Jump to content

ESET ERA Server 6.1.444.0 - Problem with loading CA certificate


Recommended Posts

Hello,
 
I have installed ESET ERA server 6.x on Windows 2008R2 Server. Few days ago I noticed that agents on my client computers did not connect to ERA server. There are following entries on log file of server:

2015-09-29 11:25:55 Error: CServerSecurityModule [Thread cdc]: CertStoreReadMapperAdapter: Failed to fill the certificate and CRL cache. Error: LoadAll: Certification authority record is missing guard
2015-09-29 11:25:55 Error: CServerSecurityModule [Thread cdc]: CertStoreReadMapperAdapter: Failed to fill the certificate and CRL cache. Error: LoadAll: Certification authority record is missing guard
2015-09-29 11:25:55 Error: CReplicationModule [Thread 1090]: CStepProcessor: Replication master validation process failed with: Object b0ca9d8f-1085-4fa1-880a-d7dfc353f239 was not found (LoadCertificationAuthority: Certification authority does not exist)
2015-09-29 11:26:31 Error: CReplicationModule [Thread 1090]: CStepProcessor: Replication master validation process failed with: Object b0ca9d8f-1085-4fa1-880a-d7dfc353f239 was not found (LoadCertificationAuthority: Certification authority does not exist)
2015-09-29 11:26:46 Error: CReplicationModule [Thread 1090]: CStepProcessor: Replication master validation process failed with: Object b0ca9d8f-1085-4fa1-880a-d7dfc353f239 was not found (LoadCertificationAuthority: Certification authority does not exist)

 

I suspect problem with reading CA certificate. The point is that I didn't change any of certificates - especially CA certificate. All valid certificates are proper displayed in WebConsole, but the fact is that I cannot export them. There are also entries in SQL database with valid certificates, so from data point of view - nothing changed.

 

If I try to export certificates or download live packages I got following:

 

2015-09-30 09:05:17 Error: CServerSecurityModule [Thread 1ba4]: GetObjectGuard: Failed to get object guard
2015-09-30 09:05:17 Error: CRepositoryModule [Thread 3ac]: GetObjectGuard: Failed to get object guard
2015-09-30 09:05:17 Error: ConsoleApiModule [Thread 1a04]: 2206 Error while getting online installers: GetObjectGuard: Failed to get object guard
2015-09-30 09:05:17 Error: ConsoleApiModule [Thread 1a04]: Untranslatable CInterModuleException: GetObjectGuard: Failed to get object guard
2015-09-30 09:05:33 Error: CServerSecurityModule [Thread 1900]: GetObjectGuard: Failed to get object guard
2015-09-30 09:05:33 Error: ConsoleApiModule [Thread 1a04]: 2206 Error while sending ExportPeerCertificateAndPrivateKey request: GetObjectGuard: Failed to get object guard
2015-09-30 09:05:33 Error: ConsoleApiModule [Thread 1a04]: Untranslatable CInterModuleException: GetObjectGuard: Failed to get object guard

 

 

The problem starts after reboot when some Microsoft updates were installed. I've tried to uninstall updates from that day but it didn't help.

 

Do anyone have similar problem ?

 

Thanks for reply.

 

Link to post
Share on other sites

Now I have ESET ERA 6.2.171.0 installed . Problem is that since few days remote agents cannot connect to ERA server.

In server log file still can be found:

 

Quote

 

2015-10-01 08:46:06 Error: CReplicationModule [Thread 7f0]: CStepProcessor: Replication master validation process failed with: Object b0ca9d8f-1085-4fa1-880a-d7dfc353f239 was not found (LoadCertificationAuthority: Certification authority does not exist)
2015-10-01 08:46:31 Error: CReplicationModule [Thread 7f0]: CStepProcessor: Replication master validation process failed with: Object b0ca9d8f-1085-4fa1-880a-d7dfc353f239 was not found (LoadCertificationAuthority: Certification authority does not exist)
2015-10-01 08:47:06 Error: CReplicationModule [Thread 7f0]: CStepProcessor: Replication master validation process failed with: Object b0ca9d8f-1085-4fa1-880a-d7dfc353f239 was not found (LoadCertificationAuthority: Certification authority does not exist)
 

 

I don't know what CA certficate is missing. I reinstalled all software, and created new CA, deployed new agents, but problems still exists.

I have never configured replication for era server.

 

Maybe problem is somewere in database...

Link to post
Share on other sites
  • ESET Moderators

By saying "I reinstalled all software" do you mean that you also installed new ERA server from scratch, without migrating any of the old server's databases or settings?

Link to post
Share on other sites

No, I mean that I've uninstall ERA Server, ERA Agent , Tomcat Proxy, Web Console... and install it again. Database was not deleted. New instance of server was connect to existing database.

 

DO you think that I should create new database ? If yes, how can I export settings all settings ?

Link to post
Share on other sites
  • 4 weeks later...
  • ESET Moderators

It is not possible to only export settings of the server without keeping the database, the settings can only be transferred by keeping the database.

You can either keep the database along with the settings, or perform a new installation in which the default settings will be applied.

Link to post
Share on other sites
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    No registered users viewing this page.

×
×
  • Create New...