Arekn 0 Posted November 15, 2021 Posted November 15, 2021 Our server with ESET PROTECT has crashed and we weren't able to recover it. Unfortunately we didn't have certificates backed up. We have setup a new server but obviously agents aren't connecting. Is there a way to change certificates on all agents without walking up to each computer individually and going through the installer steps? Is it in a file somewhere that we could change with Powershell?
Administrators Marcos 5,468 Posted November 15, 2021 Administrators Posted November 15, 2021 You'll need to generate a new live Agent installer and re-deploy it on clients.
Arekn 0 Posted November 15, 2021 Author Posted November 15, 2021 8 minutes ago, Marcos said: You'll need to generate a new live Agent installer and re-deploy it on clients. Generating an Agent Live installer generates a .bat file. What should we do with it? Can we not just deploy an .msi through GPO instead?
ESET Staff MartinK 384 Posted November 15, 2021 ESET Staff Posted November 15, 2021 In order to recover connectivity of already installed clients, it would require you to restore ESET PROTECT certificate and respective CA certificate - where both of them are store in PROTECT's database - so it depends on what means "crashed" . Alternative, but more complicated solution is to re-deploy or use installation repair of AGENTs with new parameters, i.e. reinstall or modify existing AGENTs with newly created certificates. For this purpose, any deployment method can be used, so also GPO "script", etc.
Arekn 0 Posted November 15, 2021 Author Posted November 15, 2021 20 minutes ago, MartinK said: In order to recover connectivity of already installed clients, it would require you to restore ESET PROTECT certificate and respective CA certificate - where both of them are store in PROTECT's database - so it depends on what means "crashed" . RAID where our instance of ESET PROTECT was is unrecoverable. Anyway, it seems I have found a .bat file that I exported from the server before it crashed. Does it contain the certificates? Is it possible to restore the connection without reinstalling the agents if I have this file?
ESET Staff MartinK 384 Posted November 16, 2021 ESET Staff Posted November 16, 2021 On 11/15/2021 at 3:05 PM, Arekn said: RAID where our instance of ESET PROTECT was is unrecoverable. Anyway, it seems I have found a .bat file that I exported from the server before it crashed. Does it contain the certificates? Is it possible to restore the connection without reinstalling the agents if I have this file? Unfortunately that is not enough as installers do contain only CA certificate and certificate for AGENTs, but for restoring connectivity, it is crucial to get certificate for ESET PROTECT Server, which is much more "sensitive" and it is normally stored only in it's database, especially public part that is required in this case - in other words, this certificate can be recovered only from database or manual export. This is due to security reasons, as leak of such certificate would enable possible "attacker" to get hold of the managed devices...
Recommended Posts