Security Management Center not updating the modules & last connected status of computers

[BlackPanther 0]

Hi All,

Can anyone help me out i have a domain environment and eset endpoint  installed on all computers  and i am managing all of it through Eset SMC(Security Management Center). the issue i am facing is currently right now is that the status of computers are not updating in SMC.

[Marcos 3,983]

Please check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html and trace.log for possible errors on one of the troublesome clients.

[BlackPanther 0]

Hi - Marcos,

Thanks for the reply attached is the log report.

[BlackPanther 0]

Here is the log file.

2020-10-08 05:34:41 Error: CAgentSecurityModule [Thread 43c]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (eset.abc.local)

2020-10-08 05:34:41 Error: AuthenticationModule [Thread 1ea4]: DeviceEnrollmentCommand execution failed with: Request: Era.Common.Services.Authentication. RPCEnrollmentRequest on connection: host: "x.y,z" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details:

2020-10-08 05:34:41 Warning: CReplicationModule [Thread 139c]: GetAuthenticationSessionToken: Received failure status response: TEMPORARILY_UNAVAILABLE (Error description: session token temporarily unavailable, device is not enrolled yet)

2020-10-08 05:34:41 Error: CReplicationModule [Thread 139c]: InitializeConnection: Initiating replication connection to 'host: " x.y,z " port: 2222' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time

[Marcos 3,983]

Please check certificate details:

Hostname does not match any supported record in certificate SubjectAltName extension (eset.abc.local)

I  assume that you entered eset.abc.local as the host and this hostname is not accessible from the client. You can create a new agent certificate with an asterisk in the host field and reinstall agent (manually via a server-assisted installation or by exporting a new agent live installer):

[BlackPanther 0]

still no luck with this also.

[Marcos 3,983]

Please post the current status.html from the client to see what has changed.

[BlackPanther 0]

PFA

[Marcos 3,983]

Peer certificate may be valid but cannot be verified on this machine.

Have you recently changed the CA certificate? Does any of the machines still report to the ESMC alright? If no machine is able to connect, I'd recommend:
1, generating new peer certificates
2, generating a fresh live agent installers and deploying it on the clients (you can install agent manually on one machine and use server-assisted installation to see if the issue goes away then)

[MartinK 358]

In this case, most relevant error seems to be the last one:

Quote

Hostname does not match any supported record in certificate SubjectAltName

which is reaso why AGENT is rejecting SERVER's certificate. Problem is that AGENT is trying to connect to hostname that is not "signed" in SERVER's certificate.

Other errors indicate also that there is missing CA certificate for AGENT's certificate itself, but that is not fatal problem.

Solution would be to create new ESMC peer certificate, that signs all used hostnames/IP addresses, and is signed by CA certificate trusted by AGENTs. Once properly set in ESMC's configuration, AGENTs should start to connect.

Edited October 12, 2020 by MartinK

[BlackPanther 0]

Thanks Marcos and MartinK issue has been resolved.