Jump to content

era agent deployment


Recommended Posts

Hi guys,
I have this situation:
I have old eset era 5 on server1 and new eset era on server2.
Problem is: from new server2 is not sucessfully deploy era agent to client. Allways I got error Failed.
On all clients is instaled endpoint securyty. If I disabled on client edpoint firewall, deployment from new server2 will be sucessfully.

 

Is it possible set on all clients firewall rule form old eset era server? I mean set in policy enable some ports to allov agent deployment from new server2.
Thank you.  
 

Link to comment
Share on other sites

  • ESET Staff

If you have the old(existing) clients still configured to connect to ERA 5 (they are still Endpoint 5), you should be able to do it. If you have already installed Endpoint 6, you won´t be able to do it, as you can´t configure Endpoint 6, from ERA 5 anyhow.  Once the ERA Agent is deployed successfully, it will basically transfer the management to the new server directly.

 

NOTE: There are some things, you need to consider, once migrating to ERA 6:

  • if you were using mirror, please make sure, that you reconfigure Endpoints, to update from a newly setup mirror server (ERA 6 does not feature mirror), or reconfigure them, to communicate via proxy server (you can install Apache HTTP Proxy), where the updates will be cached (this replaces the mirror functionality). 
  • in case of ERA 5 and Endpoint 5, it was not necessary to set update parameters on the Endpoints if they were not updating form the internet. Now, you have to activate all of the Endpoints, to enable them. Please prepare, to perform activation tasks once you have upgraded to Endpoint 6. You should also activate, when you are planning to update via the proxy, as that is the way, how the update credentials are delivered into the older Endpoints. 
Link to comment
Share on other sites

I have installed on old era server Endpoint 6. If I disabled firewall on old era server, deployment from new server was sucessfull.

I enabled firewall on old serve era again and create policy on firewall:

 

TCP and UDP: 2222,1237,445,137,138,139

 

and deployment was not sucessfully:

Failed to open service.  [WERR_NO_SUCH_SERVICE]

 

If I disable firewall (flush all rules), deplyment was sucessfully.

 

I think - i must enable another ports on firewall, but which ones?

Link to comment
Share on other sites

  • ESET Staff

In case remote deployment finished with WERR_NO_SUCH_SERVICE it means ERA successfully connected and copied files to target system and failed during temporary windows service registration.

Windows service is registered using RPC call which according to windows documentation uses TCP port 135. This information will be soon available also in ERA documentation.

 

In case opening TCP port 135 won't help, is it possible to check firewall logs for blocked communication from ERA server IP?

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...