Jump to content

ERA Agent on ERA server not reporting in


BrentVIP
 Share

Recommended Posts

I decided to bite the bullet and upgrade from 6.1 to 6.2.  I created the client task to update ERA components and sent it on it's way for all endpoints.  I checked back on it the following day and noticed the web console still reported as 6.1.  I looked at some of my agents and they showed upgraded to 6.2 but when I looked at the actual ERA agent for the ERA server I noticed it hasn't checked in since August.  August is when I brought my system up to 6.1 from 6.0.

 

I am using a Linux virtual prebuilt appliance machine for my ERA so I created a Linux Agent Live Installer and transferred it over to the appliance.  I extracted the tar and ran the .sh and it appeared to download and run successfully.  I checked back in the webconsole and it is still not reporting. 

 

I decided to right click and delete it out of the webconsole and rerun the install script.  Still not reporting in.   Most topics I've found on not reporting agents it has always referred to communication or credential issues.  Since this agent resides on the actual machine I wouldn't imagine that could be the case. Any suggestions?

Link to comment
Share on other sites

  • 2 weeks later...
  • ESET Staff

It's still not reporting in and at this point I'm all out of ideas...

Hello,

 

I would suggest to check ERA agent trace logs located in /var/log/eset/RemoteAdministrator/Agent/trace.log or /var/log/eset/RemoteAdministrator/Agent/status.html for errors. Please check also time of last modification, so that we know agent is running.

Link to comment
Share on other sites

Hey BrentVIP,

 

My ERAS is on a CentOS 6.5 server. I have a number of Linux and OS X clients and some of them suddenly stop reporting. Here's what I usually do:

 

ps aux | grep eset

Are all your eset components running ? Most importantly, is ERAAgent running?

If it isn't, run service eraagent restart . (Sometimes I find it helpful to have another terminal with tail -f /var/log/eset/RemoteAdministrator/Agent/trace.log to observe the behavior as it kickstarts.

 

netstat -a | grep <eras server hostname>

Is there an established connection to your ERAS server? Do you have open sockets ?

 

Sometimes it is helpful to run the built in DiagnosticAgent tool to snapshot information and logs on the Agent. This is found in /opt/eset/RemoteAdministrator/Agent/

 

Frequently I see the local SQLite database will break so I'll rerun the Agent installation to repair. This may not be the case with you since you've already reinistalled the Agent.

 

If you give a little more info/background on what you find, I can probably give a hand. There's also a couple of other Linux Admins on this forum who can probably jump in. 

Link to comment
Share on other sites

Sorry guys, I must not have been subscribed to this thread and missed your replies.  I checked the agent Trace.log and this group of errors show up every check in:

2015-12-17 21:51:58 Error: CAgentSecurityModule [Thread 7f85e8dfa700]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in$
2015-12-17 21:51:58 Error: NetworkModule [Thread 7f85e2bfd700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:::1, ResolvedHostna$
2015-12-17 21:51:58 Error: NetworkModule [Thread 7f85e2bfd700]: Protocol failure for session id 2443, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementat$
2015-12-17 21:51:58 Error: CReplicationModule [Thread 7f8592bfd700]: CReplicationManager: Replication (network) connection to 'host: "localhost" port: 2222' failed with: Receive: NodSslWr$
2015-12-17 21:51:58 Error: CAgentSecurityModule [Thread 7f85e8dfa700]: Certificated user verification failed with: VerifyDnsSubjectAltName: Hostname does not match any supported record in$
2015-12-17 21:51:58 Error: NetworkModule [Thread 7f85e2bfd700]: Receive: NodSslWriteEncryptedData: Internal error in the underlying implementations., ResolvedIpAddress:127.0.0.1, Resolved$
2015-12-17 21:51:58 Error: NetworkModule [Thread 7f85e2bfd700]: Protocol failure for session id 2444, error:Receive: NodSslWriteEncryptedData: Internal error in the underlying implementat$
2015-12-17 21:51:58 Error: CReplicationModule [Thread 7f8592bfd700]: CReplicationManager: Replication (network) connection to 'host: "127.0.0.1" port: 2222' failed with: Receive: NodSslWr$

I noticed it's saying that the name doesn't match the certificate.  I guess at some point I changed something so I recreated my installer and verified that the name on the certificate matched my server name.  Once I installed that it started reporting again.

 

Thank you guys for the help!

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...