...if the agent was not the exact same version, it would first perform "upgrade" and on the second attempt it would perform "repair".

This shouldn't be the case with the latest agent any more. Check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html  and trace log on a not connecting client for possible errors.

[Lockbits 10]

Hi guys,

The problem is within the certificate and that agent installation using server task is not overwriting the agent and configuration.

For example, in task I specified the host name and not the IP and if I see the log I realized that even that parameter wasn't changed.

I'm going to try with GPO.  

Logs.rar

[MartinK 378]

Could you please double-check that "Remote Deployment Task" was successful on specific problematic client? It is even possible to list deployment details which should show whether installation/repair was actually performed.

Also could you please check for log named ra-agent-install.log on client machine? It will be probably placed in one of system (service account's) temporary directory. I would recommend to check whole system disk with administrator privileges as it might not be accessible for users without full permissions -> it will contain full installation logs which might point more light into this issue.

As an alternative, I would recommend to check whether executing ESMC live installer on such client resolves this issue - asking because remote deployment task executes identical installer on target machine, so I would expect identical results.

[Lockbits 10]

3 hours ago, MartinK said:

Could you please double-check that "Remote Deployment Task" was successful on specific problematic client? It is even possible to list deployment details which should show whether installation/repair was actually performed.

Also could you please check for log named ra-agent-install.log on client machine? It will be probably placed in one of system (service account's) temporary directory. I would recommend to check whole system disk with administrator privileges as it might not be accessible for users without full permissions -> it will contain full installation logs which might point more light into this issue.

As an alternative, I would recommend to check whether executing ESMC live installer on such client resolves this issue - asking because remote deployment task executes identical installer on target machine, so I would expect identical results.

Hi Martin,

I double checked and indeed it's the problematic computer. We didn't found the ra-agent-install.log. We searched all the disk with an administrator account.

As you suggested, we created a live installer (the .bat) and ran it in the problematic computer. The result was the same, PC doesn't connect and old settings and certificates are preserved. 

I deployed the agent using the server task to computers were no agent was installed before and those computers connected right away.

Unfortunately this problem persist in 7.1 as configuration and certificates are not overwritten with the new ones.

What others options do we have other than uninstall and install the agent manually per computer?

Thank you.

[MartinK 378]

Just to be sure, there is no configuration policy present in ESMC with old IP address in configuration?

Regardless possibilities, one last might be to use manual repair (i.e. manually run standalone installer) and provide settings manually. Unfortunately live installer script (BAT) has a glitch and it reports success even in case it actually fails to deploy AGENT, so it is still possible that live installer itself is not working (or was it clear from output to console that is succeeded?). It might be for example just problem with package download in customer's network. In this case using all-in-one installer, which embeds packages might be possible workaround.

[Lockbits 10]

Hi MartinK,

Apparently the problem is because old agent configuration was password protected.

We are trying to make a custom bat for deployment but for the moment it's not working. I password protected my agent with the same password so I can test the bat without going to the customer but not luck.

I tried to put the password with and without " and it's not working. If I look at the .ini created by the bat I can saw that password is within the file but agent is not reinstalled with new configuration.

ESMCAgentInstaller2.1.rar