ESET Protect: Last Connected shows over 2 months old

[Michael Carter 0]

Hello. We have an ESET Protect 9.x server and about 500 clients.

Support has noticed that the latest Last Connected value is from January of this year, which is not correct. When I looked for my machine, which is connected and running, it too has January 10 as last connected. The only activity I see on that date was updating the TLS certificate and rebooting it. I've also restarted the appliance today.

I then tried to issue a Reboot task from ESET, and it never made it to my machine. I rebooted manually and ESET 10.0 was started and shows "You are protected" and "Modules are up to date."

However, the ESET Protect server still shows last connect Jan 10. Additionally, there are 239 Tasks in the task list and last executed date is not newer than Sep 2022! 

Any idea why the ESET Protect server does not appear to be connecting with any clients? What would be a good place to start troubleshooting?

Thanks.

[Marcos 5,092]

Please check C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html  and trace.log for possible errors. If you can't figure out the reason for your machine not connecting to the ESET PROTECT server, please post the logs here (attachments can be accessed only by ESET staff).

[Michael Carter 0]

Thanks. It appears to be some sort of certificate and replication error, although only the replication error is in status.html.

I renewed our standard SSL certs in January and applied it through the GUI and installed it into /etc/tomcat, making sure that server.xml was updated with the proper name/path. In the status.html I'm seeing a replication error:

Quote

 

ERROR: InitializeConnection: Initiating replication connection to 'host: "127.0.0.1" port: 2222' failed with: Request: Era.Common.Services.Replication.CheckReplicationConsistencyRequest on connection: host: "127.0.0.1" port: 2222 with proxy set as: Proxy: Connection: :3128, Credentials: Name: , Password: ******, Enabled:0, EnabledFallback:1, failed with error code: 14, error message: Connect Failed, and error details: . Request Id: c817fed2-9e33-4050-8fdc-f012adee8b88 

Replication details: [Task: CReplicationConsistencyTask, Scenario: Automatic replication (REGULAR), Connection: 127.0.0.1:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: a75d0eb3-7d7f-11ec-9dd5-ae71fa0f4bab, Sent logs: 0, Cached static objects: 0, Cached static object groups: 0, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0]

All replication attempts: 1

 

In trace.log I'm seeing a CAgentSecurityModule error in addition to the replication error: 

Quote

2023-03-15 17:47:23 Error: CAgentSecurityModule [Thread 7f4496a3d700]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (*.ourdomain.com,ourdomain.com).

ESET does support wildcard certs, yes?

eset_logs.zip