Jump to content

Install ESET Mobile Device Connector (MDC) on Appliance


Recommended Posts

Hi there,

is there any guide/howto/step-by-step how to install the MDC on the Appliance?

Especially:

- where to find the https certificate

- which is the password for the certificate

- --db-use-existing-db= ... should this be the ERAS DB? Or is there no parameter necessary (as in example)

- which other params are needed?

Thx a lot,

meg

Link to comment
Share on other sites

  • Former ESET Employees

If possible, use ERA_MDM.ova in new virtual machine. It is the easiest way to install and manage Mobile device connector.

Link to comment
Share on other sites

If possible, use ERA_MDM.ova in new virtual machine. It is the easiest way to install and manage Mobile device connector.

Would be one possibility. But it seems ironic for me, to have 4 (or more) virtual or physical machines to test one product.

Why there is no all in one appliance?

Best,

meg

Link to comment
Share on other sites

  • Former ESET Employees

Especially:
- where to find the https certificate

- which other params are needed?

 

.\MDMCore.sh--db-type="MySQL Server" --db-driver=MySQL --db-hostname=localhost --db-port=3306 --db-admin-username=root --db-admin-password=xxxx --db-user-username=mdm_user --db-user-password=xxxxxx --https-cert-path=/tmp/https.pfx --https-cert-password=xxxx --hostname=era-server --port=2222 --cert-path=/tmp/agent.pfx --cert-password=xxxxx --mdm-hostname=machine_public_hostname

 

You must create your own HTTPS certificate in pfx format.

This should be helpful for you hxxp://stackoverflow.com/questions/14267010/how-to-create-self-signed-ssl-certificate-for-test-purposes

 

- which is the password for the certificate

if created pfx is not secured with password, using this param is not needed

- --db-use-existing-db= ... should this be the ERAS DB? Or is there no parameter necessary (as in example)

do not use this param, Mobile device connector needs to create its own database

Edited by Timos
Link to comment
Share on other sites

Hi Timos, downloaded the era_mdm.ova ... but looks like there is eras inside. No MobileDeviceManagement :(

Will try your second solution...

Link to comment
Share on other sites

...

thx a lot for this detailed informations. Looks like it answers all my questions but:

 

./MDMCore-Linux-x86_64.sh --webconsole-password="$secret" --db-type="MySQL Server" --db-driver="MySQL" --hostname=localhost --https-cert-path=mycert.pfx --db-admin-username=root --db-admin-password="$secret" --db-user-password="$secret2"

brings me to:

2015-04-29 15:41:58 Getting certificate from server...
2015-04-29 15:41:58 ./MDMCore-Linux-x86_64.sh: 1165: Error occured while getting certificates from server

===> Solution: Using FQDN (which is used in Certificate of ERAS) for --hostname

 

Now i get:

2015-04-29 15:51:58 Checking database connection and status...
2015-04-29 15:51:58 ./MDMCore-Linux-x86_64.sh: 1059: Connection to database failed with message: 65535

With the following entry in log file:

2015-04-29 15:56:08 Information: DbCheckConnectionAndStatus: Set output property: P_DB_ADMIN_CONNECTION_STATUS = 65535
2015-04-29 15:56:08 Information: ERROR: DatabaseException with error code '0' and message - Connection:Not applicable
Server:Not applicable
===========================
ODBC Diagnostic record #1:
===========================
SQLSTATE = IM002
Native Error Code = 0
[unixODBC][Driver Manager]Data source name not found, and no default driver specified

odbc.ini and odbcinst.ini are Appliance default

 

Switching the driver to one which is listened in odbcinst.ini brings:

[unixODBC][MySQL][ODBC 5.3(a) Driver]Can't connect to local MySQL server through socket '/tmp/mysql.sock' (2)

Socket on Appliance is located on /var/lib/mysql/mysql.sock

After fixing that:

Starting ESET Remote Administrator Mobile Device Connector [  OK  ]
2015-04-29 17:05:11 Service started.
2015-04-29 17:05:11 Product installed.
Edited by Megachip
Link to comment
Share on other sites

Hi Timos,

 

have still the problem, that I can't check if mdm is really successful installed:

root     21378     1  0 Apr29 ?        00:00:49 /opt/eset/RemoteAdministrator/MDMCore/eramdmcore --daemon --pidfile=/var/run/eramdmcore.pid
tcp        0      0 *:9980                      *:*                         LISTEN      
tcp        0      0 *:9981                      *:*                         LISTEN 

but do not get any connection on port 9980 via https:(

 

iptables -A INPUT -p tcp -m tcp --dport 9980:9981 -j ACCEPT

Edited by Megachip
Link to comment
Share on other sites

  • Former ESET Employees

Maybe firewall is blocking this. Or look at MDMCore trace.log, if there are any errors.

