Upgrading to 10.1 PROTECT from 9.0

[ewong 8]

Hi,

Having realized that I'm a bit out of date, I went and tried to upgrade my Linux-based PROTECT installation.  Unfortunately, I couldn't upgrade it via Component Upgrade as the Trigger couldn't even find the PROTECT server (which kinda makes me wonder if my whole setup was bad in the get go).  So I opted to manually upgrade the setup. [This is on a CentOS 7.9 system, which is still supported.]

I followed the Upgrade/migration site and was going to Login to the webconsole, which I couldn't due to a login error.

I followed the instructions to reset the password; but that didn't help.   I took a look at the /var/log/eset/RemoteAdministrator/Server/trace.log and I noticed that I've got errors.   And the ERAServer service wasn't even up.  It would try to start; but would invariably fail.

Here's a snippet:

2023-09-14 09:06:44 Error: NetworkModule [Thread 7fbc483d4700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:192.168.1.48, ResolvedHostname:<esmc server>, ResolvedPort:54385
2023-09-14 09:06:44 Error: NetworkModule [Thread 7fbc483d4700]: Protocol failure for session id 8, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc48bd5700]: Verify user failed for all computers: <system1>: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, certificate: [Subject='CN=Agent at *, C=US', Issuer='CN=Server Certification Authority, C=US', NotBefore=2021-Mar-31 16:00:00, NotAfter:2031-Mar-29 16:00:00, Serial=01109d5b79c4ab44b9bcf2b04e4f20f78801, SHA256=dcab9e658a599580a536c19ba0994a13329c3fe69f5a2d447ef8bb09aaa78ad3, SubjectKeyIdentifier=f0faf641b6eb98db2b08891ae97cd6d013e9a3aa, AuthorityKeyIdentifier=73a236ece5a28a2422db74f18398adb362405238],192.168.1.50: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, certificate: [Subject='CN=Agent at *, C=US', Issuer='CN=Server Certification Authority, C=US', NotBefore=2021-Mar-31 16:00:00, NotAfter:2031-Mar-29 16:00:00, Serial=01109d5b79c4ab44b9bcf2b04e4f20f78801, SHA256=dcab9e658a599580a536c19ba0994a13329c3fe69f5a2d447ef8bb09aaa78ad3, SubjectKeyIdentifier=f0faf641b6eb98db2b08891ae97cd6d013e9a3aa, AuthorityKeyIdentifier=73a236ece5a28a2422db74f18398adb362405238]
2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc48bd5700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:192.168.1.50, ResolvedHostname:<system1>, ResolvedPort:50003
2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc48bd5700]: Protocol failure for session id 12, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc483d4700]: Verify user failed for all computers: billy.kdtc.local: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, certificate: [Subject='CN=Agent at *, C=US', Issuer='CN=Server Certification Authority, C=US', NotBefore=2021-Mar-31 16:00:00, NotAfter:2031-Mar-29 16:00:00, Serial=01109d5b79c4ab44b9bcf2b04e4f20f78801, SHA256=dcab9e658a599580a536c19ba0994a13329c3fe69f5a2d447ef8bb09aaa78ad3, SubjectKeyIdentifier=f0faf641b6eb98db2b08891ae97cd6d013e9a3aa, AuthorityKeyIdentifier=73a236ece5a28a2422db74f18398adb362405238],192.168.1.50: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, certificate: [Subject='CN=Agent at *, C=US', Issuer='CN=Server Certification Authority, C=US', NotBefore=2021-Mar-31 16:00:00, NotAfter:2031-Mar-29 16:00:00, Serial=01109d5b79c4ab44b9bcf2b04e4f20f78801, SHA256=dcab9e658a599580a536c19ba0994a13329c3fe69f5a2d447ef8bb09aaa78ad3, SubjectKeyIdentifier=f0faf641b6eb98db2b08891ae97cd6d013e9a3aa, AuthorityKeyIdentifier=73a236ece5a28a2422db74f18398adb362405238]
2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc483d4700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:192.168.1.50, ResolvedHostname:<system1>, ResolvedPort:50004
2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc483d4700]: Protocol failure for session id 13, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.
2023-09-14 09:06:59 Error: NetworkModule [Thread 7fbc48bd5700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:192.168.1.48, ResolvedHostname:<esmc server>, ResolvedPort:54435
2023-09-14 09:06:59 Error: NetworkModule [Thread 7fbc48bd5700]: Protocol failure for session id 17, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations.

 

Now I feel that's just a bad communications between the server and a workstation.  So I took a look more and waited for the server to start up again and came across the following:

2023-09-14 09:11:07 Information: Kernel [Thread 7f8d07fc4740]: Starting of modules took 1988 milliseconds
2023-09-14 09:11:07 Information: Kernel [Thread 7f8d07fc4740]: Used memory after modules start-up is 110792 KB
2023-09-14 09:11:07 Error: CDataMinersModule [Thread 7f8ce7f67700]: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, online verification: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain
2023-09-14 09:11:08 Error: CDataMinersModule [Thread 7f8ce7f67700]: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, online verification: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain
2023-09-14 09:11:08 Error: CDataMinersModule [Thread 7f8ce7f67700]: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, online verification: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain
2023-09-14 09:11:08 Error: CDataMinersModule [Thread 7f8ce7f67700]: CThreatAnalysesDataMiner: EdtdWorldwideUsage: Connection to r.edtd.eset.com failed with: Failed to connect to URI: /v1/ping. Code: 214, Reason: NodSSL error occurred in completeHandshake.RecvEncryptedData (Certificate verification did not pass).
        Local: 192.168.1.48:40746
        Peer: 137.117.138.135:443
        TLS protocol:
                SSL: KeyUsage: 0xA0, PubKeyType: 6
                SSL: AlgKeyX: ECDHE, KeyUsageReq: 0x80
                SSL: fatal:certificate unknown (write)
                SSL: error:1416F086:lib(20):func(367):reason(134) (ERR)

 

I've no idea what's going on but it can't be good.  Can someone point out whether it is fixable or whether I should just kill the whole system and start anew?  Now I don't mind junking this whole setup again(though I would rather not).   I don't think I've ever had a good experience with upgrading major versions.  I would always had to junk the setup, go to each workstation and use that ESETUninstaller to delete all traces of everything,  and then install the ESET PROTECT/ESMC server and start using group policy to distribute the chores.

Any help appreciated

Ed

 

Edited September 14, 2023 by ewong
added system info.

[ewong 8]

After much wrangling, I can log on but only for a minute or so before the ERA Server chokes and I'm brought back to the login screen. 

I've raised a support ticket, though I'm thinking of just junking this whole system and starting anew.  I'm finding that even if I do log in, it's a little sluggish, so I guess my CentOS system is no longer a viable platform as it's a dual core system w/ 4GB ram.   ESMC was pretty ok.   ESET Protect is a little sluggish on it.  

Ed