Peer Certificate is Invalid after change Agent modification

[LesRMed 17]

I recently migrated from a local ESET install to ESET Cloud. Everything was fine, all the computers were being updated. I made a change to the agent to lock some of the settings. Now all of my computers are reporting that the Peer Certificate is Invalid. How can I remedy this?

[LesRMed 17]

I'm getting this on the clients:

 

[Marcos 4,716]

Based on the message I would say that the CA certificate is missing on the client. Create a new agent live installer in the ESET PROTECT console and re-deploy it on the client(s).

[LesRMed 17]

Is the "Agent Upgrade" task what I should use to re-deploy? I ask because I did that, but it's not running on the clients.

[Marcos 4,716]

If a client is no longer reporting to the ESET PROTECT server, running tasks from the console won't help. You must re-deploy the agent on affected clients, e.g. via GPO, manually or using the ESET Remote Deployment tool.

[LesRMed 17]

Geez! That makes for a lot of work on my part. Any idea what would have caused this? 

[MichalJ 430]

Can you please share the details about how you have migrated from the on premise to cloud? Root cause might be within the migration procedure. Also, did it stop working at the moment of migration, or it was working OK, and afterwards something got broken? My idea would be, that you somehow applied the cert from the on premise server, to your EPC connected agents, so the EPC server will not let them in. But that is just my assumption. 

[LesRMed 17]

I did the migration by following this article:  https://help.eset.com/protect_cloud/en-US/?cloud_migration.html

Everything went fine with the migration for all the local endpoints. I spent the weekend remoting into PC's that are external to our network to manually install the new version. Everything was running fine. I did an edit on the agent to lock the policies (see below) so they couldn't be changed on the workstations. Within seconds, every endpoint that was turned on went red with the Peer Certificate error. As far as I can tell, there is no way to edit or change a certificate anywhere in the agent. Since there is no certificate listed anywhere (and there's only one ESET Management Agent shown), I'm really confused and upset that this simple change created this huge problem. 

[LesRMed 17]

@MichalJ Is there a way to change the certificate on the "cloud server" to match what's on all these clients?

Edited February 10, 2021 by LesRMed

[MichalJ 430]

Unfortunately no as that would represent a significant security risk. 

[LesRMed 17]

So basically, I get to do a manual agent install on all my workstations. Not cool!!

[MartinK 375]

Is there any chance you imported configuration policy for ESET Management Agent from your original on-premise ESET PROTECT to cloud instance? That might be source of this issue, especially in case this imported policy had contained your certificates.

[LesRMed 17]

I did what the instructions told me to do (see below). And since that's the only Management Agent in my cloud console, that's the one I modified. Nowhere in it does it reference any certificates.