Documente Academic
Documente Profesional
Documente Cultură
REMOTE
ADMINISTRATOR 6
Installation, Upgrade and Migration Guide
Click here to navigate to the most recent version of this document
Click here to display Online help version of this document
ESET Remote Admi ni s tra tor 6 wa s devel oped by ESET, s pol . s r.o.
For more i nforma ti on vi s i t www.es et.com.
Al l ri ghts res erved. No pa rt of thi s documenta ti on ma y be reproduced, s tored i n a
retri eva l s ys tem or tra ns mi tted i n a ny form or by a ny mea ns , el ectroni c, mecha ni ca l ,
photocopyi ng, recordi ng, s ca nni ng, or otherwi s e wi thout permi s s i on i n wri ti ng from
the a uthor.
ESET, s pol . s r.o. res erves the ri ght to cha nge a ny of the des cri bed a ppl i ca ti on s oftwa re
wi thout pri or noti ce.
Cus tomer Ca re: www.es et.com/s upport
REV. 5/30/2016
Contents
3.2.5.3
Agent
..................................................................................71
uninstallation and troubleshooting
1. Installation/Upgrade
.......................................................5
3.2.6
Web ..............................................................................72
Console installation
1.1 Features
....................................................................................................5
3.2.7
Proxy..............................................................................72
installation
3.2.7.1
Proxy
..................................................................................73
prerequisites
RD Sensor
..............................................................................73
installation
1.2 Architecture
....................................................................................................6
1.2.1
Server..............................................................................6
3.2.8
1.2.2
Web Console
..............................................................................7
3.2.8.1
RD..................................................................................73
Sensor prerequisites
1.2.3
Agent ..............................................................................7
3.2.9
Mobile
..............................................................................74
Device Connector installation
1.2.4
Proxy ..............................................................................8
3.2.9.1
Mobile
..................................................................................75
Device Connector prerequisites
1.2.5
Rogue..............................................................................9
Detection Sensor
3.2.9.2
Mobile
..................................................................................76
Device Connector activation
1.2.6
Mobile
..............................................................................11
Device Connector
3.2.9.3
MDM
..................................................................................77
iOS licensing funcionality
1.2.7
Apache
..............................................................................11
HTTP Proxy
3.2.9.4
Import
..................................................................................77
HTTPS certificate chain for MDM
3.2.10
Apache
..............................................................................79
HTTP Proxy installation and cache
3.2.11
Mirror
..............................................................................80
tool
3.2.12
Failover
..............................................................................83
Cluster
1.3 Deployment
....................................................................................................12
1.3.1
Single..............................................................................13
Server (Small Business)
1.3.2
Remote
..............................................................................14
Branches with Proxies
1.3.3
High ..............................................................................15
Availability (Enterprise)
1.3.4
Practical
..............................................................................16
deployment examples (Windows)
1.4 Supported
....................................................................................................17
products and languages
1.5 Differences
....................................................................................................18
to version 5
2. System
.......................................................20
requirements
2.1 Supported
....................................................................................................20
Operating Systems
2.1.1
Windows
..............................................................................20
2.1.2
Linux..............................................................................22
2.1.3
OS X ..............................................................................23
3.3 Component
....................................................................................................84
installation on Linux
3.3.1
Step-by-step
..............................................................................84
ERA Server installation on Linux
3.3.2
MySQL
..............................................................................85
installation and configuration
3.3.3
ODBC..............................................................................86
installation and configuration
3.3.4
Server
..............................................................................87
installation - Linux
3.3.4.1
Server
..................................................................................89
prerequisites - Linux
3.3.5
Agent..............................................................................90
installation - Linux
3.3.5.1
Agent
..................................................................................92
prerequisites - Linux
3.3.6
Web ..............................................................................92
Console installation - Linux
3.3.6.1
ERA
..................................................................................93
Web Console prerequisites - Linux
3.3.7
Proxy..............................................................................93
installation - Linux
3.3.7.1
Proxy
..................................................................................95
prerequisites - Linux
3.3.8
RD Sensor
..............................................................................95
installation and prerequisites - Linux
3.3.9
Mobile
..............................................................................96
Device Connector installation - Linux
3.3.9.1
Mobile
..................................................................................97
Device Connector prerequisites - Linux
2.5 Supported
....................................................................................................25
versions of Apache Tomcat
3.3.10
Apache
..............................................................................98
HTTP Proxy installation - Linux
3.3.11
Squid
..............................................................................101
HTTP Proxy installation on Ubuntu Server 14.10
3.3.12
Mirror
..............................................................................101
tool
2.7 Network
....................................................................................................25
3.3.13
Failover
..............................................................................104
Cluster - Linux
3.3.14
How..............................................................................106
to uninstall or reinstall a component - Linux
2.7.1
