Jump to content

Agent deployment issues


Recommended Posts

Greetings. I have ESET Management Center and recently I've been trying to deploy the agent. It keeps failing and I can't figure out why.

Let's say I just need to install it onto a single machine. I manually add it to the computer list. Then I create a server task "Agent deployment" and input all the credentials. The target machine is in a domain, so I use the recommended domain\user format for login (the user has domain administrator privileges). After running for some brief time, the task fails, the report shows error 22.

The target machine is Win10 Pro, the server is Debian 9. The server is also a domain member.

The trace.log file is as follows (credentials replaced with dummy names):

SSH remote deployment failed because CONNECTION CAN NOT BE ESTABLISHED to the target LINUX or MAC machine.
*** Error details: connect: Connection refused

- Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'.
- Verify that SSH daemon is enabled on the target machine and is running on the port 22.
- Verify that firewall is not blocking SSH communication between server and the target machine.

Agent deployment failed. Please go through the checklist above for specific platform (WINDOWS, LINUX or MAC) that is on the target machine.
2020-05-20 10:44:10 Error: CRemoteInstallModule [Thread 7fd1f7faf700]: Remote deployment failed on 1 targets
2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: UnixWindowsNetworkRemoteInstall: remote deployment to 'MACHINE_NAME.DOMAIN_NAME' terminated with 22
2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: UnixWindowsNetworkRemoteInstall: output of '"/var/opt/eset/RemoteAdministrator/Server/Scripts/UnixWindowsNetworkRemoteInstall.sh" 2>&1':
* Created temporary directory /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ

* Creating command input/ouput redirection pipes
+ mkfifo /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.in.pipe
+ mkfifo /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.out.pipe
--------------------------------------------------------------------------

* Mounting remote share '//MACHINE_NAME.DOMAIN_NAME/ADMIN$' to '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs'
+ mkdir /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs
+ LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs
mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
+ retcode=32
+ sleep 0.1
+ test 0 -eq 32
+ LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME,sec=ntlmv2 //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs
mount error(112): Host is down
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
+ retcode=32
+ sleep 0.1
+ test 0 -eq 32
+ LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME,vers=3.02 //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs
+ retcode=0
+ sleep 0.1
+ test 0 -eq 0
+ return 0
* [Exit code = 0]
--------------------------------------------------------------------------

* Creating remote directory '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6'
+ LANG= mkdir /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6
* [Exit code = 0]
--------------------------------------------------------------------------

* Copying files to remote dir '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6'
+ cp /tmp/1c55-e2f1-fe8d-b7f7/ESMCAgentInstaller.bat /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6
* [Exit code = 0]
+ cp /opt/eset/RemoteAdministrator/Server/RemoteInstallService.exe /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6
* [Exit code = 0]
--------------------------------------------------------------------------

* Removing previous instance of remote installer service 'ESET Security Management Center Remote Installation Service'
+ LANG= net -i -k rpc service delete eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME
Enter USER_NAME's password:Failed to open service.  [WERR_NO_SUCH_SERVICE]

--------------------------------------------------------------------------

* Creating remote installer service 'ESET Security Management Center Remote Installation Service'
+ LANG= net -i -k rpc service create eset-remote-installer ESET Security Management Center Remote Installation Service %SYSTEMROOT%\era_rd_cAwuRbr6\RemoteInstallService.exe -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME
Enter USER_NAME's password:
Successfully created Service: eset-remote-installer
* [Exit code = 0]
--------------------------------------------------------------------------

* Creating remote installer arguments file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args'
+ echo %SYSTEMROOT%\era_rd_cAwuRbr6\ESMCAgentInstaller.bat
+ echo %SYSTEMROOT%\era_rd_cAwuRbr6\ESMCAgentInstaller.bat
* [Exit code = 0]
--------------------------------------------------------------------------

* Starting remote installer service 'ESET Security Management Center Remote Installation Service'
+ LANG= net -i -k rpc service start eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME
Enter USER_NAME's password:
.
Successfully started service: eset-remote-installer
* [Exit code = 0]
--------------------------------------------------------------------------

* Querying remote installer service 'ESET Security Management Center Remote Installation Service' until stopped
+ LANG= net -i -k rpc service status eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME
Enter USER_NAME's password:
eset-remote-installer service is stopped.
Configuration details:
    Controls Accepted    = 0x0
    Service Type         = 0x10
    Start Type           = 0x3
    Error Control        = 0x1
    Tag ID               = 0x0
    Executable Path      = C:\WINDOWS\era_rd_cAwuRbr6\RemoteInstallService.exe
    Load Order Group     = 
    Dependencies         = /
    Start Name           = LocalSystem
    Display Name         = ESET Security Management Center Remote Installation Service
* [Exit code = 0]
--------------------------------------------------------------------------

* Reading remote installer exit status file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit'
+ cat /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit
22
* [Exit code = 0]
--------------------------------------------------------------------------

* Remote installation on 'MACHINE_NAME.DOMAIN_NAME' failed with exit status '22'
--------------------------------------------------------------------------

* Stopping remote installer service 'ESET Security Management Center Remote Installation Service'
+ LANG= net -i -k rpc service stop eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME
Enter USER_NAME's password:Control service request failed.  [WERR_SERVICE_NOT_ACTIVE]

* [Exit code = 255]
--------------------------------------------------------------------------

* Removing remote installer arguments file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args'
+ unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args
* [Exit code = 0]
--------------------------------------------------------------------------

