BrentVIP 1 Posted November 30, 2015 Share Posted November 30, 2015 I decided to bite the bullet and upgrade from 6.1 to 6.2. I created the client task to update ERA components and sent it on it's way for all endpoints. I checked back on it the following day and noticed the web console still reported as 6.1. I looked at some of my agents and they showed upgraded to 6.2 but when I looked at the actual ERA agent for the ERA server I noticed it hasn't checked in since August. August is when I brought my system up to 6.1 from 6.0. I am using a Linux virtual prebuilt appliance machine for my ERA so I created a Linux Agent Live Installer and transferred it over to the appliance. I extracted the tar and ran the .sh and it appeared to download and run successfully. I checked back in the webconsole and it is still not reporting. I decided to right click and delete it out of the webconsole and rerun the install script. Still not reporting in. Most topics I've found on not reporting agents it has always referred to communication or credential issues. Since this agent resides on the actual machine I wouldn't imagine that could be the case. Any suggestions? Link to comment Share on other sites More sharing options...
BrentVIP 1 Posted December 11, 2015 Author Share Posted December 11, 2015 It's still not reporting in and at this point I'm all out of ideas... Link to comment Share on other sites More sharing options...
ESET Staff MartinK 378 Posted December 11, 2015 ESET Staff Share Posted December 11, 2015 It's still not reporting in and at this point I'm all out of ideas... Hello, I would suggest to check ERA agent trace logs located in /var/log/eset/RemoteAdministrator/Agent/trace.log or /var/log/eset/RemoteAdministrator/Agent/status.html for errors. Please check also time of last modification, so that we know agent is running. Link to comment Share on other sites More sharing options...
bbraunstein 27 Posted December 11, 2015 Share Posted December 11, 2015 Hey BrentVIP, My ERAS is on a CentOS 6.5 server. I have a number of Linux and OS X clients and some of them suddenly stop reporting. Here's what I usually do: ps aux | grep eset Are all your eset components running ? Most importantly, is ERAAgent running? If it isn't, run service eraagent restart . (Sometimes I find it helpful to have another terminal with tail -f /var/log/eset/RemoteAdministrator/Agent/trace.log to observe the behavior as it kickstarts. netstat -a | grep <eras server hostname> Is there an established connection to your ERAS server? Do you have open sockets ? Sometimes it is helpful to run the built in DiagnosticAgent tool to snapshot information and logs on the Agent. This is found in /opt/eset/RemoteAdministrator/Agent/ Frequently I see the local SQLite database will break so I'll rerun the Agent installation to repair. This may not be the case with you since you've already reinistalled the Agent. If you give a little more info/background on what you find, I can probably give a hand. There's also a couple of other Linux Admins on this forum who can probably jump in. Link to comment Share on other sites More sharing options...
BrentVIP 1 Posted December 17, 2015 Author Share Posted December 17, 2015 Sorry guys, I must not have been subscribed to this thread and missed your replies. I checked the agent Trace.log and this group of errors show up every check in: 2015-12-17 21:51:58 Error: CAgentSecurityModule [Thread 7f85e8dfa700]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in$ 2015-12-17 21:51:58 Error: NetworkModule [Thread 7f85e2bfd700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:::1, ResolvedHostna$ 2015-12-17 21:51:58 Error: NetworkModule [Thread 7f85e2bfd700]: Protocol failure for session id 2443, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementat$ 2015-12-17 21:51:58 Error: CReplicationModule [Thread 7f8592bfd700]: CReplicationManager: Replication (network) connection to 'host: "localhost" port: 2222' failed with: Receive: NodSslWr$ 2015-12-17 21:51:58 Error: CAgentSecurityModule [Thread 7f85e8dfa700]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in$ 2015-12-17 21:51:58 Error: NetworkModule [Thread 7f85e2bfd700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:127.0.0.1, Resolved$ 2015-12-17 21:51:58 Error: NetworkModule [Thread 7f85e2bfd700]: Protocol failure for session id 2444, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementat$ 2015-12-17 21:51:58 Error: CReplicationModule [Thread 7f8592bfd700]: CReplicationManager: Replication (network) connection to 'host: "127.0.0.1" port: 2222' failed with: Receive: NodSslWr$ I noticed it's saying that the name doesn't match the certificate. I guess at some point I changed something so I recreated my installer and verified that the name on the certificate matched my server name. Once I installed that it started reporting again. Thank you guys for the help! Link to comment Share on other sites More sharing options...
Recommended Posts