Ports..............................................................................25
used
3. Installation
.......................................................28
process
3.1 All-in-one
....................................................................................................28
installation on Windows
3.4 Component
....................................................................................................106
installation on Mac OS X
3.4.1
Agent
..............................................................................106
installation - Mac OS X
3.5 Database
....................................................................................................107
3.1.1
Install
..............................................................................29
ERA Server
3.1.2
Install
..............................................................................38
ERA Proxy
3.5.1
Database
..............................................................................107
Server Backup
3.1.3
Install
..............................................................................43
ERA Mobile Device Connector (Standalone)
3.5.2
Database
..............................................................................108
Server Upgrade
3.1.4
Uninstall
..............................................................................47
components
3.5.3
ERA..............................................................................108
Database Migration
3.1.5
Custom
..............................................................................49
certificates with ERA
3.5.3.1
Migration
..................................................................................108
process for SQL Server
3.1.6
Windows
..............................................................................60
SBS / Essentials
3.5.3.2
Migration
..................................................................................117
process for MySQL Server
3.6 ISO
....................................................................................................118
image
3.2 Component
....................................................................................................62
installation on Windows
Server
..............................................................................64
installation
3.7 DNS
....................................................................................................119
Service Record
3.2.1
3.2.1.1
Server
..................................................................................66
prerequisites - Windows
3.2.2
Microsoft
..............................................................................67
SQL Server requirements
3.2.3
MySQL
..............................................................................68
Server installation and configuration
3.2.4
Dedicated
..............................................................................69
database user account
4.1 Component
....................................................................................................120
upgrade task
3.2.5
Agent..............................................................................69
installation
3.2.5.1
Server-assisted
..................................................................................70
Agent installation
3.2.5.2
Offline
..................................................................................71
Agent installation
4.1.1
Product
..............................................................................129
installation using component upgrade
4.2 Migration
....................................................................................................129
from previous ERA version
4.2.1
Migration
..............................................................................131
scenario 1
4.2.2
Migration
..............................................................................133
scenario 2
4.2.3
Migration
..............................................................................136
scenario 3
4.3 Migration
....................................................................................................138
from one server to another
4.3.1
Clean
..............................................................................139
Installation - same IP address
4.3.2
Clean
..............................................................................140
Installation - different IP address
4.3.3
Migrated
..............................................................................141
Database - same IP address
4.3.4
Migrated
..............................................................................142
Database - different IP address
4.3.5
Uninstallation
..............................................................................143
of the old ERA Server
Windows
..............................................................................144
instructions (All-in-one installer)
4.5.2
Windows
..............................................................................146
instructions (manual)
4.6 Upgrading
....................................................................................................147
Apache Tomcat
4.6.1
Windows
..............................................................................147
instructions (All-in-one installer)
4.6.2
Windows
..............................................................................148
instructions (manual)
4.6.3
Linux
..............................................................................149
instructions
5. Troubleshooting
.......................................................153
5.1 Answers
....................................................................................................153
to common installation issues
5.2 Log
....................................................................................................156
files
5.3 Diagnostic
....................................................................................................158
Tool
5.4 Problems after upgrade/migration of
....................................................................................................159
ERA
Server
5.5 MSI
....................................................................................................161
Logging
6. First
.......................................................162
Steps
6.1 Opening
....................................................................................................162
the ERA Web Console
7. ESET
.......................................................164
Remote Administrator API
8. FAQ.......................................................165
1. Installation/Upgrade
ESET Remote Administrator (ERA) is an application that allows you to manage ESET products on client workstations,
servers and mobile devices in a networked environment from one central location. With ESET Remote
Administrator's built-in task management system, you can install ESET security solutions on remote computers and
quickly respond to new problems and threats.
ESET Remote Administrator does not provide protection against malicious code by itself. Protection of your
environment depends on the presence of an ESET security solution such as ESET Endpoint Security on workstations
and mobile devices, or ESET File Security for Microsoft Windows Server on server machines.
ESET Remote Administrator is built around two primary principles:
1. Centralized management - the entire network can be configured, managed and monitored from one place.
2. Scalability - the system can be deployed in a small network as well as in large enterprise environments. ESET
Remote Administrator is designed to accommodate the growth of your infrastructure.