* Removing remote installer exit status file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit'
+ unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit
* [Exit code = 0]
--------------------------------------------------------------------------

* Removing remote installer service 'ESET Security Management Center Remote Installation Service'
+ LANG= net -i -k rpc service delete eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME
Enter USER_NAME's password:
Successfully deleted Service: eset-remote-installer
* [Exit code = 0]
--------------------------------------------------------------------------

* Removing remote directory '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6'
+ LANG= rm -r /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6
* [Exit code = 0]
--------------------------------------------------------------------------

* Umounting remote share '//MACHINE_NAME.DOMAIN_NAME/ADMIN$' from '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs'
+ LANG= umount /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs
* [Exit code = 0]
--------------------------------------------------------------------------

* Removing command input/ouput redirection pipes
+ unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.in.pipe
+ unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.out.pipe
--------------------------------------------------------------------------
* Removed temporary directory /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ

2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: Executing remote deployment of agent a86b5c76-903e-4024-a0ab-4a92a51dac1f on 'MACHINE_NAME.DOMAIN_NAME'
Windows network remote deployment failed.
*** Error details: UnixWindowsNetworkRemoteInstall: remote deployment to 'MACHINE_NAME.DOMAIN_NAME' terminated with 22

- Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'.
- Verify that 'MACHINE_NAME.DOMAIN_NAME' can be resolved with 'nslookup' if it is a DNS name.
- Verify that firewall is not blocking communication and file sharing between server and the target machine.
- Verify that "File and Print Sharing for Microsoft Networks" is enabled on the target machine.
- Verify that "Remote Procedure Call (RPC)" service is running on the target machine.
- Make sure that simple file sharing is turned off on the target machine.
- Activate sharing resource ADMIN$ on the target machine.
- Verify that remote UAC filtering is disabled on the target machine (https://support.microsoft.com/en-us/kb/951016).
- Verify that 'DOMAIN_NAME\USER_NAME' has administrator rights or use local 'Administrator' account that is enabled on the target machine.
- Verify that 'DOMAIN_NAME\USER_NAME' password is not blank.
- Verify that you can remotely log on to the workstation from the server.
- Verify that from server machine you can access 'net use \\MACHINE_NAME.DOMAIN_NAME\IPC$' from the Command Prompt.
- Change 'ESET Security Management Center Server' service credentials from 'Network Service' to user with domain administrator permissions temporarily for deployment.

SSH remote deployment failed because CONNECTION CAN NOT BE ESTABLISHED to the target LINUX or MAC machine.
*** Error details: connect: Connection refused

- Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'.
- Verify that SSH daemon is enabled on the target machine and is running on the port 22.
- Verify that firewall is not blocking SSH communication between server and the target machine.

Agent deployment failed. Please go through the checklist above for specific platform (WINDOWS, LINUX or MAC) that is on the target machine.
2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f7faf700]: Remote deployment failed on 1 targets

I'm not sure what to make of it. Does it or does it not fail to create the installer service? If the service is created, does it fail to start it?

 

UPD 

ESET Security Management Center (Server), Version 7.0 (7.0.471.0)
ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0)

Edited by helis
Link to comment
Share on other sites

  • ESET Staff

Unfortunately from provided logs it is not clear what resulted in deployment failure, but it is clear that live installer was actually started, but it probably failed to download installers or installation itself failed.

Remote deployment task works in a way that standard ESET Management Agent live installer  is created and remotely executed on target machine, so my recommendation is to create such installer and verify it works on target machine when executed locally. It might help to diagnose this issue, especially in case deployment to larger network is planed.

Also using Remote Deployment Tool in combination with All-in-one (offline) installer might be a solution, especially in case live installer fails on installer download from ESET repository servers (http://repository.eset.com)

Link to comment
Share on other sites

I did try to install the agent locally with the bat file, and yes it is installed just fine. The only issue is, it didn't want to install until I rebooted the target machine. I assume it has something to do with the previous failed deployment attempt? Anyway, how does this information help me?

Meanwhile, I tried deploying the agent on another Win10 machine, with the same result as in the first post.

All-in-one installer, deployed or no, isn't the best way in my case because quite a few machines in the network have old versions of AV software (Endpoint 5 or 6 or even Nod 32 in some cases). Practice showed that the only ways to reliably remove those are either using the ESET removal tool (or whatever it's called, the name escapes me) but it requires booting in safe mode which is NOT an option for me, or by installing just the agent and removing the old AV via ERA. If you just manually uninstall it via standard Windows way, the new all-in-one installer almost invariably fails (saying "this might be caused by malware activity"). If you remove the old AV through the agent, everything works fine. This is a whole another matter and I honestly have no desire to investigate and fix it, unless I absolutely have to. I'd rather just go ahead and install the agent manually on every single machine (a couple hundred of those), it probably would take less time.

I would consider the remote deployment tool is there was a way to deploy the agent alone. 

 

UPD Wait, I've only now figured out that all-in-one installer can be agent-only. Strange to all it "all-in-one" in such case if you ask me, but ok. I'll test the Deployment Tool then and let you know of the results.

Edited by helis
Link to comment
Share on other sites

Okay, this is not getting less weird at all.

I tried deploying the agent with Deployment tool to four machines, all in the domain. For the first two it worked, but for the second two it reported "Success" but looks like the installation was incomplete? The folder is there in "Program Files", but there's no entry in installed software list and the machines don't appear in the ERA. What does that mean?

Edited by helis
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...