Missing or invalid SSL certificate or certificate authority

[skello 0]

Two EI agents in one location, I have one agent that is communicating correctly and another agent that is displaying "Missing or invalid SSL certificate or certificate authority" they are in the same network, same everything. I used the same installer yet this error will not go away. Anyone have any suggestions on next steps? I've tried re-creating the SSL but no luck. Both used same method of installation from ESMC Protect console.

Excerpt from logs on agent with no errors: 

2022-02-14 10:43:39 00290 Info: Events sent successfully to ***.*******.****.com:8093. Server responded with 200 status code in 0s054ms.
2022-02-14 10:44:19 00e3c Info: Received (Agent.ServerAddress:***.*******.****.com) from ESMC
2022-02-14 10:44:19 00e3c Info: Received (Agent.ServerDataPort:8093) from ESMC
2022-02-14 10:44:19 00e3c Error: Failed creating certificate authority file: *.***.*******.com
2022-02-14 10:44:19 00e3c Info: Unable to apply part of configuration policy
2022-02-14 10:44:19 01d50 Info: Enabled additional hashes for: SHA2_256
2022-02-14 10:44:19 01c84 Error: Error while sending control request to server at "***.*******.****.com:8093". read: A blocking operation was interrupted by a call to WSACancelBlockingCall [system:10004]
2022-02-14 10:50:34 01278 Info: Events Statistics, From:, 2022-02-14 10:43:34, To:, 2022-02-14 10:50:33, Duration (s):, 419, Events Per Second:, 5.578, Events:, 2337, File:, 190, Registry:, 512, TcpIp:, 0, Http:, 0, Dns:, 0, Process:, 310, Injections:, 0, Dll:, 58, Traffic:, 0, Info:, 1, Metadata:, 63, Livegrid:, 63, OriginUrl:, 0, Alarms:, 0, UserActivity:, 738, Wmi:, 388, Scripts:, 0, ExeDrops:, 0, OpenProcess:, 14, TrafficSize:, 0, TrafficInterval:, 0, Executions:, 0, Subprocesses:, 0, Connections:, 0, Batch Size (bytes):, 153907
2022-02-14 10:50:35 00290 Info: Events sent successfully to ***.*******.****.com:8093. Server responded with 200 status code in 0s056ms.

 

Excerpt from logs on agent with errors:

 

2022-02-14 12:58:34 01130 Info: EI and Endpoint integration has been successfully enabled
2022-02-14 12:58:35 01310 Info: Received (Agent.ServerAddress:***.*******.****.com) from ESMC
2022-02-14 12:58:35 01310 Info: Received (Agent.ServerDataPort:8093) from ESMC
2022-02-14 12:58:35 01310 Error: Failed creating certificate authority file: *.***.*******.com
2022-02-14 12:58:35 01310 Info: Unable to apply part of configuration policy
2022-02-14 12:58:35 01130 Info: Certification authorities found in CA store: 
2022-02-14 12:58:35 0123c Info: Enabled additional hashes for: SHA2_256
2022-02-14 12:58:35 01130 Info: EIAgentSvc has started
2022-02-14 12:58:35 01b88 Error: Error while sending control request to server at "***.*******.****.com:8093". certificate verify failed (SSL routines, tls_process_server_certificate) [asio.ssl:337047686]
2022-02-14 12:58:35 01bfc Error: Error while sending request to server at "***.*******.****.com:8093". certificate verify failed (SSL routines, tls_process_server_certificate)

 

 

 

Edited February 15, 2022 by skello

[Adam Luzsicza 2]

Hi Skello,

I will ask our Enterprise Inspector specialist to investigate this further. Just to confirm - you currently have 2 EI servers connected to 1 ESMC/PROTECT server but one of the EI servers is giving you the error as described above, correct?

[skello 0]

1 hour ago, Adam Luzsicza said:

Hi Skello,

I will ask our Enterprise Inspector specialist to investigate this further. Just to confirm - you currently have 2 EI servers connected to 1 ESMC/PROTECT server but one of the EI servers is giving you the error as described above, correct?

Ahhh I had a feeling that would be a bit confusing, I was going to change that. No, it's two agents connecting to 1 EEI server that are displaying this error.

[MatoB 1]

Dear skello,

I will write you a PM as I will need more data to analyze and check.

Thank you

 

[MatoB 1]

Dear skello,

sent you few PMs, but did not receive any response.

Just want to check what is the situation now.

Thank you

 

[dr.nod32 0]

Dear ESET Staff,

Same issue here. One Protect Cloud console, I've run software install task to install ESET Inspect Connector, done efortless in few minutes on 20+ endpoints, have them in ESET Inspect Cloud console, but 4 endpoints have the error - Missing or invalid SSL certificate or certificate authority. Same task, same infrastructure, problematic clients are communicationg with ESET Protect Cloud  console with no problems. Have tried to uninstall, reinstall, same problem.

Best regards,

Denis

[MatoB 1]

1 hour ago, dr.nod32 said:

Dear ESET Staff,

Same issue here. One Protect Cloud console, I've run software install task to install ESET Inspect Connector, done efortless in few minutes on 20+ endpoints, have them in ESET Inspect Cloud console, but 4 endpoints have the error - Missing or invalid SSL certificate or certificate authority. Same task, same infrastructure, problematic clients are communicationg with ESET Protect Cloud  console with no problems. Have tried to uninstall, reinstall, same problem.

Best regards,

Denis

Dear Denis,

It looks like the certificate was not created or assigned via policy. Can you please provide me with the complete ELC logs from all 4 affected machines (upload to ftp.nod.sk/support and send me the file names via PM)?

Thank you.

[dr.nod32 0]

Dear MatoB,

Thanks for reply. I looked up for certificates and CA when I tried to run manual repair on ESET Inspect Connector on one of the affected machines, but couldn't find them in ESET Protect Cloud Console. The repair wizzard told me he can't connect to server for server assisted installation. Then I tried to examine .ini files from ESET Inspect Connector both on working and non working machine, they are the same. Log file says this:

2022-04-05 13:43:21 0182c Error: Error while sending request to server at "eu01.agent.edr.eset.systems:8093". certificate verify failed (SSL routines, tls_process_server_certificate)

I also tried esetuninstaller and activationtroubleshooter, but it didn't help. I will send you ESET Log Collector log only from the machine I tried all of that because I can't access other ones remotely right now, and ESET Log Collector is to big to be pulled to EP Cloud Server. 

Thanks in advance!

Best regard,

Denis

[skello 0]

On 3/3/2022 at 12:13 AM, MatoB said:

Dear skello,

sent you few PMs, but did not receive any response.

Just want to check what is the situation now.

Thank you

 

Sorry for my lack of response on this topic or reply to your PM's Mato, have had a few projects spring up and unable to focus the time on this one. Will be circling back very soon as I this is going to be my next project to complete.

[BobbyHolcomb 0]

Skello, let me know when you solve this issue. Please. Thanks in advance.

[skello 0]

On 4/8/2022 at 3:32 AM, BobbyHolcomb said:

Skello, let me know when you solve this issue. Please. Thanks in advance.

Solved!!

Not entirely sure what I did differently but I simply recreated a new policy, making sure to select EXACTLY the same settings that I did the 12 previous times. This time it just worked. It's possible that it's working because of the newest updated agent and this cleared some kind of cache? However I do notice on the agents that I have now installed with active working reports that they  have a new folder for the cert. 

Edited April 15, 2022 by skello
spelling

[BobbyHolcomb 0]

Thanks