ESET Remote Administrator supports the new generation of ESET security products and is also compatible with the
previous generation of products.
The Installation/Upgrade guide covers many ways to install ESET Remote Administrator and is generally intended
for enterprise customers. Please refer to the guide for small and medium-sized businesses if you want to install
ESET Remote Administrator on a Windows platform to manage up to 250 Windows ESET endpoint products.
The ESET Remote Administrator help pages include a complete Installation and upgrade guide:
Architecture of ESET Remote Administrator
Migration Tool
Installation processes
ESET License Administrator
Deployment processes and Agent deployment using GPO or SCCM
First steps after installing ESET Remote Administrator
Post Installation Tasks
Administration guide
1.1 Features
The following features and capabilities are new in version 6.3:
Platform independency - ERA Server works on both Windows and Linux!
Post Installation Tasks - shows you how to get the most from ESET Remote Administrator and guide you through
the recommended steps for an optimal user experience.
ERA Web Console, the primary user interface for ESET Remote Administrator, is accessed using your web browser.
This makes it easy to use from any place and any device.
ESET License Administrator - ESET Remote Administrator must be activated using an ESET-issued License key
before you can begin using it. See the ESET License Administrator section for instructions on how to activate your
product, or see the ESET License Administrator Online help for more information about using the ESET License
Administrator.
A fully customizable Dashboard gives you a great overview of the security state of your network and the Admin
section of ESET Remote Administrator Web Console (ERA Web Console) is a powerful and user-friendly tool for
managing ESET products.
ERA Agent - the ERA Agent must be installed on all client computers that communicate with the ERA Server.
Notifications - deliver relevant information in real time and Reports allows you to conveniently sort various types
of data that you can use later.
1.2 Architecture
ESET Remote Administrator is a new generation of remote management system and differs significantly from
previous versions of ESET Remote Administrator. Since the architecture is completely different, there is no
backward compatibility with old generation of ESET Remote Administrator. However, compatibility with previous
versions of ESET security products remains.
Together with new ESET Remote Administrator, ESET also released new generation of its security products along
with a new licensing system.
To perform a complete deployment of the ESET security solutions portfolio, the following components must be
installed (Windows and Linux platforms):
ERA Server
ERA Web Console
ERA Agent
The following supporting components are optional, we recommend that you install them for best performance of
the application on the network:
ERA Proxy
RD Sensor
Mobile Device Connector
1.2.1 Server
ESET Remote Administrator Server (ERA Server) is the executive application that processes all data received from
clients that connect to the Server (through the ERA Agent). To correctly process data, the Server requires a stable
connection to a database server where network data is stored. We recommend that you install the database server
on a different computer to achieve better performance.
1.2.3 Agent
The ESET Remote Administrator Agent (ERA Agent) is an essential part of ESET Remote Administrator 6. Clients do
not communicate with the Server directly, rather the Agent facilitates this communication. The Agent collects
information from the client and sends it to the ERA Server. If the ERA Server sends a task for the client - it is sent to
the Agent which then sends this task to the client.
To simplify implementation of the endpoint protection the stand-alone ERA Agent is included in the ERA suite (from
version 6). It is simple, highly modular and lightweight service covering all communication between ERA Server and
any ESET product or operating system. Rather than communicate with the ERA Server directly, ESET products
communicate through the Agent. Client computers that have ESET Agent installed and can communicate with the
ERA Server are referred to as 'managed'. You can install the Agent on any computer regardless of whether or not
other ESET software has been installed.
1.2.4 Proxy
ERA Proxy is a lightweight version of the ERA Server component. This type of server is used to allow a high degree of
scalability. ERA Proxy allows you to concentrate traffic from client Agents. It allows multiple Agents to connect to
the ERA Proxy, which then distributes traffic to the ERA Server. This allows for the optimization of database queries.
It is also possible for the ERA Proxy to connect to other ERA Proxy and then to the ERA Server. Everything depends
on the network environment and its configuration.
What is the difference between ERA Proxy and Apache HTTP Proxy?
The ERA Proxy is also responsible for passive distribution of configuration data (groups, policies, tasks, etc.) to
Agents. This forwarding is done with no involvement from the ERA Server.
The only way to configure the ERA Proxy (and all other components) is via policy sent from the ERA Server. This
means that the Agent must be installed on the ERA Proxy machine to deliver the configuration from the ERA Server
to the ERA Proxy component.
NOTE: It is not possible for the ERA Server to connect to the ERA Proxy directly without the Agent.
