zulhilmi 0 Posted October 11, 2016 Share Posted October 11, 2016 during component upgrade from era 6.3 to era 6.4 the program files is corrupted for unknown reason. So reinstall a fresh ERA 6.3 in hope to get the client connection back. Server hostname and ip server address are not change. unfortunately none of the client able to reconnect back. we understand this something has to do with client agent certificate failed to handshake with the new server certificate. Is there any way to restore the previous certificate to the newly setup server so we can get the client connection back. we dont want to go to every machine again to reinstall the agent because there 800 users. we only have backup content for the previous era in this folder. its there anything that can be useful in this case C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\era If its really impossible to performed the above is there any plan in the near future to make the backup and recovery of era much easier and lastly, if we were to go to every machine again. can the new era agent simply be installed on top of the existing agent. Link to comment Share on other sites More sharing options...
ESET Staff MichalJ 430 Posted October 11, 2016 ESET Staff Share Posted October 11, 2016 (edited) You need to have your previous Certification Authority, and Server certificate backed up (exported). If you do have them, you can import them (CA + ERA server certificate) and configure server to use this old ERA server certificate. Then the agents will start "trusting" the new server, and everything will work normally. This documentation part gives you the steps to take: hxxp://help.eset.com/era_install/64/en-US/index.html?clean_installation_same_ip.htm The best way would be to try to reconnect to an existing (backed-up) DB, as everything is in the DB, including the certificates. Edited October 11, 2016 by MichalJ Link to comment Share on other sites More sharing options...
macros 1 Posted October 11, 2016 Share Posted October 11, 2016 is old database still exist. i think we can import cert from database. i see tbl_certificate but dont know how to export it. Link to comment Share on other sites More sharing options...
ESET Staff Solution MartinK 376 Posted October 11, 2016 ESET Staff Solution Share Posted October 11, 2016 You basically need two type of certificates: for peer certificate located in tbl_certificates table, use context menu "Save BLOB to file" on value from column certificate_pfx_blob. for CA certificates, export from table tbl_certification_authorities and save values from column der_blob. Or also pfx_blob in case you want to have also private part of certificate, but ERA installer won't be able to import such certificate. Link to comment Share on other sites More sharing options...
macros 1 Posted October 12, 2016 Share Posted October 12, 2016 You basically need two type of certificates: for peer certificate located in tbl_certificates table, use context menu "Save BLOB to file" on value from column certificate_pfx_blob. for CA certificates, export from table tbl_certification_authorities and save values from column der_blob. Or also pfx_blob in case you want to have also private part of certificate, but ERA installer won't be able to import such certificate. thank you for info MartinK. Link to comment Share on other sites More sharing options...
Pinni3 21 Posted October 12, 2016 Share Posted October 12, 2016 I had similar situation. All I did (I had near 400 stations) was re-deploy agent. I did it with PDQ Deploy software (free version), loaded new bat file and thats it. It goes on the fly and it wont get more than 45 minutes for 800 stations... Link to comment Share on other sites More sharing options...
zulhilmi 0 Posted October 13, 2016 Author Share Posted October 13, 2016 I manage to open previous database using sql server management. Kindly advise next step how to extract the certificate and how I can import the cert again in the ERA Server. Link to comment Share on other sites More sharing options...
zulhilmi 0 Posted October 17, 2016 Author Share Posted October 17, 2016 Thanks for advice, now I able to restore the certificate back. Link to comment Share on other sites More sharing options...
dzemo1004 0 Posted September 13, 2017 Share Posted September 13, 2017 Hi, I have same problem and i can open previous database using ssms, but how to export blob to file that can be imported in era server. Could someone help me please ?! Link to comment Share on other sites More sharing options...
ESET Staff MartinK 376 Posted September 14, 2017 ESET Staff Share Posted September 14, 2017 I would recommend to follow steps from: https://stackoverflow.com/questions/10325338/fastest-way-to-export-blobs-from-table-into-individual-files describing process of saving binary (blob) values into files from SMSS. It is also possible to use HeidiSQL (as used in previous comments for MySQL) also with MSSQL database if it is running. Link to comment Share on other sites More sharing options...
Recommended Posts