(Urgent) Restore Agent connection to new Era

[zulhilmi 0]

during component upgrade from era 6.3 to era 6.4 the program files is corrupted for unknown reason. So reinstall a fresh ERA 6.3 in hope to get the client connection back. Server hostname and ip server address are not change. 

 

unfortunately none of the client able to reconnect back. we understand this something has to do with client agent certificate failed to handshake with the new server certificate. 

 

Is there any way to restore the previous certificate to the newly setup server so we can get the client connection back.

 

we dont want to go to every machine again to reinstall the agent because there 800 users. we only have backup content for the previous era in this folder. its there anything that can be useful in this case 

 

C:\Program Files (x86)\Apache Software Foundation\Tomcat 7.0\webapps\era

 

If its really impossible to performed the above is there any plan in the near future to make the backup and recovery of era much easier and lastly, if we were to go to every machine again. can the new era agent simply be installed on top of the existing agent.

 

[MichalJ 430]

You need to have your previous Certification Authority, and Server certificate backed up (exported).

If you do have them, you can import them (CA + ERA server certificate) and configure server to use this old ERA server certificate. Then the agents will start "trusting" the new server, and everything will work normally.

This documentation part gives you the steps to take: hxxp://help.eset.com/era_install/64/en-US/index.html?clean_installation_same_ip.htm

 

The best way would be to try to reconnect to an existing (backed-up) DB, as everything is in the DB, including the certificates.

Edited October 11, 2016 by MichalJ

[macros 1]

is old database still exist. i think we can import cert from database.

i see tbl_certificate but dont know how to export it.

 

[MartinK 376]

You basically need two type of certificates:

• for peer certificate located in tbl_certificates table, use context menu "Save BLOB to file" on value from column certificate_pfx_blob.
• for CA certificates, export from table tbl_certification_authorities and save values from column der_blob. Or also pfx_blob in case you want to have also private part of certificate, but ERA installer won't be able to import such certificate.

[macros 1]

 

You basically need two type of certificates:

• for peer certificate located in tbl_certificates table, use context menu "Save BLOB to file" on value from column certificate_pfx_blob.
• for CA certificates, export from table tbl_certification_authorities and save values from column der_blob. Or also pfx_blob in case you want to have also private part of certificate, but ERA installer won't be able to import such certificate.

 

thank you for info MartinK.

[Pinni3 21]

I had similar situation. All I did (I had near 400 stations) was re-deploy agent. I did it with PDQ Deploy software (free version), loaded new bat file and thats it. It goes on the fly and it wont get more than 45 minutes for 800 stations...

[zulhilmi 0]

I manage to open previous database using sql server management. Kindly advise next step how to extract the certificate and how I can import the cert again in the ERA Server.

[zulhilmi 0]

Thanks for advice, now I able to restore the certificate back.  

[dzemo1004 0]

Hi, I have same problem and i can open previous database using ssms, but how to export blob to file that can be imported in era server. Could someone help me please ?!

[MartinK 376]

I would recommend to follow steps from: https://stackoverflow.com/questions/10325338/fastest-way-to-export-blobs-from-table-into-individual-files describing process of saving binary (blob) values into files from SMSS.

It is also possible to use HeidiSQL (as used in previous comments for MySQL) also with MSSQL database if it is running.