ERA Proxy is another component of ESET Remote Administrator and serves two purposes. In the case of a mediumsized or enterprise network with many clients (for example, 10,000 clients or more), you can use ERA Proxy to
distribute load between multiple ERA Proxies, thereby distributing load away from the main ERA Server. Another
advantage of the ERA Proxy is that you can use it when connecting to a remote branch office with a weak link. This
means that ERA Agent on each client is not connecting to the main ERA Server directly, but rather via ERA Proxy,
which is on the same local network of the branch office. This configuration offers better communication with the
branch office. The ERA Proxy accepts connections from all local ERA Agents, compiles their data and uploads it to the
main ERA Server (or another ERA Proxy). This allows your network to accommodate more clients without
compromising the performance of your network and database queries.
For proper function of the ERA Proxy, the host computer where you install ERA Proxy must have an ESET Agent
installed and must be connected to the upper level (either ERA Server or an upper ERA Proxy, if there is one) of your
network.
NOTE: See a deployment scenario with ERA Proxy.
Every computer within the network structure (domain, LDAP, Windows network) is added to ERA Server's computers
list automatically via a server synchronization task. Using RD sensor is a convenient way to find computers that are
not in the domain or other network structure and add them to ESET Remote Administrator Server. RD Sensor
remembers computers that are already discovered and will not send the same information twice.
10
11
NOTE: For offline virus database updates, use the Mirror tool instead of Apache HTTP Proxy. This tool is available
for both platforms (Windows and Linux).
1.3 Deployment
In the following chapters, we will cover deployment scenarios for different network environments. For more
detailed instructions, see the appropriate chapter:
Single Server (Small Business)
High Availability (Enterprise)
Remote Branches with Proxies
12
13
14
15
16
Product version
Activation method
6.x
6.x
2.x
6.x
6.x
4.5.x
4.x
Product version
Activation method
4.x
4.5.x
4.5.x
4.5.x
4.5.x
4.5.x
4.5.x
4.2.76
4.2.76
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
NOTE: ESET Windows Server product versions earlier than those shown in the table above are not currently
manageable using ESET Remote Administrator.
NOTE: See also End of Life policy for ESET business products.
Supported languages
Language
English (United States)
Arabic (Egypt)
Chinese Simplified
Chinese Traditional
Croatian (Croatia)
Czech (Czech Republic)
French (France)
French (Canada)
German (Germany)
Italian (Italy)
Japanese
Korean (Korea)
Polish (Poland)
Portuguese (Brazil)
Russian (Russia)
Spanish (Chile)
Spanish (Spain)
Slovak (Slovakia)
Code
en-US
ar-EG
zh-CN
zh-TW
hr-HR
cs-CZ
fr-FR
fr-FC
de-DE
it-IT
ja-JP
ko-KR
pl-PL
pt-BR
ru-RU
es-CL
es-ES
sk-SK
Version 6
Version 5
Console
18
Components
Computer discovery
Remote installation
Yes
Policies
Groups
Static and Dynamic groups. One static Static and Parametric groups
group per computer. Dynamic groups
are evaluated by an Agent, regardless
of connectivity to the Server.
Membership is reported to the
Server.
Reporting
Mirror
OS platform support
Windows only
Database
No
19
2. System requirements
There is a set of hardware, database and software prerequisites which must be met in order to install and operate
ESET Remote Administrator.
2.1.1 Windows
The following table displays supported Windows operating systems for each ESET Remote Administrator
component:
Operating System
Server
Agent
Proxy
X
X
RD Sensor
MDM
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Server
Agent
Proxy
RD Sensor
MDM
Operating System
X
X
X
X
X
X
X
X
X
X
X*
X*
X
X
X*
X*
X
X
X*
X*
Windows 8 x86
X*
X*
X*
20
Windows 8 x64
X*
X*
X*
X*
X*
X
X
X*
X*
X
X
X*
X*
Windows 10 x86
Windows 10 x64
X*
X*
X
X
X*
X*
X
X
X*
X*
* Installing ERA components on a client OS might not be aligned with Microsoft licensing policy. Check Microsoft
licensing policy or consult your software supplier for details. In SMB / small network environments, we encourage
you to consider a Linux ERA installation or virtual appliance where applicable.
** Microsoft SQL Server Express included with Microsoft Small Business Server (SBS) is not supported by ESET
Remote Administrator. If you want to run your ERA database on SBS, you must use a newer version of Microsoft SQL
Server Express or MySQL. For more details and instructions, see Installation on Windows SBS / Essentials.
