Jump to content

Recommended Posts

Posted

We've been getting notices that our peer certificates were going to expire soon (next week), so today I created a new server cert, and a new agent cert, in ESMC.

The server cert I assigned in server settings, rebooted the VM (windows PC), and that looks like it's working fine. Both used the built in ESET Cert authority, which is still valid for 5 years.

The certs are setup for hostname eset.mydomain.com, I also tried just leaving them as *, but neither worked.

For agent cert,  duplicated our existing agent policy, and setup the change of certificate there. The existing agent policy did not have a certificate specified at all, as clients got this info from the config.ini during installation, or it was just pushed to them from ESMC.

I then assigned this new policy to a couple of test machines. 

Each of them reports in one more time, and I can see they now are assigned the new cert in ESMC, however they are no longer reporting into ESMC.

I also tried creating an agent live installer, and installed agent from the batch file, but the agent is never able to connect.

In their agent logs, I see messages like:

2020-07-15 14:33:12 Error: AuthenticationModule [Thread 2ee8]: DeviceEnrollmentCommand execution failed with: Request: Era.Common.Services.Authentication.RPCEnrollmentRequest on connection: host: "eset.mydomain.com" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: 
2020-07-15 14:33:12 Warning: CReplicationModule [Thread 23bc]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet)
2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: InitializeConnection: Initiating replication connection to 'host: "eset.mydomain.com" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time
2020-07-15 14:33:12 Warning: CReplicationModule [Thread 23bc]: InitializeConnection: Not possible to establish any connection (Attempts: 1)
2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current)
2020-07-15 14:33:12 Error: CReplicationModule [Thread 23bc]: CAgentReplicationManager: Replication finished unsuccessfully with message: InitializeConnection: Initiating replication connection to 'host: "eset.mydomain.com" port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in timeReplication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (OUT_OF_ORDER), Connection: eset.mydomain.com:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 356af7a2-24c8-42d7-ac8e-061bb6fe9e5c, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]

 

I've tried rebooting the client machines, but it didn't help.

Any thoughts on what is going wrong?

  • Administrators
Posted

If you create a new agent live installer and install it on a troublesome client, will it start connecting to the ESMC server?

Posted

That didn't work with the cert that specified the server name, but it did work with the wildcard cert (just *)

I've since gone back and edited the policy to use the wildcard, and it seems to be working now.

Is there a known issue with using the hostname in the cert?

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...