Most Valued Members ewong 8 Posted September 14, 2023 Most Valued Members Share Posted September 14, 2023 (edited) Hi, Having realized that I'm a bit out of date, I went and tried to upgrade my Linux-based PROTECT installation. Unfortunately, I couldn't upgrade it via Component Upgrade as the Trigger couldn't even find the PROTECT server (which kinda makes me wonder if my whole setup was bad in the get go). So I opted to manually upgrade the setup. [This is on a CentOS 7.9 system, which is still supported.] I followed the Upgrade/migration site and was going to Login to the webconsole, which I couldn't due to a login error. I followed the instructions to reset the password; but that didn't help. I took a look at the /var/log/eset/RemoteAdministrator/Server/trace.log and I noticed that I've got errors. And the ERAServer service wasn't even up. It would try to start; but would invariably fail. Here's a snippet: 2023-09-14 09:06:44 Error: NetworkModule [Thread 7fbc483d4700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:192.168.1.48, ResolvedHostname:<esmc server>, ResolvedPort:54385 2023-09-14 09:06:44 Error: NetworkModule [Thread 7fbc483d4700]: Protocol failure for session id 8, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. 2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc48bd5700]: Verify user failed for all computers: <system1>: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, certificate: [Subject='CN=Agent at *, C=US', Issuer='CN=Server Certification Authority, C=US', NotBefore=2021-Mar-31 16:00:00, NotAfter:2031-Mar-29 16:00:00, Serial=01109d5b79c4ab44b9bcf2b04e4f20f78801, SHA256=dcab9e658a599580a536c19ba0994a13329c3fe69f5a2d447ef8bb09aaa78ad3, SubjectKeyIdentifier=f0faf641b6eb98db2b08891ae97cd6d013e9a3aa, AuthorityKeyIdentifier=73a236ece5a28a2422db74f18398adb362405238],192.168.1.50: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, certificate: [Subject='CN=Agent at *, C=US', Issuer='CN=Server Certification Authority, C=US', NotBefore=2021-Mar-31 16:00:00, NotAfter:2031-Mar-29 16:00:00, Serial=01109d5b79c4ab44b9bcf2b04e4f20f78801, SHA256=dcab9e658a599580a536c19ba0994a13329c3fe69f5a2d447ef8bb09aaa78ad3, SubjectKeyIdentifier=f0faf641b6eb98db2b08891ae97cd6d013e9a3aa, AuthorityKeyIdentifier=73a236ece5a28a2422db74f18398adb362405238] 2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc48bd5700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:192.168.1.50, ResolvedHostname:<system1>, ResolvedPort:50003 2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc48bd5700]: Protocol failure for session id 12, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. 2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc483d4700]: Verify user failed for all computers: billy.kdtc.local: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, certificate: [Subject='CN=Agent at *, C=US', Issuer='CN=Server Certification Authority, C=US', NotBefore=2021-Mar-31 16:00:00, NotAfter:2031-Mar-29 16:00:00, Serial=01109d5b79c4ab44b9bcf2b04e4f20f78801, SHA256=dcab9e658a599580a536c19ba0994a13329c3fe69f5a2d447ef8bb09aaa78ad3, SubjectKeyIdentifier=f0faf641b6eb98db2b08891ae97cd6d013e9a3aa, AuthorityKeyIdentifier=73a236ece5a28a2422db74f18398adb362405238],192.168.1.50: NodVerifyCertificateChain failed: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, certificate: [Subject='CN=Agent at *, C=US', Issuer='CN=Server Certification Authority, C=US', NotBefore=2021-Mar-31 16:00:00, NotAfter:2031-Mar-29 16:00:00, Serial=01109d5b79c4ab44b9bcf2b04e4f20f78801, SHA256=dcab9e658a599580a536c19ba0994a13329c3fe69f5a2d447ef8bb09aaa78ad3, SubjectKeyIdentifier=f0faf641b6eb98db2b08891ae97cd6d013e9a3aa, AuthorityKeyIdentifier=73a236ece5a28a2422db74f18398adb362405238] 2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc483d4700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:192.168.1.50, ResolvedHostname:<system1>, ResolvedPort:50004 2023-09-14 09:06:48 Error: NetworkModule [Thread 7fbc483d4700]: Protocol failure for session id 13, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. 2023-09-14 09:06:59 Error: NetworkModule [Thread 7fbc48bd5700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:192.168.1.48, ResolvedHostname:<esmc server>, ResolvedPort:54435 2023-09-14 09:06:59 Error: NetworkModule [Thread 7fbc48bd5700]: Protocol failure for session id 17, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations. Now I feel that's just a bad communications between the server and a workstation. So I took a look more and waited for the server to start up again and came across the following: 2023-09-14 09:11:07 Information: Kernel [Thread 7f8d07fc4740]: Starting of modules took 1988 milliseconds 2023-09-14 09:11:07 Information: Kernel [Thread 7f8d07fc4740]: Used memory after modules start-up is 110792 KB 2023-09-14 09:11:07 Error: CDataMinersModule [Thread 7f8ce7f67700]: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, online verification: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain 2023-09-14 09:11:08 Error: CDataMinersModule [Thread 7f8ce7f67700]: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, online verification: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain 2023-09-14 09:11:08 Error: CDataMinersModule [Thread 7f8ce7f67700]: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain, online verification: NodVerifyTrustResult: 42, NVT_NotTrusted, X509ChainStatus: 0x10000, X509CSF_PartialChain 2023-09-14 09:11:08 Error: CDataMinersModule [Thread 7f8ce7f67700]: CThreatAnalysesDataMiner: EdtdWorldwideUsage: Connection to r.edtd.eset.com failed with: Failed to connect to URI: /v1/ping. Code: 214, Reason: NodSSL error occurred in completeHandshake.RecvEncryptedData (Certificate verification did not pass). Local: 192.168.1.48:40746 Peer: 137.117.138.135:443 TLS protocol: SSL: KeyUsage: 0xA0, PubKeyType: 6 SSL: AlgKeyX: ECDHE, KeyUsageReq: 0x80 SSL: fatal:certificate unknown (write) SSL: error:1416F086:lib(20):func(367):reason(134) (ERR) I've no idea what's going on but it can't be good. Can someone point out whether it is fixable or whether I should just kill the whole system and start anew? Now I don't mind junking this whole setup again(though I would rather not). I don't think I've ever had a good experience with upgrading major versions. I would always had to junk the setup, go to each workstation and use that ESETUninstaller to delete all traces of everything, and then install the ESET PROTECT/ESMC server and start using group policy to distribute the chores. Any help appreciated Ed Edited September 14, 2023 by ewong added system info. Link to comment Share on other sites More sharing options...
Most Valued Members ewong 8 Posted September 15, 2023 Author Most Valued Members Share Posted September 15, 2023 After much wrangling, I can log on but only for a minute or so before the ERA Server chokes and I'm brought back to the login screen. I've raised a support ticket, though I'm thinking of just junking this whole system and starting anew. I'm finding that even if I do log in, it's a little sluggish, so I guess my CentOS system is no longer a viable platform as it's a dual core system w/ 4GB ram. ESMC was pretty ok. ESET Protect is a little sluggish on it. Ed Link to comment Share on other sites More sharing options...
Recommended Posts