Jump to content

Agent deployment fails with mount error(13) permission denied

Markovskij

By Markovskij
in Remote Management

 Share
Go to solution Solved by MartinK,

Recommended Posts

Markovskij

Markovskij 2

Posted
Posted

I have hard time deploying new linux server to manage our clients, as old server crashed.

I managed to solve most of the problems and installation steps with documentation, this forum and google.

Thank you for this post https://forum.eset.com/topic/4069-remote-administrator-on-linux-help-file-changes/

It's my first try, i'm using Ubuntu Desktop 14.04.3 at the moment.

 

I have two problems now. First, there are no status messages about server tasks. I saw in ESET videos, that after starting the task, there are statuses "running", "finished" etc. But there are none in my remote administrator web console. Though i managed to complete 'Static Group Synchronization' and i see all the computers from AD, but task details executions are empty, as though it never happened.

 

Second, server cannot deploy Agents to computers, web console shows no reports, no statuses, nothing at all. But the log file on the server Trace.log has messages about failed mount.

+ LANG= mount -t cifs -o username=Administrator //user-pc.domain.com/ADMIN$ /tmp/era_remote_deploy_wn_sdf654sdgf64/cifs
mount error(13): Permission denied
Refer to the mount.cifs(8) manual page (e.g. man mount.cifs)
* [Exit code = 32]

With the help of linux forums i narrowed the problem. Mount command has to provide additional security mode for my shares "sec=ntlm", so this line works:

mount -t cifs -o username=Administrator,sec=ntlm //user-pc.domain.com/ADMIN$ /tmp/era_remote_deploy_wn_sdf654sdgf64/cifs

Question - how to make ESET to update its mount command? I did not find any settings files, or script files where i could edit this command. I think linux also cannot force to always use ntlm mode in mount by default.

Any help or links to help articles are appreciated.

Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 375

Posted
  • ESET Staff
Posted
I have two problems now. First, there are no status messages about server tasks. I saw in ESET videos, that after starting the task, there are statuses "running", "finished" etc. But there are none in my remote administrator web console. Though i managed to complete 'Static Group Synchronization' and i see all the computers from AD, but task details executions are empty, as though it never happened.

 

Hello,

 

we have seen similar symptoms in case MariaDB was used instead of supported MySQL .. could be your case? Are there any related errors in trace logs?

 

 

Question - how to make ESET to update its mount command? I did not find any settings files, or script files where i could edit this command. I think linux also cannot force to always use ntlm mode in mount by default.

Any help or links to help articles are appreciated.

 

Unfortunately there is currently no way how to configure remote installation task in such detail. Were you able to find out why default sec=ntlmssp does not work you? Targeted (client) computer is using older Windows?

Link to comment
Share on other sites
  • ESET Staff
  • Solution
MartinK

MartinK 375

Posted
  • ESET Staff
  • Solution
Posted (edited)

 

Question - how to make ESET to update its mount command? I did not find any settings files, or script files where i could edit this command. I think linux also cannot force to always use ntlm mode in mount by default.

Any help or links to help articles are appreciated.

 

Unfortunately there is currently no way how to configure remote installation task in such detail. Were you able to find out why default sec=ntlmssp does not work you? Targeted (client) computer is using older Windows?

 

 

Hello,

 

just realized you can modify script file /var/opt/eset/RemoteAdministrator/Server/Scripts/UnixWindowsNetworkRemoteInstall.sh that is used to perform remote disk mounting, but be aware that repairing or updating of ERA Server will replace this file.

Edited by MartinK
Link to comment
Share on other sites
Markovskij

Markovskij 2

Posted
  • Author
Posted

Hello, MartinK, both your suggestions worked!

I had installed mariadb from habit, and missed that it should be mysql. Could not switch mariadb to mysql, so i reinstalled the server, this time ubuntu-server, second time is much easier and smoother.

Now the status messages work.

I also added "sec=ntlm" to UnixWindowsNetworkRemoteInstall.sh script and agent was deployed succesfully!

This not default security option is probably needed because of our AD configuration, haven't digged deeper yet, because it works now this way.

 

Now i get handshake errors from agent, which cannot communicate with server, but i'll create another thread if i won't be able to find the problem myself.

 

Thank you very much for fast and accurate solutions!

2015-12-01 09:00:46 Error: CReplicationModule [Thread 4ef8]: CReplicationManager: Replication (network) connection to 'host: "192.168.100.120" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-12-01 09:01:46 Error: CAgentSecurityModule [Thread 3a90]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (10.1.179.46,Ubuntu64-bb,Ubuntu64-bb.BB.LOCAL)
2015-12-01 09:01:46 Error: NetworkModule [Thread 53d8]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.100.120, ResolvedHostname:, ResolvedPort:2222
2015-12-01 09:01:46 Error: NetworkModule [Thread 53d8]: Protocol failure for session id 16, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.
Link to comment
Share on other sites
  • ESET Staff
MartinK

MartinK 375

Posted
  • ESET Staff
Posted

Now i get handshake errors from agent, which cannot communicate with server, but i'll create another thread if i won't be able to find the problem myself.

 

Thank you very much for fast and accurate solutions!

2015-12-01 09:00:46 Error: CReplicationModule [Thread 4ef8]: CReplicationManager: Replication (network) connection to 'host: "192.168.100.120" port: 2222' failed with: Receive: NodSslWriteEncryptedData: Handshake failed to complete.
2015-12-01 09:01:46 Error: CAgentSecurityModule [Thread 3a90]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in certificate SubjectAltName extension (10.1.179.46,Ubuntu64-bb,Ubuntu64-bb.BB.LOCAL)
2015-12-01 09:01:46 Error: NetworkModule [Thread 53d8]: Receive: NodSslWriteEncryptedData: Handshake failed to complete., ResolvedIpAddress:192.168.100.120, ResolvedHostname:, ResolvedPort:2222
2015-12-01 09:01:46 Error: NetworkModule [Thread 53d8]: Protocol failure for session id 16, error:Receive: NodSslWriteEncryptedData: Handshake failed to complete.

 

This is quiet common problem: your ERA Server certificate was created for hostnames 10.1.179.46,Ubuntu64-bb,Ubuntu64-bb.BB.LOCAL, but AGENT is configured to connect to "192.168.100.120" ... you have to repair AGENT so that it connect to one of listed hostnames/IPs or you can create new server certificates that contains mentioned IP (or wildcard * for all)

Link to comment
Share on other sites
Guest
This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...