skello 0 Posted February 14, 2022 Share Posted February 14, 2022 (edited) Two EI agents in one location, I have one agent that is communicating correctly and another agent that is displaying "Missing or invalid SSL certificate or certificate authority" they are in the same network, same everything. I used the same installer yet this error will not go away. Anyone have any suggestions on next steps? I've tried re-creating the SSL but no luck. Both used same method of installation from ESMC Protect console. Excerpt from logs on agent with no errors: 2022-02-14 10:43:39 00290 Info: Events sent successfully to ***.*******.****.com:8093. Server responded with 200 status code in 0s054ms. 2022-02-14 10:44:19 00e3c Info: Received (Agent.ServerAddress:***.*******.****.com) from ESMC 2022-02-14 10:44:19 00e3c Info: Received (Agent.ServerDataPort:8093) from ESMC 2022-02-14 10:44:19 00e3c Error: Failed creating certificate authority file: *.***.*******.com 2022-02-14 10:44:19 00e3c Info: Unable to apply part of configuration policy 2022-02-14 10:44:19 01d50 Info: Enabled additional hashes for: SHA2_256 2022-02-14 10:44:19 01c84 Error: Error while sending control request to server at "***.*******.****.com:8093". read: A blocking operation was interrupted by a call to WSACancelBlockingCall [system:10004] 2022-02-14 10:50:34 01278 Info: Events Statistics, From:, 2022-02-14 10:43:34, To:, 2022-02-14 10:50:33, Duration (s):, 419, Events Per Second:, 5.578, Events:, 2337, File:, 190, Registry:, 512, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 310, Injections:, 0, Dll:, 58, Traffic:, 0, Info:, 1, Metadata:, 63, Livegrid:, 63, OriginUrl:, 0, Alarms:, 0, UserActivity:, 738, Wmi:, 388, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 14, TrafficSize:, 0, TrafficInterval:, 0, Executions:, 0, Subprocesses:, 0, Connections:, 0, Batch Size (bytes):, 153907 2022-02-14 10:50:35 00290 Info: Events sent successfully to ***.*******.****.com:8093. Server responded with 200 status code in 0s056ms. Excerpt from logs on agent with errors: 2022-02-14 12:58:34 01130 Info: EI and Endpoint integration has been successfully enabled 2022-02-14 12:58:35 01310 Info: Received (Agent.ServerAddress:***.*******.****.com) from ESMC 2022-02-14 12:58:35 01310 Info: Received (Agent.ServerDataPort:8093) from ESMC 2022-02-14 12:58:35 01310 Error: Failed creating certificate authority file: *.***.*******.com 2022-02-14 12:58:35 01310 Info: Unable to apply part of configuration policy 2022-02-14 12:58:35 01130 Info: Certification authorities found in CA store: 2022-02-14 12:58:35 0123c Info: Enabled additional hashes for: SHA2_256 2022-02-14 12:58:35 01130 Info: EIAgentSvc has started 2022-02-14 12:58:35 01b88 Error: Error while sending control request to server at "***.*******.****.com:8093". certificate verify failed (SSL routines, tls_process_server_certificate) [asio.ssl:337047686] 2022-02-14 12:58:35 01bfc Error: Error while sending request to server at "***.*******.****.com:8093". certificate verify failed (SSL routines, tls_process_server_certificate) Edited February 15, 2022 by skello Link to comment Share on other sites More sharing options...
ESET Staff Adam Luzsicza 2 Posted February 15, 2022 ESET Staff Share Posted February 15, 2022 Hi Skello, I will ask our Enterprise Inspector specialist to investigate this further. Just to confirm - you currently have 2 EI servers connected to 1 ESMC/PROTECT server but one of the EI servers is giving you the error as described above, correct? Link to comment Share on other sites More sharing options...
skello 0 Posted February 15, 2022 Author Share Posted February 15, 2022 1 hour ago, Adam Luzsicza said: Hi Skello, I will ask our Enterprise Inspector specialist to investigate this further. Just to confirm - you currently have 2 EI servers connected to 1 ESMC/PROTECT server but one of the EI servers is giving you the error as described above, correct? Ahhh I had a feeling that would be a bit confusing, I was going to change that. No, it's two agents connecting to 1 EEI server that are displaying this error. Link to comment Share on other sites More sharing options...
