helis 0 Posted May 20, 2020 Share Posted May 20, 2020 (edited) Greetings. I have ESET Management Center and recently I've been trying to deploy the agent. It keeps failing and I can't figure out why. Let's say I just need to install it onto a single machine. I manually add it to the computer list. Then I create a server task "Agent deployment" and input all the credentials. The target machine is in a domain, so I use the recommended domain\user format for login (the user has domain administrator privileges). After running for some brief time, the task fails, the report shows error 22. The target machine is Win10 Pro, the server is Debian 9. The server is also a domain member. The trace.log file is as follows (credentials replaced with dummy names): SSH remote deployment failed because CONNECTION CAN NOT BE ESTABLISHED to the target LINUX or MAC machine. *** Error details: connect: Connection refused - Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'. - Verify that SSH daemon is enabled on the target machine and is running on the port 22. - Verify that firewall is not blocking SSH communication between server and the target machine. Agent deployment failed. Please go through the checklist above for specific platform (WINDOWS, LINUX or MAC) that is on the target machine. 2020-05-20 10:44:10 Error: CRemoteInstallModule [Thread 7fd1f7faf700]: Remote deployment failed on 1 targets 2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: UnixWindowsNetworkRemoteInstall: remote deployment to 'MACHINE_NAME.DOMAIN_NAME' terminated with 22 2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: UnixWindowsNetworkRemoteInstall: output of '"/var/opt/eset/RemoteAdministrator/Server/Scripts/UnixWindowsNetworkRemoteInstall.sh" 2>&1': * Created temporary directory /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ * Creating command input/ouput redirection pipes + mkfifo /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.in.pipe + mkfifo /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.out.pipe -------------------------------------------------------------------------- * Mounting remote share '//MACHINE_NAME.DOMAIN_NAME/ADMIN$' to '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs' + mkdir /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs + LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) + retcode=32 + sleep 0.1 + test 0 -eq 32 + LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME,sec=ntlmv2 //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs mount error(112): Host is down Refer to the mount.cifs(8) manual page (e.g. man mount.cifs) + retcode=32 + sleep 0.1 + test 0 -eq 32 + LANG= mount -t cifs -o domain=DOMAIN_NAME,username=USER_NAME,vers=3.02 //MACHINE_NAME.DOMAIN_NAME/ADMIN$ /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs + retcode=0 + sleep 0.1 + test 0 -eq 0 + return 0 * [Exit code = 0] -------------------------------------------------------------------------- * Creating remote directory '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6' + LANG= mkdir /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6 * [Exit code = 0] -------------------------------------------------------------------------- * Copying files to remote dir '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6' + cp /tmp/1c55-e2f1-fe8d-b7f7/ESMCAgentInstaller.bat /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6 * [Exit code = 0] + cp /opt/eset/RemoteAdministrator/Server/RemoteInstallService.exe /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6 * [Exit code = 0] -------------------------------------------------------------------------- * Removing previous instance of remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service delete eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password:Failed to open service. [WERR_NO_SUCH_SERVICE] -------------------------------------------------------------------------- * Creating remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service create eset-remote-installer ESET Security Management Center Remote Installation Service %SYSTEMROOT%\era_rd_cAwuRbr6\RemoteInstallService.exe -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password: Successfully created Service: eset-remote-installer * [Exit code = 0] -------------------------------------------------------------------------- * Creating remote installer arguments file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args' + echo %SYSTEMROOT%\era_rd_cAwuRbr6\ESMCAgentInstaller.bat + echo %SYSTEMROOT%\era_rd_cAwuRbr6\ESMCAgentInstaller.bat * [Exit code = 0] -------------------------------------------------------------------------- * Starting remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service start eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password: . Successfully started service: eset-remote-installer * [Exit code = 0] -------------------------------------------------------------------------- * Querying remote installer service 'ESET Security Management Center Remote Installation Service' until stopped + LANG= net -i -k rpc service status eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password: eset-remote-installer service is stopped. Configuration details: Controls Accepted = 0x0 Service Type = 0x10 Start Type = 0x3 Error Control = 0x1 Tag ID = 0x0 Executable Path = C:\WINDOWS\era_rd_cAwuRbr6\RemoteInstallService.exe Load Order Group = Dependencies = / Start Name = LocalSystem Display Name = ESET Security Management Center Remote Installation Service * [Exit code = 0] -------------------------------------------------------------------------- * Reading remote installer exit status file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit' + cat /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit 22 * [Exit code = 0] -------------------------------------------------------------------------- * Remote installation on 'MACHINE_NAME.DOMAIN_NAME' failed with exit status '22' -------------------------------------------------------------------------- * Stopping remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service stop eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password:Control service request failed. [WERR_SERVICE_NOT_ACTIVE] * [Exit code = 255] -------------------------------------------------------------------------- * Removing remote installer arguments file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args' + unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.args * [Exit code = 0] -------------------------------------------------------------------------- * Removing remote installer exit status file '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit' + unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/eset-remote-installer.exit * [Exit code = 0] -------------------------------------------------------------------------- * Removing remote installer service 'ESET Security Management Center Remote Installation Service' + LANG= net -i -k rpc service delete eset-remote-installer -W DOMAIN_NAME -U USER_NAME -S MACHINE_NAME.DOMAIN_NAME Enter USER_NAME's password: Successfully deleted Service: eset-remote-installer * [Exit code = 0] -------------------------------------------------------------------------- * Removing remote directory '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6' + LANG= rm -r /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs/era_rd_cAwuRbr6 * [Exit code = 0] -------------------------------------------------------------------------- * Umounting remote share '//MACHINE_NAME.DOMAIN_NAME/ADMIN$' from '/tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs' + LANG= umount /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cifs * [Exit code = 0] -------------------------------------------------------------------------- * Removing command input/ouput redirection pipes + unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.in.pipe + unlink /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ/cmd.out.pipe -------------------------------------------------------------------------- * Removed temporary directory /tmp/era_remote_deploy_wn_bWQTvTlyVktstdaJ 2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f8fb1700]: Executing remote deployment of agent a86b5c76-903e-4024-a0ab-4a92a51dac1f on 'MACHINE_NAME.DOMAIN_NAME' Windows network remote deployment failed. *** Error details: UnixWindowsNetworkRemoteInstall: remote deployment to 'MACHINE_NAME.DOMAIN_NAME' terminated with 22 - Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'. - Verify that 'MACHINE_NAME.DOMAIN_NAME' can be resolved with 'nslookup' if it is a DNS name. - Verify that firewall is not blocking communication and file sharing between server and the target machine. - Verify that "File and Print Sharing for Microsoft Networks" is enabled on the target machine. - Verify that "Remote Procedure Call (RPC)" service is running on the target machine. - Make sure that simple file sharing is turned off on the target machine. - Activate sharing resource ADMIN$ on the target machine. - Verify that remote UAC filtering is disabled on the target machine (https://support.microsoft.com/en-us/kb/951016). - Verify that 'DOMAIN_NAME\USER_NAME' has administrator rights or use local 'Administrator' account that is enabled on the target machine. - Verify that 'DOMAIN_NAME\USER_NAME' password is not blank. - Verify that you can remotely log on to the workstation from the server. - Verify that from server machine you can access 'net use \\MACHINE_NAME.DOMAIN_NAME\IPC$' from the Command Prompt. - Change 'ESET Security Management Center Server' service credentials from 'Network Service' to user with domain administrator permissions temporarily for deployment. SSH remote deployment failed because CONNECTION CAN NOT BE ESTABLISHED to the target LINUX or MAC machine. *** Error details: connect: Connection refused - Verify that 'MACHINE_NAME.DOMAIN_NAME' is responding to 'ping'. - Verify that SSH daemon is enabled on the target machine and is running on the port 22. - Verify that firewall is not blocking SSH communication between server and the target machine. Agent deployment failed. Please go through the checklist above for specific platform (WINDOWS, LINUX or MAC) that is on the target machine. 2020-05-20 10:47:48 Error: CRemoteInstallModule [Thread 7fd1f7faf700]: Remote deployment failed on 1 targets I'm not sure what to make of it. Does it or does it not fail to create the installer service? If the service is created, does it fail to start it? UPD ESET Security Management Center (Server), Version 7.0 (7.0.471.0) ESET Security Management Center (Web Console), Version 7.0 (7.0.429.0) Edited May 20, 2020 by helis Link to comment Share on other sites More sharing options...
ESET Staff MartinK 384 Posted May 20, 2020 ESET Staff Share Posted May 20, 2020 Unfortunately from provided logs it is not clear what resulted in deployment failure, but it is clear that live installer was actually started, but it probably failed to download installers or installation itself failed. Remote deployment task works in a way that standard ESET Management Agent live installer is created and remotely executed on target machine, so my recommendation is to create such installer and verify it works on target machine when executed locally. It might help to diagnose this issue, especially in case deployment to larger network is planed. Also using Remote Deployment Tool in combination with All-in-one (offline) installer might be a solution, especially in case live installer fails on installer download from ESET repository servers (http://repository.eset.com) Link to comment Share on other sites More sharing options...
helis 0 Posted May 21, 2020 Author Share Posted May 21, 2020 (edited) I did try to install the agent locally with the bat file, and yes it is installed just fine. The only issue is, it didn't want to install until I rebooted the target machine. I assume it has something to do with the previous failed deployment attempt? Anyway, how does this information help me? Meanwhile, I tried deploying the agent on another Win10 machine, with the same result as in the first post. All-in-one installer, deployed or no, isn't the best way in my case because quite a few machines in the network have old versions of AV software (Endpoint 5 or 6 or even Nod 32 in some cases). Practice showed that the only ways to reliably remove those are either using the ESET removal tool (or whatever it's called, the name escapes me) but it requires booting in safe mode which is NOT an option for me, or by installing just the agent and removing the old AV via ERA. If you just manually uninstall it via standard Windows way, the new all-in-one installer almost invariably fails (saying "this might be caused by malware activity"). If you remove the old AV through the agent, everything works fine. This is a whole another matter and I honestly have no desire to investigate and fix it, unless I absolutely have to. I'd rather just go ahead and install the agent manually on every single machine (a couple hundred of those), it probably would take less time. I would consider the remote deployment tool is there was a way to deploy the agent alone. UPD Wait, I've only now figured out that all-in-one installer can be agent-only. Strange to all it "all-in-one" in such case if you ask me, but ok. I'll test the Deployment Tool then and let you know of the results. Edited May 21, 2020 by helis Link to comment Share on other sites More sharing options...
helis 0 Posted May 21, 2020 Author Share Posted May 21, 2020 (edited) Okay, this is not getting less weird at all. I tried deploying the agent with Deployment tool to four machines, all in the domain. For the first two it worked, but for the second two it reported "Success" but looks like the installation was incomplete? The folder is there in "Program Files", but there's no entry in installed software list and the machines don't appear in the ERA. What does that mean? Edited May 21, 2020 by helis Link to comment Share on other sites More sharing options...
Recommended Posts