Jump to content

Migrate VA from CentoOS to Rocky Linux, no errors, but can't login to web console - communication error


Go to solution Solved by Marcos,

Recommended Posts

I've tried to migrate, I reinstalled the Rocky Linux VA 6 or 7 times without any error. I've tried with same IP and different IP methods. When I want to connect first time to Web Console with Administrator password I receive communication error. I've tried with Edge and Chrome from different computers and also with incognito mode. Searching the forum, I found that maybe it's something from Tomcat chiper config, but without success. Last time I installed Rocky Linux VA without pulling database from the other server, this is how logging in the web console works. 

 

Centos VA is up to date with the latest updates from Eset

version.PNG

Link to comment
Share on other sites

Posted (edited)

Thank you Marcos, the solution worked perfect!

Another situation after migrating some PCs and servers:

On all Windows Server 2016 Standard (I have few) in console appear Configuration module has malfunctions. I've tried clear cache on client side and few restarts, but the message from console still remain. On client side (Windows Server 2016 Standard with Eset Server Security) I don't have any error.

P.S. I've seen that someone posted about LDAPS integration. This is also not working, will appreciate a procedure/update for it.

 

 

Edited by Ionut C.
Link to comment
Share on other sites

I was able to configure LDAPS with help from Eset support. Same settings for Kerberos as CentOS and NTP server configured in chrony on Rocky Linux. 

Link to comment
Share on other sites

I fought the same communication error for the last two days. Thank you for the solution.

Now on to the next issue ...

 

Link to comment
Share on other sites

Hi Marcos,

Have a few follow-up questions about this process that aren't covered in the article. I've created the new VM with the Rocky-based appliance, imported the database, done the intiial configuration with a new IP address and FQDN. Then had to detour to deal with the SHA1 certificate problem. On the Rocky appliance, I've created the new SHA2 CA as well as the Server and Agent certificates. That's as far as I've gone. As of right now, none of the preexisting clients have been migrated over (waiting for that fix tomorrow so I can update the agents properly). Also, no full disk encryption in use here.

Question 1: Am I better off moving the clients over to the new server first, then waiting until they have all talked to the new server and picked up the SHA2 CA and certs, then change the connection certificate to the SHA2 server cert on the Rocky appliance, OR should I change the server certificate on the Rocky appliance first, revoke and remove the old SHA1 certificates, set the new SHA2 certificate as the connection certificate under settings and then migrate the clients over to that server (in other words, will they pick up the certificates from the new server when they are migrated over to it or does the certificate on the new appliance need to match the certificate on the old one for the migration to work properly)?

Question 2: Under Peer Certificates, there are four certificates, all of which were created on the same day and time I set up the original appliance in here. Server, Agent, Proxy and "Agent cert for server assisted installation". As per the instructions, I've created SHA2 Server and Agent certs using the SHA2 CA. The documents that I saw did not mention the other two at all. Do I need to worry about the other two certificates?

Question 3: Should I be deleting the old certs and CA or leaving them as-is? I'd kind of like to remove them at some point so as to be sure that nothing is using the old CA anymore. If not deleting, do I need to be leaving the old SHA1 CA intact and in place so those certs will continue to work, thereby punting that issue down the road to a further point?
 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...