See182 0 Posted September 19, 2016 Share Posted September 19, 2016 Hello, I'm currently using the Linux Appliance with ERA6 running on it. I can deploy the agents and install the software remotly, but the server will not show me any informations. The only machine that is shown at the dashboard, is the ERA machine itself, all others aren't on the list although the server with the agent installed on it, have the right settings. Thank you. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted September 19, 2016 ESET Staff Share Posted September 19, 2016 Could you please check AGENT's status log on one of client's located at C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html or C:\Documents and Settings\All Users\Application Data\Eset\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.hmtl? Log shows most significant error and whether AGENT is/was able to connect to SERVER. In case mentioned log won't be available, please check whether ESET Remote Administrator Agent is actually installed on clients as we had a bug that caused installation failure, but success was reported to SERVER - this applies especially for deployment using remote installation task. In case status of AGENT installation will be "green" and successful connections to ERA will be reported, please try to restart SERVER's service in OVA - it may be known bug from previous versions of ERA which we cannot exclude as you have not mentioned version of ERA or OVA. Link to comment Share on other sites More sharing options...
kingoftheworld 10 Posted September 19, 2016 Share Posted September 19, 2016 I too have had issues with ERA 6/ESET 4 for Linux endpoint. I have seen where the client will just disappear out of my ERA console as if it was never there, and then it will just reappears at random times. Unable to find via IP or hostname. Link to comment Share on other sites More sharing options...
See182 0 Posted September 21, 2016 Author Share Posted September 21, 2016 Could you please check AGENT's status log on one of client's located at C:\ProgramData\ESET\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.html or C:\Documents and Settings\All Users\Application Data\Eset\RemoteAdministrator\Agent\EraAgentApplicationData\Logs\status.hmtl? Log shows most significant error and whether AGENT is/was able to connect to SERVER. In case mentioned log won't be available, please check whether ESET Remote Administrator Agent is actually installed on clients as we had a bug that caused installation failure, but success was reported to SERVER - this applies especially for deployment using remote installation task. In case status of AGENT installation will be "green" and successful connections to ERA will be reported, please try to restart SERVER's service in OVA - it may be known bug from previous versions of ERA which we cannot exclude as you have not mentioned version of ERA or OVA. Okay first the informations: I've download the virtuall appliance of the ESET webpage and these are the versions fo the ERA Server: ESET Remote Administrator (Server), Version 6.4.304.0ESET Remote Administrator (Webconsole), Version 6.4.280.0 CentOS (64-bit), Version 7.2.1511 I've installed the agent manually on one server and the log file contains three failures. Status log Scope Time Text Last replication 2016-Sep-21 07:51:16 Error: CReplicationManager: Replication (network) connection to 'host: "carimgt5" port: 2222' failed with: Connection closed by remote peer for session id 14030 Peer certificate 2016-Sep-20 10:57:49 Error Agent peer certificate with subject 'CN=Agent Zertifikat für Hosts, O="NAME HAS BEEN REMOVED"., L=Worms, S=Rheinland-Pfalz, C=DE' issued by 'CN="NAME HAS BEEN REMOVED", O="NAME HAS BEEN REMOVED", L=Worms, S=Rheinland-Pfalz, C=DE' with serial number '"HAS BEEN REMOVED"' is invalid now (NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain) Peer certificate may be valid but can not be verified on this machine Check time validity and presence of issuing certification authority Replication security 2016-Sep-21 07:51:16 Error: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain Remote host: STVERA1 Remote machine certificate is not trusted because signing certificates (CAs) are not trusted or found in system/agent database Check if signing certificate authority was used during installation of agent or installed in system I think I've made something wrong with the certificate Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted September 21, 2016 ESET Staff Share Posted September 21, 2016 Replication security 2016-Sep-21 07:51:16 Error: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain This means that AGENT does not trust SERVER's certificate because it is missing its CA certificate. You have most probably installed AGENT with wrong CA certificate - AGENT expects CA certificate that was used to sign SERVER's certificate. I guess you have multiple CA certificates and you have choose wrong one - is this the case? Link to comment Share on other sites More sharing options...
See182 0 Posted September 21, 2016 Author Share Posted September 21, 2016 (edited) Replication security 2016-Sep-21 07:51:16 Error: NodVerifyCertificateChain failed: NodVerifyTrustResult: 6, NVT_NotTrustedRoot, X509ChainStatus: 0x10000, X509CSF_PartialChain This means that AGENT does not trust SERVER's certificate because it is missing its CA certificate. You have most probably installed AGENT with wrong CA certificate - AGENT expects CA certificate that was used to sign SERVER's certificate. I guess you have multiple CA certificates and you have choose wrong one - is this the case? Well I've got one CA and four peer certificates. I've created all of them and delete the ones that came from scratch. Edited September 21, 2016 by See182 Link to comment Share on other sites More sharing options...
See182 0 Posted September 21, 2016 Author Share Posted September 21, 2016 (edited) So I just factory reseted my OVA and everything works as soon as I use the default CA and default peer certificates. If I use an own CA it doens't work. So am I doing something wrong by creating a new CA? Edited September 21, 2016 by See182 Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted September 21, 2016 ESET Staff Share Posted September 21, 2016 Please provide more details - you have created nee CA certificate in ERA (= using ERA) or you imported it from somewhere else? In case you created CA using ERA, have you also used ti to create new peer certificates? If you, you created new SERVER's and AGENT's certificates? Link to comment Share on other sites More sharing options...
See182 0 Posted September 21, 2016 Author Share Posted September 21, 2016 Please provide more details - you have created nee CA certificate in ERA (= using ERA) or you imported it from somewhere else? In case you created CA using ERA, have you also used ti to create new peer certificates? If you, you created new SERVER's and AGENT's certificates? Okay so I used the ERA WebGUI to create a new CA under Admin - Certificates - CA | Action - New. There I fill in all the Gapps with a Passphrase and thats it actually. Link to comment Share on other sites More sharing options...
ESET Staff MartinK 383 Posted September 21, 2016 ESET Staff Share Posted September 21, 2016 So that means you have not changes SERVER's certificate in it's configuration? In that case your SERVER is still using certificate that was generated during setup, signed by CA certificate that was also generated during installation -> which means AGENT's must be installed with this original CA certificate. What was purpose of generating new CA certificate? We can provide steps in case you specify your scenario. Link to comment Share on other sites More sharing options...
See182 0 Posted September 21, 2016 Author Share Posted September 21, 2016 So that means you have not changes SERVER's certificate in it's configuration? In that case your SERVER is still using certificate that was generated during setup, signed by CA certificate that was also generated during installation -> which means AGENT's must be installed with this original CA certificate. What was purpose of generating new CA certificate? We can provide steps in case you specify your scenario. Okay I already thought that would be the problem. My pupose of the own CA was that I wanted to create for each of our servers. So I don't have everything in one CA and in one Server. Link to comment Share on other sites More sharing options...
Recommended Posts