DumitruSino 1 Posted May 10, 2021 Posted May 10, 2021 With LOCAL ESET SERVER I was installing Agents with following command and files: C:\it-tools\eset\Agent_x64.msi /q P_HOSTNAME=199.164.42.68 P_ENABLE_TELEMETRY=1 P_CERT_PATH=C:\it-tools\eset\certificate.txt P_CERT_AUTH_PATH=C:\it-tools\eset\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES /L*V "C:\it-tools\eset\logs.log agent_x64.msi ca.txt certificate.txt install_config.ini All worked really nice for all our 60 workstations. NOW I MIGRATED TO CLOUD and I use following: C:\it-tools\eset\Agent_x64.msi /q P_ENABLE_TELEMETRY=1 P_HOSTNAME={server name from install_config.ini from protect.eset.com} P_PORT=443 P_CERT_PATH=C:\it-tools\eset\certificate.txt P_CERT_AUTH_PATH=C:\it-tools\eset\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES /L*V "C:\it-tools\eset\logs.log" agent_x64.msi - new file downloaded from Configuration GPO/SCCM scrip from hxxp://protect.eset.com/ ca.txt - same old file certificate.txt - same old file install_config.ini - new file downloaded from Configuration GPO/SCCM scrip from hxxp://protect.eset.com/ I installed it multiple times, on different workstations. Here are the logs: Status log Scope Time Text Configuration 2021-May-08 23:01:00 Product configuration: Use of HTTP proxy for ESET services is disabled Use of HTTP proxy for replication is disabled Repository hostname is: AUTOSELECT Update server is set to: AUTOSELECT with "regular" update type Dynamic groups 2021-May-10 14:47:32 Device is not member of any dynamic group Last authentication 2021-May-10 17:04:58 Enrollment failed with error: Request: Era.Common.Services.Authentication.RPCEnrollmentRequest on connection: host: "*****************.a.ecaserver.eset.com" port: 443 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: Last replication 2021-May-10 17:04:52 ERROR: InitializeConnection: Initiating replication connection to 'host: "****************.eset.com" port: 443' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: ****************.a.ecaserver.eset.com:443, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 00000000-0000-0000-0000-000000000000, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] All replication attempts: 848 Peer certificate 2021-May-10 00:37:44 OK Agent peer certificate with subject 'C******************************************************************* Policies 2021-May-08 23:01:00 Device has no policies assigned Product 2021-May-08 23:00:58 Product install configuration: Product type: Agent Product version: 8.0.1238.0 Product locale: en_US Replication security 2021-May-10 17:04:58 OK Remote host: **************************.a.ecaserver.eset.com Remote product: Server Remote certificate: Subject='**************** ', NotBefore=2019-Sep-04 00:00:00, NotAfter:2021-Oct-03 12:00:00, ************************ Performance Indicator Value Up time 42:04:00 Memory private usage 25 MB Available physical memory 8792 MB Generated at 2021-May-10 17:04:58 (2021-May-10 12:04:58 local time) ANY HELP WOULD BE APPRECIATED! THANK YOU!
