Jump to content

The client changed the IP of the ESET server and lost the connection of 2800 computers


Recommended Posts

The client made an arbitrary IP change without changing the routing of the agents and now cannot return the old IP.
Is it possible to carry out a solution that allows the change of the IP in the agents in a massive way?
It should be noted that the agents were password protected and when performing a GPO installation the addressing does not change, apparently for this reason.
How can I help this client?

Link to comment
Share on other sites

  • Administrators

I assume the agent was set up to connect to an IP address instead of hostname. If it's not possible to change the IP address back and then continue as per https://help.eset.com/protect_install/90/en-US/migrated_database_same_ip.html, then the only way to re-establish connection will be by re-deploying the agent using the new server address and certificates.

Link to comment
Share on other sites

According to the client it is not possible to return to the previous IP. It is a public health entity and they are blind and at risk, any way to install the agent massively with the new connection data?

Link to comment
Share on other sites

When trying any remote installation task it fails, as I mentioned above, this is possibly because the agent is password protected:

image.thumb.png.724b2473671d5efa18c2c8fe682e7727.png

Could I send the installer with this password somehow?

Link to comment
Share on other sites

in my testing, it appears that if you are already on the latest version of the agent that you cannot do install over the top and the task will fail if deploying. If you run locally with agent .exe file locally it will give error "Latest version is already installed". I don't remember this with previous versions like with 8.x but maybe something has changed. The only option appears to run script to remove orphaned agents and then do fresh deploy. 

agent_latest_version_installed_mes.PNG

Link to comment
Share on other sites

  • Administrators

It's possible to repair agent locally and change settings so if you re-deploy it via GPO, ESET Remote deployment tool, etc. using the live agent installer with new server settings, it should work.

image.png

image.png

Link to comment
Share on other sites

  • ESET Staff
6 hours ago, Mauricio Osorio said:

Could I send the installer with this password somehow?

In case you are using GPO deployment method, i.e. distribution AGENT installer with configuration in install_config.ini file, simplest would be to modify install_config.ini by adding PASSWORD=... as visible in referenced KB6745. I guess you already modified this configuration file with new IP address or hostname.

Also note that if AGENTs are configured to connect IP address or new hostname, certificate of ESEET PROTECT Server service has to be adapted for this if it was not previously (especially in case certificate is not using wildcard host which is not default). Otherwise AGENTs will be rejecting connection as they will consider it as an unsecure. IF this is the case, you will have to follow one of the migration scenarios - most probably this one: https://help.eset.com/protect_install/80/en-US/?migrated_database_same_ip.html. In the most optimistic scenario, creation and application of new ESET PROTECT Server certificate with proper configuration should resolve this - especially in case the same certificate authority will be used to create new certificate.

Link to comment
Share on other sites

Create a "Deploy Agent first (Agent script installer)" - under Agent Configuration select the working agent policy that uses the correct EP Certificate and IP / Hostname (preferred for such scenario) and using GPO deploy the .bat to your endpoint - this script will uninstall and then reinstall the agent.

Link to comment
Share on other sites

On 1/18/2023 at 4:34 PM, MartinK said:

In case you are using GPO deployment method, i.e. distribution AGENT installer with configuration in install_config.ini file, simplest would be to modify install_config.ini by adding PASSWORD=... as visible in referenced KB6745. I guess you already modified this configuration file with new IP address or hostname.

Also note that if AGENTs are configured to connect IP address or new hostname, certificate of ESEET PROTECT Server service has to be adapted for this if it was not previously (especially in case certificate is not using wildcard host which is not default). Otherwise AGENTs will be rejecting connection as they will consider it as an unsecure. IF this is the case, you will have to follow one of the migration scenarios - most probably this one: https://help.eset.com/protect_install/80/en-US/?migrated_database_same_ip.html. In the most optimistic scenario, creation and application of new ESET PROTECT Server certificate with proper configuration should resolve this - especially in case the same certificate authority will be used to create new certificate.

We are trying to implement the solution you give us. I will be informing you of the result.

Thanks.

BTW: local support says there is no solution other than manual deployment.

Link to comment
Share on other sites

  • 2 weeks later...

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...