On older Windows operating systems, for example Windows Server 2003, protocol encryption might not be fully
supported on the operating system side. In such a configuration, TLSv1.0 will be used instead of TLSv1.2, (TLSv1.0 is
considered less secure than more recent versions). This situation can also occur when the operating system
supports TLSv1.2 but the client does not. In this case, communication takes place using TLS1.0. To ensure the most
secure communication, we suggest that you use newer operating systems (Windows Server 2008 R2 and later for
servers and Windows Vista and later for clients).
NOTE: It is possible to install VMware Player on a desktop Operating System and deploy the ESET Remote
Administrator virtual appliance. This lets you run ESET Remote Administrator on a non-server OS without the need
for ESXi.
21
2.1.2 Linux
The following table displays supported Linux operating systems for each ESET Remote Administrator component:
Operating System
Server
Agent
Proxy
RD Sensor
MDM
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
CentOS 5 x86
CentOS 5 x64
CentOS 6 x86
CentOS 6 x64
CentOS 7 x86
CentOS 7 x64
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SLED 11 x86
SLED 11 x64
SLES 11 x86
SLES 11 x64
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
OpenSUSE 13 x86
OpenSUSE 13 x64
X
X
X
X
X
X
X
X
X
X
Debian 7 x86
Debian 7 x64
X
X
X
X
X
X
X
X
X
X
Fedora 19 x86
Fedora 19 x64
Fedora 20 x86
Fedora 20 x64
Fedora 23 x86
Fedora 23 x64
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
22
2.1.3 OS X
Operating System
OS X 10.7 Lion
OS X 10.8 Mountain Lion
OS X 10.9 Mavericks
OS X 10.10 Yosemite
OS X 10.11 El Capitan
Agent
X
X
X
X
X
NOTE: OS X is supported as a client only. The ERA Agent and ESET products for OS X can be installed on OS X
however ERA Server cannot be installed on OS X.
Non-persistent desktop
Supported Hypervisors
Citrix XenServer
Microsoft Hyper-V
VMware vSphere
VMware ESXi
VMware Workstation
VMware View
Supported Hypervisor extensions
Citrix VDI-in-a-box
Citrix XenDesktop
Tools
(applies to both virtual and physical machines)
Microsoft SCCM
Windows Server 2012 Server Manager
23
2.3 Hardware
For seamless operation of ESET Remote Administrator, your system should meet the following hardware
requirements:
Memory
Hard Drive
Processor
Network connection
4 GB RAM
At least 20 GB of free space
Dual-Core, 2.0 GHz or faster
1 Gbit/s
2.4 Database
ESET Remote Administrator supports two types of database servers:
Microsoft SQL Server (including Express and non-Express editions) 2008, 2008 R2, 2012, 2014
MySQL (5.5+ is supported, we strongly recommend you to use at least version 5.6)
Specify the database server you want to use when installing ERA Server or ERA Proxy. Microsoft SQL Server Express
is installed by default and is a part of the All-in-one installer. You can use an existing Microsoft SQL Server running in
your environment; however, it must meet minimum requirements.
Database server hardware requirements
Memory
1 GB RAM
Hard Drive
Processor Speed
Processor Type
Additional information
Microsoft SQL Server Express has a 10 GB size limit of the each relational database and cannot be installed on a
Domain Controller. We do not recommend the use of Microsoft SQL Server Express in Enterprise environments or
large networks. If you use Microsoft SBS, we recommend that you install ESET Remote Administrator on a
different server or do not select the SQL Server Express component during installation (this requires you to use
your existing SQL or MySQL Server to run the ERA database).
If you intend to use the dedicated database user account that will have access to the ERA database only, you must
create a user account with specific privileges before installation. For more information, see Dedicated database
user account. Additionally, you will need to create an empty database that will be used by ESET Remote
Administrator.
See also instructions how to install configure MySQL for Windows and MySQL for Linux to work properly with ESET
Remote Administrator. Note that MariaDB is not supported by ESET Remote Administrator.
ERA Server and ERA Proxy do not use an integrated backup. We strongly recommend that you back up your
database server to prevent data loss.
24
Version
Note
Mozilla Firefox
Microsoft Internet Explorer
Microsoft Edge
Google Chrome
Safari
Opera
20+
10+
25+
23+
6+
15+
2.7 Network
It is essential that both ERA Server and client computers managed by ERA have a working Internet connection so that
they can reach the ESET repository and activation servers. If you prefer not to have clients connect directly to the
Internet, you can use a proxy server (not the same as Apache HTTP Proxy or ERA Proxy) to facilitate communication
with your network and the Internet.
