Mike 8 Posted August 25, 2015 Share Posted August 25, 2015 Hi, Foolishly I set the URL for my test install of ERAv6 as one that is only internally routable (i.e. era_server_name.local-domain.lan) and I am now rolling it out wider, I realised my mistake. I now want to enable agents to connect via an externally routable URL (i.e. era.external-domain.com) instead, but unsure where to change this? Is it in a profile setting somewhere, or in the agent itself? (I want to both change already connected agents/machines so they phone home when outside our lan, and also change the default so that new machines I rollout the agent to out in the field can now connect too). I've already configured the DNS for the desired routable URL both internally and externally, and configured the router to do the required port forwarding.... I just need to set the agents and the ESET products to connect there. Thanks Mike Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 25, 2015 Administrators Share Posted August 25, 2015 Create or edit an agent policy and add / change the ERA server there: Link to comment Share on other sites More sharing options...
Mike 8 Posted August 26, 2015 Author Share Posted August 26, 2015 Thanks for that. Not sure how I didn't find that before. What I discovered was that the server URL set in those policies was actually set as "127.0.0.1" which surprised me! (Wasn't even the machinename.localdomain.lan)! I'm presuming it wasn't actually using this setting, as that wouldn't find the correct server even locally on the office network, so presumably there is another setting somewhere, which was being used to route the agents to the correct server internally... just not from out on the internet. Anyway.... forcing out a policy with the correct externally routable URL has worked for those external laptops that I could VPN back in to the main office from, so they could pick up the policy change and then they were able to successfully report back correctly even without the VPN. So that solution is going to be all good for those which I can visit and temporarily connect via a VPN to the office. However, I get the impression that the Agent installer by itself is looking for the non-routable URL (presumably in the form: machinename.localdomain.lan rather than 127.0.0.1) and therefore even if I remotely install the agent onto these machines, I will still need to get them to connect somehow to pick up the correct policy to start calling home. This is an issue for us, as most of our laptops permanently live in the field and never connect to the office network (neither locally or via VPN). What I need is a way to change the default setting, so that when I give them the Agent (by whatever means) it is already configured correctly, so I don't need to do anything else extra to get them to pick up the new correct policy, and therefore is ready to go. Is this something I can change somewhere as the default? Or even re-build the agent installers with the correct setting baked in. I feel like I must be missing something obvious somewhere... and have been surprised I can't find it..... unless it is something that can only be set at the time of install and not changed later?? Mike Link to comment Share on other sites More sharing options...
Administrators Marcos 5,074 Posted August 26, 2015 Administrators Share Posted August 26, 2015 If you use Agent Live installer (a simple batch file generated by ERA), it contains both the server and port which can be edited manually, if needed: set server_hostname=10.1.115.57set server_port=2222 Link to comment Share on other sites More sharing options...
Mike 8 Posted August 27, 2015 Author Share Posted August 27, 2015 Nosing around the SQL tables, I found: tbl_servers which only has one row in my table, which has an entry for: server_name.local-domain.lan Can I edit that row to have the externally routable version of that URL instead? I would be tempted to just try it to see, but I wasn't sure what the "server_mask" column was there for, and therefore if it would break something if I changed the URL in that table. Anyone any thoughts about that? Keen to change the default somewhere, so that everything that references the default URL for Eset Rempte Admin gets the correct one, without me having to manually change it a variety of places as suggested above (like manually updating policies, manually updating the bat files for installers etc). Mike Link to comment Share on other sites More sharing options...
Mike 8 Posted August 31, 2015 Author Share Posted August 31, 2015 I have found that when creating a live installer, that putting the routable URL in the optional "address of server as seen from client" box does work. I had tried that on a early test and not got it to work, so hadn't pursued that further. There must have been something else broken on that first attempt that threw me off the scent! So I've managed to connect some new clients externally using that method with the live installer. I've also successfully used the policy method to fix some already deployed agents. So I am least working now... Ok. I'm still interested in whether there is merit in changing that SQL table entry, so that it uses the routable URL to the same server. Feels like that wluld be neat, with no downsides (if it will work) My next move though is probably to wait for ERA v6.2 as there was something about moving servers coming, which may or may not be what I'm looking for. If that doesn't fix it, I might then try the SQL route (with suitable backups first) to see if that works. Mike Link to comment Share on other sites More sharing options...
Recommended Posts