tstolk 0 Posted March 9, 2015 Share Posted March 9, 2015 Just installed the ERA V6 appliance. Setup just went ok. I added a domein security group and gave the group rights as administrator in ERA. Login just went fine with an account which is member of the AD group. And I left the default administrator untouched. After rebooting the appliance after some policy changes, I can not login anymore. Error message appears: Login failed (connection has failed with state 'Not connected'). Reboot a couple of times doesnt seem to work. What should I do? Please note it is the ovf template I deployed in my Vshpere 5.5 environment. Thanks in advance. Regards, Tim Link to comment Share on other sites More sharing options...
ESET Staff michalp 20 Posted March 10, 2015 ESET Staff Share Posted March 10, 2015 First try to refresh ERA login screen - e.g.: in Chrome it is F5 key and try again. If it is not still working, then it is possible that ERA Server or MySQL database is not running. Please login to management mode, exit to terminal and type 'service mysqld stop', 'service eraserver stop', 'service mysqld start' and finally 'service eraserver start'. Then refresh login screen a try again. Link to comment Share on other sites More sharing options...
tstolk 0 Posted March 11, 2015 Author Share Posted March 11, 2015 Unfortunately this didn't work out. I restarted the services en refreshed my browser (used IE and Chrome). Still the same error... Link to comment Share on other sites More sharing options...
ESET Staff michalp 20 Posted March 12, 2015 ESET Staff Share Posted March 12, 2015 When you run this command : less /var/log/eset/RemoteAdministrator/Server/trace.log (Use 'q' to quit and 'page up/down' to navigate). Are there any errors from the last startup? Link to comment Share on other sites More sharing options...
tjohnson 0 Posted March 16, 2015 Share Posted March 16, 2015 I would try restarting the ESET HTTP Server ( which is not started and wont start, but it did force start the ESET Remote Administrator Server when I did it). I think th ESET Remote Administrator Server is not starting completely because it is on a delayed start. Link to comment Share on other sites More sharing options...
tstolk 0 Posted March 17, 2015 Author Share Posted March 17, 2015 Sorry for the delayed response. A couple of errrors in the trace.log: Error: CServerSecurityModule: No such node (result.strIssuer) Error: Service: Kernal start: Last staring module failed with: No such node (result.strIssuer) Error: SchedulerModule: Scheduler is not ticking. Shutdown in progress. Error: Service: Kernel shut down force fully Error: Service: Kernel start failed Thank you! Link to comment Share on other sites More sharing options...
ESET Staff michalp 20 Posted March 18, 2015 ESET Staff Share Posted March 18, 2015 Problem is caused by wrong password for server peer certificate or empty server peer certificate that was set in Server Settings. Unfortunately there is a bug with not working validation in Server settings that enables you to change peer certificate to not valid one. After that, server won't start up after restart. If you have exported certificates, then you will be able to repair installation. Certificates can also be retrieved from the database and be used for the repair. Other option is to revert to original backup snapshot of the appliance. I would suggest to contact our support team to help you. Link to comment Share on other sites More sharing options...
glsb 1 Posted June 16, 2015 Share Posted June 16, 2015 I don't suppose there is a date this might be fixed? We just had the same issue; had we known it would crash the entire program, I would have taken a backup first. It doesn't seem realistic to take backups every time you made a configuration change; there at least needs to be an easy way to remedy this. Thanks Link to comment Share on other sites More sharing options...
DmitryP 0 Posted June 19, 2015 Share Posted June 19, 2015 You need to properly set up Kerberos authentication in the /etc/krb5.conf file. For example: [libdefaults] default_realm = [your domain name] ticket_lifetime = 24h forwardable = yes default_tkt_enctypes = rc4-hmac default_tgs_enctypes = rc4-hmac permitted_enctypes = rc4-hmac dns_lookup_kdc = true dns_lookup_realm = false [realms] KATANKA.ELEM.RU = { kdc = [DC IP] master_kdc = [PDC IP] default_domain = [your domain name] admin_server = [PDC IP] } [domain_realm] .[your domain name] = [your domain name] It is very important to correctly identify authentication type your AD servers use. You can find recently used auth types in google. Link to comment Share on other sites More sharing options...
dlaporte 14 Posted September 25, 2015 Share Posted September 25, 2015 Can you elaborate on the PDC vs DC. I understand DC is Domain Controller Im guessing PDC is Primary Domain Controller Does one of these have to be my DNS server and the other the IP of my ESET VA? I would guess that PDC would be my DNS server.. ?? Link to comment Share on other sites More sharing options...
dlaporte 14 Posted September 25, 2015 Share Posted September 25, 2015 so it appears the VA is up and running.... I get these parse errors though.. Link to comment Share on other sites More sharing options...
wjohnson 0 Posted December 12, 2015 Share Posted December 12, 2015 Problem is caused by wrong password for server peer certificate or empty server peer certificate that was set in Server Settings. Unfortunately there is a bug with not working validation in Server settings that enables you to change peer certificate to not valid one. After that, server won't start up after restart. If you have exported certificates, then you will be able to repair installation. Certificates can also be retrieved from the database and be used for the repair. Other option is to revert to original backup snapshot of the appliance. I would suggest to contact our support team to help you. How would you pull the certs from the DB and fix it? I'm familiar with Linux and mySQL; I just need to know where to look and how to tweak. I was attempting to switch a certificate over and screwed up my install on the appliance. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted December 12, 2015 ESET Staff Share Posted December 12, 2015 Problem is caused by wrong password for server peer certificate or empty server peer certificate that was set in Server Settings. Unfortunately there is a bug with not working validation in Server settings that enables you to change peer certificate to not valid one. After that, server won't start up after restart. If you have exported certificates, then you will be able to repair installation. Certificates can also be retrieved from the database and be used for the repair. Other option is to revert to original backup snapshot of the appliance. I would suggest to contact our support team to help you. How would you pull the certs from the DB and fix it? I'm familiar with Linux and mySQL; I just need to know where to look and how to tweak. I was attempting to switch a certificate over and screwed up my install on the appliance. Hello, peer certificates are stored in table tbl_certificates and PFX data in field certificate_pfx_blob. Certificate authorities are stored in table tbl_certification_authorities and useful data in fields pfx_data and der_data. First field contains both private and public part of certificate in case it has been generated using ERA. Link to comment Share on other sites More sharing options...
Recommended Posts