Jump to content

ESET Agent Live installer not working


Go to solution Solved by Mr.Gains,

Recommended Posts

Console:  

CentOS7

ESET Management Agent 8.0.2216.0
ESET PROTECT Server 8.0.2216.0
ESET Rogue Detection Sensor 1.0.1079.0

 

Client:

Windows 2016

ESET File Security 7.3.12002.0, ESET Management Agent 8.0.2216.0

Errors: Error: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension

Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details:

 

The client data isn't showing in the console, so I tried the Agent live installer with no results. We've tried creating a new certificate, re-installing the all-in-one installer, and tried local, remote, and website deployment with no results. Both the client and the console can ping each other. What are the other possibilities or areas do I need to look at in resolving my issue? It seems this issue occurred after upgrading to ESET Protect from ESMC.

 

Thanks,

Link to comment
Share on other sites

The issue is with the server certificate being to strict/not matching the hostname used in the agent installer.

First check the server peer certificate which hostnames are allowed (listed in the column HOST).

If you want to allow additional hostnames/IPs you can create a new server certificate containing all allowed hostnames seperated by space, comma, or semicolon. Or you can leave the default (*) to allow all hostnames.

Afterwards you have to assign this new certificate in the server settings and restart the Virtual Appliance (or the eraserver-Service) for the change to take effect.

You can also perform a repair installation and change the hostname. Please be aware that the hostname has to match eaxctly.

Link to comment
Share on other sites

  • Solution
On 2/4/2021 at 8:04 AM, Rincewind said:

The issue is with the server certificate being to strict/not matching the hostname used in the agent installer.

First check the server peer certificate which hostnames are allowed (listed in the column HOST).

If you want to allow additional hostnames/IPs you can create a new server certificate containing all allowed hostnames seperated by space, comma, or semicolon. Or you can leave the default (*) to allow all hostnames.

Afterwards you have to assign this new certificate in the server settings and restart the Virtual Appliance (or the eraserver-Service) for the change to take effect.

You can also perform a repair installation and change the hostname. Please be aware that the hostname has to match eaxctly.

I appreciate the response. I ended up calling support, and we figured out the hostname in the certificate was the issue. The issue was for some reason is the hostname had to be change to work (hostname was correct initially), but we just opt to use the IP address instead for simplicity. There's too many variables to say what caused the issue since our environment has drastically changed within the last few months.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...