Computers managed by ERA should be connected to the same LAN and/or should be in the same Active Directory
domain as your ERA Server. The ERA Server must be visible by client computers. Additionally, client computers must
be able to communicate with your ERA Server to use remote deployment and the wake-up call feature.
Ports used
If your network uses a firewall, see our list of possible network communication ports used when ESET Remote
Administrator and its components are installed in your infrastructure.
Port
Usage
Descriptions
TCP
2222
TCP
2223
Port
Usage
Descriptions
TCP
443
Listening
25
ERA Proxy:
Protocol
Port
Usage
Descriptions
TCP
2222
Listening
Port
Usage
Descriptions
TCP
3128
Listening
Protocol
Port
Usage
Descriptions
UDP
1237
Listening
UDP
1238
Listening
ERA Agent:
Port
Usage
Descriptions
TCP
9977
TCP
9978
TCP
9980
Listening
TCP
9981
Listening
TCP
5223
TCP
2195
TCP
2196
TCP
443
ERA Agent - used for remote deployment of ERA Agent to a target computer with Windows OS:
Protocol
Port
Usage
Descriptions
TCP
139
TCP
445
UDP
137
UDP
138
The pre-defined ports 2222, 2223 can be changed if they are already in use by other applications.
NOTE: For the proper function of ESET Remote Administrator, none of the ports above can be used by other
applications.
26
NOTE: Make sure to configure any firewall(s) within your network to allow communication via the ports listed
above.
27
3. Installation process
For instructions to upgrade your existing ERA installation, go to Upgrade procedures.
ESET Remote Administrator installers are available in different formats to support different install methods. They
are available in the download section of the ESET website under Remote Administrator 6 (click to expand the
category). Here, you can download the following:
The ERA All-in-one installer package for Windows in a zipped form
An ISO image that contains all installers of ESET Remote Administrator (except ERA Virtual Appliances)
Virtual appliances (OVA files). Deployment of the ERA Virtual Appliance is recommended for users who want to
run ESET Remote Administrator in a virtualized environment or prefer hassle-free installation. See our complete
ERA Virtual Appliance deployment guide for step-by-step instructions.
Step-by-step installation instructions for Linux
Individual installers for each component - for Windows and Linux platform
Do not change the Computer name of your ERA Server machine after installation. See Change of IP address or
hostname on ERA Server for more information.
2. After accepting the EULA, click Next. Select the applicable components to install and click Install.
MICROSOFT SQL SERVER EXPRESS:
If you already have other version of Microsoft SQL Server or MySQL installed, or you plan to connect to
different SQL Server, please deselect this component.
You will not be able to install Microsoft SQL Server Express on a Domain Controller. This is likely to happen if
you are using Windows SBS / Essentials. We recommend you install ESET Remote Administrator on a different
server or to use Microsoft SQL Server or MySQL Server to run the ERA database. More information.
IMPORTANTNOT ALL USERS SHOULD INSTALL APACHE HTTP PROXY:
Doing so will create and apply several proxy-based policies for clients automatically, which can affect your
ability to download updates. We recommend that you deselect the check box next to Apache HTTP Proxy. If
you are unsure whether this component is needed; you can install Apache HTTP Proxy later if you want.
What is Apache HTTP Proxy?
29
30
3. If errors are found during the prerequisites check, address them accordingly. Make sure your system meets all
prerequisites.
The following notification may be displayed if your system does not have enough disk space for ERA to install:
There is only 32 MB free on system disk
At least 5000 MB must be free on disk.
31
4. When the prerequisites check is complete and your environment meets all requirements, installation will begin.
5. Enter a valid License Key (included in the new purchase email you received from ESET) and click Next. If you are
using legacy license credentials (Username and Password), convert the credentials to a License Key.
Alternatively, you can choose to Activate later. If you choose Activate later, see the Activation chapter for further
instruction.
32
6. If you chose to have Microsoft SQL Server Express installed in step 2, a database connection check will be
performedskip to Web Console user & server connection. If you have an existing database server, you will be
prompted to enter your database connection details in the next step.
