Jump to content

Centos VA to Rocky VA migration fails with "it is not possible to authorize to ESET PROTECT Server" with provided credentials


Recommended Posts

I've followed to the best of my knowledge the information in https://help.eset.com/protect_deploy_va/11.0/en-US/va_upgrade_migrate.html#recommended in order to migrate from a CentOS 7-based VA to the new Rocky Linux-based one. On my old VA, and IIRC a couple of years ago we switched to extended security by creating custom certificate authorities and switching to SHA-256 communication.

After pulling the database from the old VA, I've powered down the old VA and visited the (temporary) ip of the new server. I've entered my credentials there and the networking info (essentially the setup of the old server). Pressing submit does a VA reboot. After the boot process I'm greeted with an error in the console, stating that first time appliance configuration failed. Further below the following are mentioned:

The log file /opt/appliance/log/appliance-configuration-log.txt:

Setting issue ...
Reading configuration ...
Setting issue ...
Configuring operating system password ...
Configuring static IP for network adapter ...
Connection 'lan0' successfully deactivated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/2)
Connection successfully activated (D-Bus active path: /org/freedesktop/NetworkManager/ActiveConnection/3)
Configuring hostname ...
Performing initial NTP synchronisation and configuration ...
200 OK
Starting database server ...
Created symlink /etc/systemd/system/multi-user.target.wants/mysqld.service → /usr/lib/systemd/system/mysqld.service.
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
Configuring database password ...
mysqladmin: [Warning] Using a password on the command line interface can be insecure.
Warning: Since password will be sent to server in plain text, use ssl connection to ensure password safety.
Installing Server ...
stty: 'standard input': Inappropriate ioctl for device

ESET PROTECT on-prem Server Installer (version: 11.0.215.0), Copyright © 1992-2024 ESET, spol. s r.o. - All rights reserved.

Extracting archive, please wait...
Archive extracted to /tmp/tmp.iMArQdf9mL.
Checking OpenSSL ... done [OpenSSL 3.0.7 1 Nov 2022]
Reading previous installation settings ... failure
Checking installed version... done
Status of current installation is: NEW
Checking database connection ... done
Checking database user ... done
Loading GUID ... done [GUID = c70c4a64-b7d1-41d0-bea1-6e60c55a08d2]
Inserting root password ... done
Skipping certificates generation.
Skipping static groups synchronization scheduling.
Stopping service... Preparing database upgrade ... done
Upgrading database ... done
Storing ports into configuration ... done
Moving scripts from '/tmp/tmp.iMArQdf9mL/setup/Scripts' to /var/opt/eset/RemoteAdministrator/Server/Scripts/... done
Moving ESET Modules from '/tmp/tmp.iMArQdf9mL/setup/Modules' to /var/opt/eset/RemoteAdministrator/Server/Modules/... done
Creating 'config' directory path: /etc/opt/eset/RemoteAdministrator/Server
Creating 'libs' directory path: /opt/eset/RemoteAdministrator/Server
Creating 'data' directory path: /var/opt/eset/RemoteAdministrator/Server
Creating 'Pki Cache' directory path: /var/opt/eset/RemoteAdministrator/Server/pki.eset.com/
Creating 'logs' directory path: /var/log/eset/RemoteAdministrator/Server
Moving ReportTemplates from '/tmp/tmp.iMArQdf9mL/setup/ReportTemplates' to /var/opt/eset/RemoteAdministrator/Server/ReportTemplates/... done
Moving LangData.dat to /var/opt/eset/RemoteAdministrator/Server/Localization/LangData.dat... done
Extracting ReportPrinter files... done
Creating startup configuration file /etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini ... done
Creating config file /etc/opt/eset/RemoteAdministrator/Server/config.cfg ... done
Backing up contents of /opt/eset/RemoteAdministrator/Server
Copying files to target destination: /opt/eset/RemoteAdministrator/Server
Copying installer to target destination: /opt/eset/RemoteAdministrator/Server/setup/installer_backup.sh
File ownership set to: root:root
Setting auto-start service...
Generating Xauthority token... done
Created symlink /etc/systemd/system/multi-user.target.wants/eraserver.service → /etc/systemd/system/eraserver.service.
Installing SELinux policy... done
Removed backup directory: /opt/eset/RemoteAdministrator/.Server-052709045
Product installed.
Enabling port 2222 in firewall ...
success
success

Enabling port 2223 in firewall ...
success
success
Installing RDSensor ...