ESET Staff MatoB 1 Posted February 16, 2022 ESET Staff Share Posted February 16, 2022 Dear skello, I will write you a PM as I will need more data to analyze and check. Thank you Peter Randziak 1 Link to comment Share on other sites More sharing options...
ESET Staff MatoB 1 Posted March 3, 2022 ESET Staff Share Posted March 3, 2022 Dear skello, sent you few PMs, but did not receive any response. Just want to check what is the situation now. Thank you Link to comment Share on other sites More sharing options...
dr.nod32 0 Posted April 5, 2022 Share Posted April 5, 2022 Dear ESET Staff, Same issue here. One Protect Cloud console, I've run software install task to install ESET Inspect Connector, done efortless in few minutes on 20+ endpoints, have them in ESET Inspect Cloud console, but 4 endpoints have the error - Missing or invalid SSL certificate or certificate authority. Same task, same infrastructure, problematic clients are communicationg with ESET Protect Cloud console with no problems. Have tried to uninstall, reinstall, same problem. Best regards, Denis Link to comment Share on other sites More sharing options...
ESET Staff MatoB 1 Posted April 5, 2022 ESET Staff Share Posted April 5, 2022 1 hour ago, dr.nod32 said: Dear ESET Staff, Same issue here. One Protect Cloud console, I've run software install task to install ESET Inspect Connector, done efortless in few minutes on 20+ endpoints, have them in ESET Inspect Cloud console, but 4 endpoints have the error - Missing or invalid SSL certificate or certificate authority. Same task, same infrastructure, problematic clients are communicationg with ESET Protect Cloud console with no problems. Have tried to uninstall, reinstall, same problem. Best regards, Denis Dear Denis, It looks like the certificate was not created or assigned via policy. Can you please provide me with the complete ELC logs from all 4 affected machines (upload to ftp.nod.sk/support and send me the file names via PM)? Thank you. Link to comment Share on other sites More sharing options...
dr.nod32 0 Posted April 5, 2022 Share Posted April 5, 2022 Dear MatoB, Thanks for reply. I looked up for certificates and CA when I tried to run manual repair on ESET Inspect Connector on one of the affected machines, but couldn't find them in ESET Protect Cloud Console. The repair wizzard told me he can't connect to server for server assisted installation. Then I tried to examine .ini files from ESET Inspect Connector both on working and non working machine, they are the same. Log file says this: 2022-04-05 13:43:21 0182c Error: Error while sending request to server at "eu01.agent.edr.eset.systems:8093". certificate verify failed (SSL routines, tls_process_server_certificate) I also tried esetuninstaller and activationtroubleshooter, but it didn't help. I will send you ESET Log Collector log only from the machine I tried all of that because I can't access other ones remotely right now, and ESET Log Collector is to big to be pulled to EP Cloud Server. Thanks in advance! Best regard, Denis Link to comment Share on other sites More sharing options...
skello 0 Posted April 5, 2022 Author Share Posted April 5, 2022 On 3/3/2022 at 12:13 AM, MatoB said: Dear skello, sent you few PMs, but did not receive any response. Just want to check what is the situation now. Thank you Sorry for my lack of response on this topic or reply to your PM's Mato, have had a few projects spring up and unable to focus the time on this one. Will be circling back very soon as I this is going to be my next project to complete. Link to comment Share on other sites More sharing options...
BobbyHolcomb 0 Posted April 8, 2022 Share Posted April 8, 2022 Skello, let me know when you solve this issue. Please. Thanks in advance. Link to comment Share on other sites More sharing options...
skello 0 Posted April 15, 2022 Author Share Posted April 15, 2022 (edited) On 4/8/2022 at 3:32 AM, BobbyHolcomb said: Skello, let me know when you solve this issue. Please. Thanks in advance. Solved!! Not entirely sure what I did differently but I simply recreated a new policy, making sure to select EXACTLY the same settings that I did the 12 previous times. This time it just worked. It's possible that it's working because of the newest updated agent and this cleared some kind of cache? However I do notice on the agents that I have now installed with active working reports that they have a new folder for the cert. Edited April 15, 2022 by skello spelling Link to comment Share on other sites More sharing options...
BobbyHolcomb 0 Posted April 19, 2022 Share Posted April 19, 2022 Thanks Link to comment Share on other sites More sharing options...
Recommended Posts