GreenEnvy22 6 Posted February 19, 2015 Share Posted February 19, 2015 Hi, I've deployed ERA6 Linux appliance, it's hostname is BUSRV-ESET1. It's connected to our domain, I can login as a domain user, and browse domain groups (though only in LDAP mode for some reason, AD mode gives error). If I deploy the agent, it works fine. Users computers report in. However they are looking to connect to busrv-eset1.domain.lan, which only works from inside the building. I'd prefer they connect to antivirus.domain.org. I've got internal DNS setup to point to the IP of the appliance, and external DNS setup to an external IP which is then NAT'd to that internal IP. When I first tried to deploy an agent with this new server name, I put the antivirus.domain.org in as the server name. However while the deploy task showed as complete, the workstations never report in. I ran the diagnostics.exe app in the agent folder on the client, and in the log I can see it doesn't like that the server hostname (BUSRV-ESET1) is different than what the agent is asking for (antivirus.domain.org). So I created new server and agent certificates, and added both BUSRV-ESET1 and antivirus.domain.org into the server name field on each. I made that new server certificate the active one, and then made a new deploy task using the new agent certificate. However I am still having the same issue, the log file says that the name doesn't match. Here is how the certificate looks: DESCRIPTION ISSUER CN=Server Certification Authority;C=US; PRODUCT server SUBJECT CN=Server certificate for host BUSRV-ESET1,antivirus.domain.org;OU=IT;O=MYORG;L=MyCity;S=ON;C=CA; HOST BUSRV-ESET1,antivirus.domain.org And the log file from the agent shows: 2015-02-19 04:46:42 Error: CAgentSecurityModule [Thread b74]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1) 2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222 2015-02-19 04:46:42 Error: NetworkModule [Thread 880]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-02-19 04:46:42 Error: CReplicationModule [Thread be8]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-02-19 04:47:36 Error: CAgentSecurityModule [Thread e10]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (BUSRV-ESET1) 2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:10.4.0.45, ResolvedHostname:, ResolvedPort:2222 2015-02-19 04:47:36 Error: NetworkModule [Thread 880]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-02-19 04:47:36 Error: CReplicationModule [Thread e08]: CReplicationManager: Replication (network) connection to 'host: "antivirus.domain.org" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete. Any thoughts on what is going on? Link to comment Share on other sites More sharing options...
jimwillsher 65 Posted February 19, 2015 Share Posted February 19, 2015 We just used host * in our certs, but apart from that we're doing the same as you - connect to a FQDN, internal DNS pointing to the LAN machine; external firewall NATting etc. Description Issuer CN=xxxxx ESET CCA; Product agent Subject CN=Agent at *; Host * Serial number 01xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx Valid from 2015 Feb 1 00:00:00 Valid to 2025 Feb 2 00:00:0 Jim Link to comment Share on other sites More sharing options...
Former ESET Employees anthonyh 15 Posted February 26, 2015 Former ESET Employees Share Posted February 26, 2015 Is your cert being used to access the site from an external fqdn? Link to comment Share on other sites More sharing options...
verus 4 Posted March 4, 2015 Share Posted March 4, 2015 I get the same error on some clients (client deoployed from the server). certificate created by ESET. 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module ERAG1ClientConnector (used 0 KB) 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CMDMCoreConnectorModule 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CMDMCoreConnectorModule (used 0 KB) 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CVAHCoreConnectorModule 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CVAHCoreConnectorModule (used 0 KB) 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module AgentToProxyConnectorModule 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module AgentToProxyConnectorModule (used 0 KB) 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Starting module CRDSensorConnectorModule 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Started module CRDSensorConnectorModule (used 0 KB) 2015-03-04 15:03:41 Information: Kernel [Thread 3f0]: Used memory after modules start-up is 33036 KB 2015-03-04 15:03:41 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.xx.xx, ResolvedHostname:, ResolvedPort:2222 2015-03-04 15:03:41 Error: NetworkModule [Thread 83c]: Protocol failure for session id 1, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-03-04 15:03:41 Error: CReplicationModule [Thread 1860]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-03-04 15:03:46 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.x.x, ResolvedHostname:, ResolvedPort:2222 2015-03-04 15:03:46 Error: NetworkModule [Thread 83c]: Protocol failure for session id 2, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-03-04 15:03:46 Error: CReplicationModule [Thread 1860]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-03-04 15:04:48 Error: NetworkModule [Thread 83c]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.xx.xx, ResolvedHostname:, ResolvedPort:2222 2015-03-04 15:04:48 Error: NetworkModule [Thread 83c]: Protocol failure for session id 3, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete. 2015-03-04 15:04:48 Error: CReplicationModule [Thread 1ffc]: CReplicationManager: Replication (network) connection to 'host: "xxxx.xxDOMAIN.local" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete. Link to comment Share on other sites More sharing options...
ESET Moderators Peter Randziak 1,175 Posted March 4, 2015 ESET Moderators Share Posted March 4, 2015 Hello, we need to check this with Devs please send me a private message with reference to this thread and provide me with: 1. trace.log from the server 2. trace.log from the agent 3. screenshot of the certificates. We will check it. P.R. Link to comment Share on other sites More sharing options...
nikihutson 0 Posted April 8, 2015 Share Posted April 8, 2015 Any update on this? We are having the same issue. Link to comment Share on other sites More sharing options...
GreenEnvy22 6 Posted April 9, 2015 Author Share Posted April 9, 2015 We are just using an * cert now, which is working. I'll revisit the issue at some point, but for now it's working well enough. Link to comment Share on other sites More sharing options...
Recommended Posts