D'Avila Paolo 0 Posted October 12, 2020 Share Posted October 12, 2020 Hello, we have almost 100 computer handle by our Eset security management center that have the "last connected time" stuck at 24 august 2020 or before. Seems like all of these hosts can't connect anymore to our server. I remember that in august our Certificate expired but we've renew it. Moreover in the security management center seems everything ok. I don't see any alert about certificates. I attach the log files i've found at this path in one of these computers. C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\Trace.log C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\Status.html TraceLogFile.txt Link to comment Share on other sites More sharing options...
Administrators Solution Marcos 5,259 Posted October 12, 2020 Administrators Solution Share Posted October 12, 2020 After replacing the CA certificate did you generate new peer agent and server certificates? Afterwards you will need to re-deploy agent, e.g. by creating a new live agent installer (to ensure it contains the current CA and peer cert.) and deploying it to clients, or you can run the agent installer manually and use a server-assisted installation to get current certificates from the ESMC server. Next time it'd be better to replace certificates while the former ones are still valid to avoid agent re-deployment. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted October 12, 2020 ESET Staff Share Posted October 12, 2020 Problem is with ESMC Server's peer certificate. It is not meeting one of requirement for CommonName field and thus validation is failing with error: Certificate common name contains ambiguous or no product string. As this should not be possible when creating certificates in ESMC console, I guess custom made certificates are used? Regardless of that, it is required that CommonName (CN) field of ESMC Server's peer certificate contains word "server", and that it does not contain word "agent" or "proxy". From logs it is not clear whether "server" is missing or other words are present -> solution in this case is to create new certificate that meet this criteria and start using it via ESMC's settings. In case there will be no other issues, AGENT should start connecting immediately - but be aware that new certificate has to be signed with the came CA certificate as those that worked before August changes, especially in case CA certificate is not distributed in ESMC not in operating systems directly. The same applies also for AGENT's certificates, where only works "agent" has to be present, and not "server" on "proxy". Link to comment Share on other sites More sharing options...
D'Avila Paolo 0 Posted October 14, 2020 Author Share Posted October 14, 2020 Thanks Marcos. It worked. Link to comment Share on other sites More sharing options...
Recommended Posts