Jump to content

Login fail appliance


Recommended Posts

Just installed the ERA V6 appliance. Setup just went ok. I added a domein security group and gave the group rights as administrator in ERA. Login just went fine with an account which is member of the AD group. And I left the default administrator untouched. After rebooting the appliance after some policy changes, I can not login anymore. Error message appears: Login failed (connection has failed with state 'Not connected'). Reboot a couple of times doesnt seem to work.

 

What should I do? Please note it is the ovf template I deployed in my Vshpere 5.5 environment.

 

Thanks in advance.

 

Regards, Tim

 

Link to comment
Share on other sites

  • ESET Staff

First try to refresh ERA login screen - e.g.: in Chrome it is F5 key and try again.

 

If it is not still working, then it is possible that ERA Server or MySQL database is not running. Please login to management mode, exit to terminal and type 'service mysqld stop', 'service eraserver stop', 'service mysqld start' and finally 'service eraserver start'. Then refresh login screen a try again.

Link to comment
Share on other sites

Unfortunately this didn't work out. I restarted the services en refreshed my browser (used IE and Chrome). Still the same error...

Link to comment
Share on other sites

  • ESET Staff

When you run this command :

less /var/log/eset/RemoteAdministrator/Server/trace.log

(Use 'q' to quit and 'page up/down' to navigate). Are there any errors from the last startup?

Link to comment
Share on other sites

I would try restarting the ESET HTTP Server ( which is not started and wont start, but it did force start the ESET Remote Administrator Server when I did it). I think th ESET Remote Administrator Server is not starting completely because it is on a delayed start.

Link to comment
Share on other sites

Sorry for the delayed response. A couple of errrors in the trace.log:

 

Error: CServerSecurityModule: No such node (result.strIssuer)

Error: Service: Kernal start: Last staring module failed with: No such node (result.strIssuer)

Error: SchedulerModule: Scheduler is not ticking. Shutdown in progress.

Error: Service: Kernel shut down force fully

Error: Service: Kernel start failed

 

Thank you!

Link to comment
Share on other sites

  • ESET Staff

Problem is caused by wrong password for server peer certificate or empty server peer certificate that was set in Server Settings. Unfortunately there is a bug with not working validation in Server settings that enables you to change peer certificate to not valid one. After that, server won't start up after restart.

 

If you have exported certificates, then you will be able to repair installation. Certificates can also be retrieved from the database and be used for the repair. Other option is to revert to original backup snapshot of the appliance. I would suggest to contact our support team to help you.

Link to comment
Share on other sites

  • 2 months later...

I don't suppose there is a date this might be fixed?  We just had the same issue; had we known it would crash the entire program, I would have taken a backup first.  It doesn't seem realistic to take backups every time you made a configuration change; there at least needs to be an easy way to remedy this.

 

Thanks

Link to comment
Share on other sites

You need to properly set up Kerberos authentication in the /etc/krb5.conf file.

 

For example:

 

[libdefaults]

default_realm = [your domain name]

ticket_lifetime = 24h

forwardable = yes

default_tkt_enctypes = rc4-hmac

default_tgs_enctypes = rc4-hmac

permitted_enctypes = rc4-hmac

dns_lookup_kdc = true

dns_lookup_realm = false

[realms]

KATANKA.ELEM.RU = {

kdc = [DC IP]

master_kdc = [PDC IP]

default_domain = [your domain name]

admin_server = [PDC IP]

}

[domain_realm]

.[your domain name] = [your domain name]

 

It is very important to correctly identify authentication type your AD servers use.

You can find recently used auth types in google.

Link to comment
Share on other sites

  • 3 months later...

Can you elaborate on the PDC vs DC.

 

I understand DC is Domain Controller

Im guessing PDC is Primary Domain Controller

 

Does one of these have to be my DNS server and the other the IP of my ESET VA?

 

I would guess that PDC would be my DNS server..

??

Link to comment
Share on other sites

  • 2 months later...

Problem is caused by wrong password for server peer certificate or empty server peer certificate that was set in Server Settings. Unfortunately there is a bug with not working validation in Server settings that enables you to change peer certificate to not valid one. After that, server won't start up after restart.

 

If you have exported certificates, then you will be able to repair installation. Certificates can also be retrieved from the database and be used for the repair. Other option is to revert to original backup snapshot of the appliance. I would suggest to contact our support team to help you.

How would you pull the certs from the DB and fix it?  I'm familiar with Linux and mySQL; I just need to know where to look and how to tweak.  I was attempting to switch a certificate over and screwed up my install on the appliance.

Link to comment
Share on other sites

  • ESET Staff

 

Problem is caused by wrong password for server peer certificate or empty server peer certificate that was set in Server Settings. Unfortunately there is a bug with not working validation in Server settings that enables you to change peer certificate to not valid one. After that, server won't start up after restart.

 

If you have exported certificates, then you will be able to repair installation. Certificates can also be retrieved from the database and be used for the repair. Other option is to revert to original backup snapshot of the appliance. I would suggest to contact our support team to help you.

How would you pull the certs from the DB and fix it?  I'm familiar with Linux and mySQL; I just need to know where to look and how to tweak.  I was attempting to switch a certificate over and screwed up my install on the appliance.

 

 

Hello,

 

peer certificates are stored in table tbl_certificates and PFX data in field certificate_pfx_blob. Certificate authorities are stored in table tbl_certification_authorities and useful data in fields pfx_data and der_data. First field contains both private and public part of certificate in case it has been generated using ERA.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...