Link to comment
Share on other sites

  • Former ESET Employees
Enable firewall ports for MDC by adding these lines to /root/firewall-ports.sh and run /root/firewall-ports.sh

/root/firewall-ports.sh is ran every machine startup, so this will permanently enable these ports in appliance.

 

echo iptables -A INPUT -p tcp --dport 9980 -j ACCEPT

echo ip6tables -A INPUT -p tcp --dport 9980 -j ACCEPT


echo iptables -A INPUT -p tcp --dport 9981 -j ACCEPT

echo ip6tables -A INPUT -p tcp --dport 9981 -j ACCEPT

Edited by Timos
Link to comment
Share on other sites

Maybe firewall is blocking this. Or look at MDMCore trace.log, if there are any errors.

your right. Thx again. Seems all fine now. 

 

Still not seen the MDM in Mobile Device Connector Task (as described in 6.1.3.2.18 Device Enrollment ).

 

Possible there should be a bit more detailed and strait forward documentation ;)

Edited by Megachip
Link to comment
Share on other sites

Sorry. Had to unmark the solution cause it is still not fully functional :(

 

Any ideas why server isn't listen in ERAS? Ports are accessible now. HTTPS works.

Link to comment
Share on other sites

  • Former ESET Employees

Set and apply policy on era agent to connect more frequently (for example every 1 minute). Try to restart ERA Agent or reboot the machine. After some amount of time, you should see MDC there.

Link to comment
Share on other sites

Set and apply policy on era agent to connect more frequently (for example every 1 minute). Try to restart ERA Agent or reboot the machine. After some amount of time, you should see MDC there.

Possible you're right. Looks like the agent hangs. Last entry in Agents trace.log is dated on 08.04.15. Last connection of the server to himself ^^ is on 16.04.15. Looks like this is not a very stable thing.

 

Any way to upgrade or restart the agent if the agent is not running/hanging?

Interesting, that not "product is not connected"-warning is generated...

 

Agent crashes on connecting MDM:

2015-05-05 11:02:49 Information: SchedulerModule [Thread 7f100bfff700]: Received message: GetRemainingTimeByUserDataRequest
2015-05-05 11:02:49 Information: Kernel [Thread 7f1029511700]: Used memory after modules start-up is 49712 KB
2015-05-05 11:02:49 Error: CMDMCoreConnectorModule [Thread 7f0fc97fb700]: Cannot connect to MDMCore using IPv6: Net Exception, Address family not supported
2015-05-05 11:02:49 Error: CMDMCoreConnectorModule [Thread 7f0fc97fb700]: Net Exception

After upgrading the Agent, the mdmcore is dead. 

Edited by Megachip
Link to comment
Share on other sites

  • Former ESET Employees

Please contact ESET Support, it looks there is bug.

But I still recommend to use era_mdm.ova, you should have less problems with it.

Edited by Timos
Link to comment
Share on other sites

  • 5 weeks later...

Please contact ESET Support, it looks there is bug.

But I still recommend to use era_mdm.ova, you should have less problems with it.

ATM it seems that the agent crashes immediately after trying to connect the MDMCore on IPv6. eraagent deamon still running but isn't reachable anymore. Also it is not possible to end it via init.d.

It does not matter eramdmcore is running or not.

 

MDM runs fine there wile, but system is out of control without an working agent. Will try manually upgrade of the agent. Support is informed.

Link to comment
Share on other sites

  • 4 weeks later...
  • 3 months later...
  • 2 months later...
  • Administrators

You can download ESET Remote Administrator 6 Virtual Appliance from hxxp://www.eset.com/int/download/business/detail/family/259/#offline,,,26,

After deployment and connecting to the VA, you select the appliance type as mentioned in the help hxxp://help.eset.com/era_deploy_va/62/en-US/index.html?config_va.htm.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...