7. If you are using an existing SQL Server or MySQL, configure connection settings accordingly. Enter your Database
name, Hostname, Port number (you can find this information in Microsoft SQL Server Configuration Manager),
and Database account details (Username and Password) into the appropriate fields and then click Next. The
connection to the database will be verified. If you have an existing ERA database (from a previous ERA
installation) on your database server, this will be detected. You can choose to Use existing database and apply
upgrade or Remove existing database and install new version.
NOTE: There are two options when entering Database account information. You can use a dedicated database
user account that will have access only to the ERA database, alternatively an SA account (MS SQL) or root account
(MySQL). If you decide to use a dedicated user account, you need to have this account created with specific
privileges. For details, see Dedicated database user account. If you do not intend to use a dedicated user account,
enter administrator account (SA or root).
If you entered SA account or root account in the previous window, click Yes to continue using the SA/root account
as the database user for ESET Remote Administrator.
33
If you click No, you must select Create new user (if you have not already created one) or Use existing user (if you
have a dedicated database user account as mentioned here).
34
8. You will be prompted to enter a password for the Web Console Administrator account. This password is
important, as you will be using it to log into the ERA Web Console. Click Next.
9. You can leave the fields intact, or enter your corporate information to appear in the details of ERA Agent and ERA
Server certificates. If you choose to enter a password to the Authority password field, be sure to remember it.
Click Next.
35
36
11. When the installation is complete, an "ESET Remote Administrator Server installation was successful" message
will display in addition to your ERA Web Console URL address. Click the URL address to open the Web Console, or
click Finish.
37
3. Select the components that you want to install. If you do not have a database server, you can install Microsoft SQL
Server Express, which is included in the installation package (not recommended for Enterprise and/or large
networks!). You can also install ESET RD Sensor from the installation package.
38
4. If you chose to have Microsoft SQL Server Express installed in step 2, a database connection check will be
performed - skip to Proxy configuration. If you have an existing database server, you will be prompted to enter
your database connection details in the next step.
Enter the following information to allow your database connection:
a. Database: MySQL Server/MS SQL Server/MS SQL Server via Windows Authentication
b. ODBC Driver: MySQL ODBC 5.1 Driver/MySQL ODBC 5.2 Unicode Driver/MySQL ODBC 5.3 Unicode Driver/SQL
Server/SQL Server Native Client 10.0/ODBC Driver 11 for SQL Server
c. Hostname: Hostname or the IP Address of the database server
d. The port used for connection with the Server
e. Database admin account Username/Password
39
If you entered SA account or root account in the previous window, click Yes to continue using the SA/root account
as the database user for ESET Remote Administrator.
If you click No, you must select Create new user (if you have not already created one) or Use existing user (if you
have a dedicated database user account as mentioned here).
40
This step will verify your connection to the database. If the connection is OK, you can proceed to the next step.
5. Configure the proxy connection to ESET Remote Administrator. Enter a Server host (hostname/IP address of the
Server) and Server port (2222).
6. Select a Peer Certificate exported from ERA Web Console and a password for this certificate. Optionally, add a
Certificate Authority. This is only required when unsigned certificates are used.
41
7. The ERA Agent will be installed in addition to ERA Proxy. Follow the steps on-screen to complete installation if
ERA Agent is not already installed.
42
3. After accepting the EULA, click Next. Select the applicable components to install and click Install.
4. Click Browse, navigate to the location of your SSL certificate for communication via HTTPS, type in the password
for this certificate:
43
5. Specify MDM hostname: this is the public domain or public IP address of your MDM server as it is reachable by
mobile devices from the Internet.
IMPORTANT: MDM hostname must be entered in the same form as specified in your HTTPS Server certificate,
otherwise the iOS mobile device will refuse to install MDM Profile. For example, if there is an IP address specified
in the HTTPS certificate, type in this IP address into the MDM hostname field. In case FQDN is specified (e.g.
mdm.mycompany.com ) in the HTTPS certificate, enter this FQDN in MDM hostname field. Also, if there is a wild card *
used (e.g. *.mycompany.com) in HTTPS certificate, you can use mdm.mycompany.com in the MDM hostname field.
44
6. Installer needs to create new database which will be used by Mobile Device Connector, therefore provide
connection details:
Database: MySQL Server/MS SQL Server/MS SQL Server via Windows Authentication
ODBC Driver: MySQL ODBC 5.1 Driver/MySQL ODBC 5.2 Unicode Driver/MySQL ODBC 5.3 Unicode Driver/SQL
Server/SQL Server Native Client 10.0/ODBC Driver 11 for SQL Server
Database name: you can leave predefined name or change it if required
Hostname: hostname or the IP address of your database server
Port: used for connection to the database server
Database admin account Username/Password
NOTE: We recommend using the same database server you are using for ERA database, but it can be different
DB server if required. When you click the Next button, Mobile Device Connector installer will create its
database.
