Help deploying ESET Remote Agent

[JamesBray 0]

Morning Chaps,

 

I've upgraded to ESET Remote Administrator 6 and I'm having trouble deploying the Remote Agent out to my network by pushing it from the server.

 

In a room with 30 identical machines with identical images on them, I am getting like 5 or 6 that install the agent and the rest fail. Part of this is due to the fact that my machines do not have access to the internet until a user logs into them. I have attempted to ignore the IP addresses for the repository, but this only seems to have helped on some machines (maybe I am missing a mirror or something? Is there a list of IP addresses anywhere?).

 

I have 600 agents to deploy, so I obviously want to do this as automatically as possible. In another post on here, someone mentioned that it's not possible to deploy the agent from the server and make it reference a copy of the MSI on the network, instead it says that using this method it always needs to pull the file from the internet (which seems bizarre to me).

 

The other option is that I use a Live Installer Agent batch file, but this still references the online repository. Is there anyway to modify this batch to point to a copy on my local network? Then I can push the batch out through other means.

 

I've got to say that ESET RA 5 was an absolute champ at pushing out packages, so I feel a bit let down with 6 so far...

 

Thanks in advance for anyone's help.

[Marcos 5,074]

You can download an agent installation file from ESET's website, put it to a local share and edit the URI in the Agent Live installer (batch file) to point to it:

set url=hxxp://repository.eset.com/v1/com/eset/apps/business/era/agent/v6/6.1.444.0/Agent_x64.msi
if defined IsArch_x86 (
  set url=hxxp://repository.eset.com/v1/com/eset/apps/business/era/agent/v6/6.1.444.0/Agent_x86.msi
)

 

As for deploying Agent, we recommend doing it through GPO as there are numerous system restrictions that could cause a push install to fail.

[jimwillsher 65]

As Marcos said, exactly what we do to. I generate the "live installer" and then edit it manually. Use something like UltraEdit for the editing - Notepad is rubbish as the file is badly formatted for carriage returns etc. In there, you can change the URL to the MSI, the port number, anything else you need to.

 

I've used this successfully to push out loads of installs by connected to the PC manually using psexec and running the installer.

 

 

Jim

[JamesBray 0]

I've changed the batch file, and confirmed that if a workstation visits the URL of one of the MSI files that it can download it okay, however when I run the Live Installer batch file on the same client I get the command window pop up for a few seconds and then I get the error:

 

"This installation package could not be opened. verify that the package exists and that you can access it, or contact the application vendor to verify that this is a valid Windows Installer package."

 

Again, if I copy and paste the URL of the MSI file out of the script and run it, the installer runs without an issue.

 

Any ideas?

 

Edit: I am using a https link to the file, could this be the issue?

 

Edit 2: I've tried it other ways now too, but through the batch file I always get the same error.

 

Edit 3: I've generated a fresh Live Installer to make sure I've not got anything wrong, but I am still getting the same thing... What on earth is happening here?

Edited July 24, 2015 by JamesBray

[jimwillsher 65]

This is the useful part from my file when installing from C:\Temp; compare to yours. Modifications are in bold.

 

set ca_cert_b64=BlahBlahBlahBlahBlah

set http_proxy_hostname=
set http_proxy_port=
set http_proxy_username=
set http_proxy_password=

if "%PROCESSOR_ARCHITECTURE%" == "x86" (
  if not defined PROCESSOR_ARCHITEW6432 set IsArch_x86=true
)

set url="C:\Temp\Agent_x64.msi"                <<<<
if defined IsArch_x86 (
  set url="C:\Temp\Agent_x86.msi"            <<<<
)

set ca_path=%temp%\era.ca.der.b64
if exist !ca_path! del !ca_path!
> !ca_path! echo !ca_cert_b64!

set peer_cert_path=%temp%\era.peer.pfx.b64
if exist !peer_cert_path! del !peer_cert_path!
> !peer_cert_path! echo !peer_cert_b64!

echo Installing ESET Remote Administrator 6 Agent...

> "%temp%\uacinstall.vbs" (
echo.' ESET Remote Administrator ^(OnlineInstallerScript^)
echo.' Copyright ^(c^) 1992-2015 ESET, spol. s r.o. All Rights Reserved
echo.
echo.Class CComputer
echo.    Private m_MACAddress
echo.    Private m_Parameters
echo.    Public Function Init^(MACAddress, Parameters^)
echo.        m_MACAddress = MACAddress
echo.        m_Parameters = Parameters
echo.        Set Init = Me
echo.    End Function
echo.    Public Property Get MACAddress
echo.        MACAddress = m_MACAddress
echo.    End Property
echo.    Public Property Get Parameters
echo.        Parameters = m_Parameters
echo.    End Property
echo.End Class
echo.
echo.Dim computers: computers = Array^( _

echo.^)
echo.
echo.On Error Resume Next
echo.packageLocation = !url!
echo.On Error GoTo 0
echo.
echo.
echo.Dim ca_b64: ca_b64 = "!ca_cert_b64!"
echo.
echo.Function GetCollectionCount^(collection^)
echo.    GetCollectionCount = 0
echo.    On Error Resume Next
echo.    GetCollectionCount = collection.Count
echo.End Function
echo.
echo.Dim params: params = "/qr /i " ^& packageLocation ^& " /l*v %temp%\ra-agent-install.log" ^&_
echo.                     " ALLUSERS=1 REBOOT=ReallySuppress" ^&_
echo.                     " P_CONNECTION_CHOSEN=Host" ^&_
echo.                     " P_HOSTNAME=""!server_hostname!""" ^&_
echo.                     " P_PORT=""!server_port!""" ^&_
echo.                     " P_CERT_PATH=""!peer_cert_path!""" ^&_
echo.                     " P_CERT_PASSWORD=""!peer_cert_pwd!""" ^&_
echo.                     " P_LOAD_CERTS_FROM_FILE_AS_BASE64=YES"
echo.
echo.If ca_b64 ^<^> "" Then
echo.    params = params ^& " P_CERT_AUTH_PATH=""!ca_path!"""
echo.End If
echo.

[thembin 0]

Am realy not happy with this Eset Remote Administrator 6.X  i really cant deal with the fact that i have to install 300+ machines manually because this remote deploy from the browser is not working for me