Problem with deploy Agent on any Windows Server edition

[Slawek 0]

Helo Folks, someone could help me with installation Agent on windows server?

I have a Protect Console on-prem where I built agent installer for GPO deploy. Installer works well on any windows workstation edition since 10 but I cannot install it on windows server edition, I checked since 2012 R2 to 2022 and when I am trying install it manually, I am getting an error like on screenshot. I did not find any useful information in installation log (is attached) so I focused on the error where the installer stopped. "Inserting peer certificate content ..." and ...

I exported the certificate used to generate the agent installer and when I manually try to install it on a Windows Server, I receive a message about an incorrect password, the same certificate installs on Windows 10 or 11 without any problems.  I'm lost Can anyone help? Thank you in advance.

 

agent_msi.log

[Marcos 5,267]

Are you able to run the agent msi installer on the server and install it locally?

[Slawek 0]

Installer is working well but I cannot install neither online nor offline.

 

Online

Offline

Password for cert is black and is working on any Windows Workstation I also generate another cert but with password and also is not possible to install it on Server Edition (wrong pass), but Workstation is ok 😕

[Marcos 5,267]

Couldn't it be that advanced security is enabled in the ESET PROTECT setup but the server you are attempting to install the agent on does not have a Windows update adding SHA-256 code signing support installed?

[Slawek 0]

Marcos You are right. I thought this applies to systems up to 2008R2. I read somewhere that since 2012R2 I don't have to take any action with SHA2.

Finally, I export cert from windows 11 as SHA1 and install agent offline with full success.

How can I enable SHA2 support on my servers?

Thanks