ESET Rogue Detection Sensor Installer (version: 1.1.615.2), Copyright © 1992-2020 ESET, spol. s r.o.

Extracting archive, please wait...
Archive extracted to /tmp/tmp.vNuMNoKuP2.
Generating GUID ... done [GUID = c05a4863-bdd3-4399-831c-19c5e36ae215]
Checking installed version... done
Status of current installation is: NEW
Creating 'config' directory path: /etc/opt/eset/RogueDetectionSensor
Creating 'libs' directory path: /opt/eset/RogueDetectionSensor
Creating 'data' directory path: /var/opt/eset/RogueDetectionSensor
Creating 'logs' directory path: /var/log/eset/RogueDetectionSensor
Backing up contents of '/opt/eset/RogueDetectionSensor'
Copying files to target destination: '/opt/eset/RogueDetectionSensor'
Removed backup directory: '/opt/eset/.RogueDetectionSensor-315434814'
Moving ESET Modules to /var/opt/eset/RogueDetectionSensor/Modules... done
Moving nmap-os-db file to /etc/opt/eset/RogueDetectionSensor/nmap-os-db
Moving vendors.txt file to /etc/opt/eset/RogueDetectionSensor/vendors.txt
Creating config file /etc/opt/eset/RogueDetectionSensor/config.cfg ... done
Setting auto-start service...
Failed to get unit file state for rdsensor.service: No such file or directory
Created symlink /etc/systemd/system/multi-user.target.wants/rdsensor.service → /etc/systemd/system/rdsensor.service.
Installing SELinux policy... done
Product installed.
Installing managing agent ...
stty: 'standard input': Inappropriate ioctl for device
Initialized log file: /var/log/eset/RemoteAdministrator/EraAgentInstaller.log

ESET Management Agent Installer (version: 11.0.503.0), Copyright © 1992-2023 ESET, spol. s r.o. - All rights reserved.

Creating directories...
Creating 'config' directory path: /etc/opt/eset/RemoteAdministrator/Agent
Creating 'data' directory path: /var/opt/eset/RemoteAdministrator/Agent
Creating 'Pki Cache' directory path: /var/opt/eset/RemoteAdministrator/Agent/pki.eset.com/
Creating 'logs' directory path: /var/log/eset/RemoteAdministrator/Agent
Creating 'libs' directory path: /opt/eset/RemoteAdministrator/Agent
Directories created
The archive will be extracted to: /opt/eset/RemoteAdministrator/AgentInstallerData
Extracting, please wait...
The unpacked installer data will be moved to: /opt/eset/RemoteAdministrator/Agent
Checking OpenSSL ... done [OpenSSL 3.0.7 1 Nov 2022]
Checking installed version ...
Status of current installation is: NEW
New connection settings are 'hostname': '127.0.0.1', 'port': 2222
Checking server connection...
Connection checked successfully.
Getting certificate from server...
It is not possible to authorize to ESET PROTECT Server with provided credentials.
Cleaning up setup directories

 

I can see some possible issues:

1) "Reading previous installation settings ... failure" <- why

2) "Status of current installation is: NEW" <- this is an upgrade, should it be stated here as new?

3) And of course the final lines:

New connection settings are 'hostname': '127.0.0.1', 'port': 2222
Checking server connection...
Connection checked successfully.
Getting certificate from server...
It is not possible to authorize to ESET PROTECT Server with provided credentials.
Cleaning up setup directories
'/opt/appliance/installers/Agent.sh --skip-license --cert-auto-confirm --export-fingerprint=/tmp/server_fingerprint_agent.txt --hostname='127.0.0.1' --port='2222' --replication-interval 'R/20 * * * * ? *' --create-ca  --webconsole-hostname='127.0.0.1'  --webconsole-port='2223'  --webconsole-user='Administrator'  --webconsole-password=*****' command failed with 1.

Could the custom certificates of the old VA somehow be the cause of this?

In my notes, I can see that I had kept a second password (key possibly) that was made during creation of the certificate authority a couple of years ago. The web page wizard did not provide any place to store that information as well.

 

 

Edited by carmik
Title edit
Link to comment
Share on other sites

  • carmik changed the title to Centos VA to Rocky VA migration fails with "it is not possible to authorize to ESET PROTECT Server" with provided credentials
21 minutes ago, Marcos said:

Please raise a support ticket for help with troubleshooting the errors.

Are you referring to the local eset support in my country, or something else altogether?

Link to comment
Share on other sites

  • Administrators

Yes, I mean the technical support in your country provided by a distributor or resellers.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...