ESET Staff MartinK 384 Posted May 10, 2021 ESET Staff Posted May 10, 2021 Could you please provide standard trace.log from AGENT or possibly search it for more detailed connection errors? I do not see any obvious problem with deployment method you are using - in case no mistake was made during parameters processing, it should work. From provided status.html it is not clear why connection is failing, it might be network related, but also certificate related. As it seems that certificate of ESET PROTECT Cloud service has been accepted, it might be problem with AGENTs certificate -> in steps you mentions "same old file" next to certificates, but if it means that you are attempting to use the same certificates an you used with on-premise solution, that won't work -> devices managed by cloud service are assigned certificate generated by service itself, and that is only certificate that will enable your devices to connect. Also note, that there is even simpler deployment method: Download AGENT MSI file and install_config.ini (so called GPO installer) into the same folder Initiate silent installation of AGENT via msiexec command, but without product specific parameters (those P_***) Observe that installer properties are automatically loaded from install_config.ini, i.e. there is no need to copy them to command line MichalJ 1
DumitruSino 1 Posted May 10, 2021 Author Posted May 10, 2021 42 minutes ago, MartinK said: Could you please provide standard trace.log from AGENT or possibly search it for more detailed connection errors? I do not see any obvious problem with deployment method you are using - in case no mistake was made during parameters processing, it should work. From provided status.html it is not clear why connection is failing, it might be network related, but also certificate related. As it seems that certificate of ESET PROTECT Cloud service has been accepted, it might be problem with AGENTs certificate -> in steps you mentions "same old file" next to certificates, but if it means that you are attempting to use the same certificates an you used with on-premise solution, that won't work -> devices managed by cloud service are assigned certificate generated by service itself, and that is only certificate that will enable your devices to connect. Also note, that there is even simpler deployment method: Download AGENT MSI file and install_config.ini (so called GPO installer) into the same folder Initiate silent installation of AGENT via msiexec command, but without product specific parameters (those P_***) Observe that installer properties are automatically loaded from install_config.ini, i.e. there is no need to copy them to command line Installed using: C:\it-tools\eset\Agent_x64.msi /q P_CERT_PATH=C:\it-tools\eset\certificate.txt P_CERT_AUTH_PATH=C:\it-tools\eset\ca.txt P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES /L*V "C:\it-tools\eset\logs.log" Here is what I got: Last authentication 2021-May-10 19:32:28 Enrollment failed with error: Request: Era.Common.Services.Authentication.RPCEnrollmentRequest on connection: host: "xxxxxxxxxxxxxxxxxxxxxxxxxxxxx.eset.com" port: 443 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: Last replication 2021-May-10 19:32:28 ERROR: InitializeConnection: Initiating replication connection to 'host: "xxxxxxxxxxxxxxxxxxxxxxxxx.a.ecaserver.eset.com" port: 443' failed with: GetAuthenticationSessionToken: Failed to fetch device session token in time Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 2alxfromorhuzkixxiws7uwxzq.a.ecaserver.eset.com:443, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 00000000-0000-0000-0000-000000000000, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0] All replication attempts: 2 See trace log attached. trace.log
DumitruSino 1 Posted May 10, 2021 Author Posted May 10, 2021 55 minutes ago, MartinK said: Could you please provide standard trace.log from AGENT or possibly search it for more detailed connection errors? I do not see any obvious problem with deployment method you are using - in case no mistake was made during parameters processing, it should work. From provided status.html it is not clear why connection is failing, it might be network related, but also certificate related. As it seems that certificate of ESET PROTECT Cloud service has been accepted, it might be problem with AGENTs certificate -> in steps you mentions "same old file" next to certificates, but if it means that you are attempting to use the same certificates an you used with on-premise solution, that won't work -> devices managed by cloud service are assigned certificate generated by service itself, and that is only certificate that will enable your devices to connect. Also note, that there is even simpler deployment method: Download AGENT MSI file and install_config.ini (so called GPO installer) into the same folder Initiate silent installation of AGENT via msiexec command, but without product specific parameters (those P_***) Observe that installer properties are automatically loaded from install_config.ini, i.e. there is no need to copy them to command line Tried using: C:\it-tools\eset\Agent_x64.msi /q /L*V "C:\it-tools\eset\logs.log" and SUCCESS! Apparently the CERTIFICATE was the problem! Weird that I chatted with couple ESET Support guys, and nobody had this idea to remove the certificate. Last authentication 2021-May-10 19:43:35 Enrollment OK Last replication 2021-May-10 19:43:43 OK Last successful replication 2021-May-10 19:43:43 OK Successful replications: 3 All replication attempts: 3 Connection: xxxxxxxxxx.a.ecaserver.eset.com:443 Scenario: REGULAR Peer certificate 2021-May-10 19:41:03 OK Agent peer certificate with subject 'xxxxxxxxxxxxxxxxxxxxxministrator External CA' with serial number 'xxxxxxx4' is and will be valid in 30 days Policies 2021-May-10 19:41:03 Applied policies: Hidden: Agent defaults VNC Allow Disable Windows Updates Notifications Enable Secure Browser Product 2021-May-10 19:41:01 Product install configuration: Product type: Agent Product version: 8.0.1238.0 Product locale: en_US Thank you!
Recommended Posts