Jump to content

ESET "last connected time" stuck to the same date for all hosts


Go to solution Solved by Marcos,

Recommended Posts

Hello,

we have almost 100 computer handle by our Eset security management center that have the "last connected time" stuck at 24 august 2020 or before. Seems like all of these hosts can't connect anymore to our server.

I remember that in august our Certificate expired but we've renew it.

Moreover in the security management center seems everything ok. I don't see any alert about certificates.

I attach the log files i've found at this path in one of these computers.

C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\Trace.log
C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\Status.html

 

LastConnected.png

Status.png

TraceLogFile.txt

Link to post
Share on other sites
  • Administrators
  • Solution

After replacing the CA certificate did you generate new peer agent and server certificates? Afterwards you will need to re-deploy agent, e.g. by creating a new live agent installer (to ensure it contains the current CA and peer cert.) and deploying it to clients, or you can run the agent installer manually and use a server-assisted installation to get current certificates from the ESMC server. Next time it'd be better to replace certificates while the former ones are still valid to avoid agent re-deployment.

Link to post
Share on other sites
  • Marcos locked and unlocked this topic
  • ESET Staff

Problem is with ESMC Server's peer certificate. It is not meeting one of requirement for CommonName field and thus validation is failing with error: Certificate common name contains ambiguous or no product string. As this should not be possible when creating certificates in ESMC console, I guess custom made certificates are used?

Regardless of that, it is required that CommonName (CN) field of ESMC Server's peer certificate contains word "server", and that it does not contain word "agent" or "proxy". From logs it is not clear whether "server" is missing or other words are present -> solution in this case is to create new certificate that meet this criteria and start using it via ESMC's settings. In case there will be no other issues, AGENT should start connecting immediately - but be aware that new certificate has to be signed with the came CA certificate as those that worked before August changes, especially in case CA certificate is not distributed in ESMC not in operating systems directly.

The same applies also for AGENT's certificates, where only works "agent" has to be present, and not "server" on "proxy".

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...