ESET Management Agent not connecting following automatic upgrade to vers 10.1.1288.0

[CraigF 0]

We're an MSP running our own ESET PROTECT server to manage our clients' ESET endpoints. We have 3 server devices that had their ESET Management Agents automatically attempt an upgrade from vers 10.0.1126.0 to 10.1.1288.0 during August. From the update log (attached) it appears the update completed ok but required a restart to finalise the install. The agent ceased reporting to the server after the update. I have tried restarting one of the servers to complete the update however it still isn't connecting to the ESET PROTECT server. The servers are running Windows Server 2012 R2. We have a client server with similar symptoms - it's running Windows Server 2016.

From C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html the issue appears to be with the Peer Certificate:

Error: ParsePfxCertificate: PFXImportCertStore failed with An error occurred during encode or decode operation. Error code: 0x80092002 Check that correct peer certificate format (PFX/PKCS12) is used in the configuration Check that correct peer certificate password was set in the configuration

Trace log has this infotmation reported each minute:

2023-09-05 01:29:26 Warning: AuthenticationModule [Thread 11f8]: EntityAuthenticationCommand execution failed with: [Failed to create credentials for communication], falling back to legacy implementation
2023-09-05 01:29:26 Error: AuthenticationModule [Thread 11f8]: EntityAuthenticationCommand execution failed with: Failed to create credentials for communication
2023-09-05 01:29:26 Error: CReplicationModule [Thread a38]: InitializeConnection: Replication connection problem: GetAuthenticationSessionToken: Received failure status response: AUTHENTICATION_FAILED (Error description: unable to authenticate entity)
2023-09-05 01:29:26 Warning: CReplicationModule [Thread a38]: InitializeConnection: Not possible to establish any connection (Attempts: 1) [RequestId: de96af0c-b777-4106-912a-0172678de3ed]
2023-09-05 01:29:26 Error: CReplicationModule [Thread a38]: InitializeFailOverScenario: Skipping fail-over scenario (stored replication link is the same as current) [RequestId: de96af0c-b777-4106-912a-0172678de3ed]
2023-09-05 01:29:26 Error: CReplicationModule [Thread a38]: CAgentReplicationManager: Replication finished unsuccessfully with message: Replication connection problem: GetAuthenticationSessionToken: Received failure status response: AUTHENTICATION_FAILED (Error description: unable to authenticate entity), Task: CStaticObjectMetadataTask, Scenario: Automatic replication (REGULAR), Connection: era.intense.com.au:2222, Connection established: false, Replication inconsistency detected: false, Server busy state detected: false, Realm change detected: false, Realm uuid: 24961e07-3654-49d5-a4d3-f90d4578cb38, Sent logs: 0, Cached static objects: 118, Cached static object groups: 11, Static objects to save: 0, Static objects to delete: 0, Modified static objects: 0
 

We encountered a similar issue with a client's Windows Server 2016 device and have attempted uninstalling and re-installing the ESET Management Agent, but that has proved problematic (has been escalated to apac.technical@eset.com) so thought it worth exploring problem further here, before attempting manual agent install.

What steps do you recommend to resolve this issue?

 

ra-upgrade-agent_2023-08-16T07-37-25.log

[Marcos 5,074]

Please make sure to install the latest version of the management agent 10.1.1292.0.

[Marcos 5,074]

As long as agent replicates to the ESET PROTECT server, the version of agent has no effect on policies. We assume that the Configuration Engine module updated as well which caused the policy with firewall rules to apply on clients.

[CraigF 0]

Hi Marcos, thanks for your prompt response.

As you suggested, I created a standalone ESET Management Agent installer from our EST PROTECT server and ran this on each of the servers, and that resolved the issue.