ERA6 Certificate issues

[GreenEnvy22 6]

Hi,

I've deployed ERA6 Linux appliance, it's hostname is BUSRV-ESET1.

It's connected to our domain, I can login as a domain user, and browse domain groups (though only in LDAP mode for some reason, AD mode gives error).

 

If I deploy the agent, it works fine. Users computers report in. However they are looking to connect to busrv-eset1.domain.lan, which only works from inside the building.

I'd prefer they connect to antivirus.domain.org. I've got internal DNS setup to point to the IP of the appliance, and external DNS setup to an external IP which is then NAT'd to that internal IP.

 

When I first tried to deploy an agent with this new server name, I put the antivirus.domain.org in as the server name. However while the deploy task showed as complete, the workstations never report in. I ran the diagnostics.exe app in the agent folder on the client, and in the log I can see it doesn't like that the server hostname (BUSRV-ESET1) is different than what the agent is asking for (antivirus.domain.org).

 

So I created new server and agent certificates, and added both BUSRV-ESET1 and antivirus.domain.org into the server name field on each. I made that new server certificate the active one, and then made a new deploy task using the new agent certificate.

However I am still having the same issue, the log file says that the name doesn't match.

 

 

Here is how the certificate looks:

DESCRIPTION

 

ISSUER

CN=Server Certification Authority;C=US;

 

PRODUCT

server

 

SUBJECT

CN=Server certificate for host BUSRV-ESET1,antivirus.domain.org;OU=IT;O=MYORG;L=MyCity;S=ON;C=CA;

 

HOST

BUSRV-ESET1,antivirus.domain.org

 

And the log file from the agent shows:

2015-02-19 04:46:42 Error: CAgentSecurityModule [Thread b74]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1)

2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222

2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.

2015-02-19 04:46:42 Error: CReplicationModule [Thread be8]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.

2015-02-19 04:47:36 Error: CAgentSecurityModule [Thread e10]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1)

2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222

2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.

2015-02-19 04:47:36 Error: CReplicationModule [Thread e08]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.

 

Any thoughts on what is going on?

 

 

[jimwillsher 65]

We just used host * in our certs, but apart from that we're doing the same as you - connect to a FQDN, internal DNS pointing to the LAN machine; external firewall NATting etc.

 

• Description
• Issuer

  CN=xxxxx ESET CCA;
• Product

  agent
• Subject

  CN=Agent at *;
• Host

  *
• Serial number

  01xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
• Valid from

  2015 Feb 1 00:00:00
• Valid to

  2025 Feb 2 00:00:0

 

Jim

[anthonyh 15]

Is your cert being used to access the site from an external fqdn?

[verus 4]

I get the same error on some clients (client deoployed from the server).

certificate created by ESET.

 

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module ERAG1ClientConnector (used 0 KB)

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CMDMCoreConnectorModule

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CMDMCoreConnectorModule (used 0 KB)

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CVAHCoreConnectorModule

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CVAHCoreConnectorModule (used 0 KB)

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module AgentToProxyConnectorModule

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module AgentToProxyConnectorModule (used 0 KB)

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CRDSensorConnectorModule

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CRDSensorConnectorModule (used 0 KB)

2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Used memory after modules start-up is 33036 KB

2015-03-04 15:03:41 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.xx.xx, ResolvedHostname:, ResolvedPort:2222

2015-03-04 15:03:41 Error: NetworkModule [Thread 83c]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.

2015-03-04 15:03:41 Error: CReplicationModule [Thread 1860]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.

2015-03-04 15:03:46 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.x.x, ResolvedHostname:, ResolvedPort:2222

2015-03-04 15:03:46 Error: NetworkModule [Thread 83c]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.

2015-03-04 15:03:46 Error: CReplicationModule [Thread 1860]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.

2015-03-04 15:04:48 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.xx.xx, ResolvedHostname:, ResolvedPort:2222

2015-03-04 15:04:48 Error: NetworkModule [Thread 83c]: Protocol failure for session id 3, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.

2015-03-04 15:04:48 Error: CReplicationModule [Thread 1ffc]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.

[Peter Randziak 1,130]

Hello,

 

we need to check this with Devs please send me a private message with reference to this thread and provide me with:

1. trace.log from the server

2. trace.log from the agent

3. screenshot of the certificates.

 

We will check it.

 

P.R.

[nikihutson 0]

Any update on this? We are having the same issue.

[GreenEnvy22 6]

We are just using an * cert now, which is working.

I'll revisit the issue at some point, but for now it's working well enough.