7. Specify user for newly created Mobile Device Connector database. You can Create new user or Use existing
database user. Type in the password for the database user.
8. Enter Server host (name or IP address of your ERA Server) and Server port (default port is 2222, if you are using
different port, then replace the default port with your custom port number).
9. Now you have two options how to continue with the installation:
o Server assisted installation - you will need to provide ERA Web Console administrator credentials (installer will
download required certificates automatically).
1. Enter Server host - name or IP address of your ERA Server and Web Console port (leave default port 2223
if you are not using custom port). Also, provide Web Console administrator account credentials Username/Password.
2. When asked to Accept Certificate, click Yes. Continue to step 9.
o Offline installation - you will need to provide Proxy certificate which can be exported from ESET Remote
Administrator. Alternatively, you can use your custom certificate.
1. Click Browse and navigate to the location with Peer certificate (this is the Proxy certificate you've
exported from ERA). Leave the Certificate password text field blank as this certificate does not require
password. Continue to step 9.
45
NOTE: In case you are using your custom certificates with ERA (instead of the default ones that were
automatically generated during ESET Remote Administrator installation), then use your custom certificates
accordingly.
10. Specify destination folder for Mobile Device Connector (we recommend using default), click Next, then Install.
11. After the installation is complete, check if the Mobile Device Connector is running correctly by opening https://
your-mdm-hostname:enrollment-port (for example https://mdm.company.com:9980) in your web browser or
from a mobile device. If the installation was successful, you will see following message:
12. You can now activate MDM from ERA Remote Administrator.
46
After accepting the EULA, click Next. Select the component(s) you want to uninstall and click Uninstall.
47
NOTE: A computer restart may be required to complete the removal of particular components.
48
49
50
Choose (No Template) Legacy Key from the drop-down list and make sure that PKCS #10 Request format is
selected. Click Next.
51
Expand Details section by clicking the arrow pointing down, then click Properties button.
In the General tab, type in Friendly name for your certificate, you can also type Description (optional).
In the Subject tab, do the following:
In Subject name section, choose Common Name from the drop-down list under Type and enter era server into the
Value field, then click Add button. CN=era server will appear in the information box on the right. If you are creating
certificate request for ERA Agent or ERA Proxy, type era agent or era proxy to the value field of Common name.
52
NOTE: Common Name must contain one of these strings: "server", "agent" or "proxy", depending on which
Certificate Request you want to create.
In Alternative name section, choose DNS from the drop-down list under Type and enter * (asterisk) into the Value
field, then click Add button.
In the Extensions tab, expand Key usage section by clicking the arrow pointing down. Add the following from the
Available options: Digital signature, Key agreement, Key encipherment. Deselect Make these key usages critical
option using the checkbox.
53
54
NOTE: Deselect all other CSPs (except the Microsoft RSA SChannel Cryptographic Provider (Encryption) which
must be selected).
Expand Key Options section. In the Key size menu, select a value of at least 2048. Select Make private key
exportable.
Expand Key Type section, select Exchange option. Click Apply, and check your settings.
Click OK button. Certificate information will be displayed, and click then Next button to continue. Click on Browse
button to select the location where the certificate signing request (CSR) will be saved. Type the file name and make
sure the Base 64 is selected.
55
56
In the Certification Authority (Local) tree, select Your Server (usually FQDN) > All Tasks > Submit new request...
and navigate to previously generated CSR file in step 2.
Certificate will be added into Pending Requests. Select the CSR in the right navigation pane. In the Action menu,
select All Tasks > Issue.
In the Save Binary Data dialog box, move to the file location where you want to save the certificate, and then click
Save.
5. Import created .tmp file.
Go to Certificate (Local Computer) > right-click Personal, select All Tasks > Import...
Click Next...
Locate previously saved .tmp binary file using Browse... and click Open. Select Place all certificates in the
following store > Personal. Click Next.
The certificate will be imported after you click Finish.
57
Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same
password again, and then click Next.
58
File name, type a file name and path for the .pfx file that will store the exported certificate and private key. Click
Next, and then click Finish.
7. Once you have your custom .pfx certificate file created, you can configure ERA components to use it.
NOTE: The above example shows you how to create ERA Server certificate. Repeat the same steps for ERA Agent
and ERA Proxy certificates. ERA Proxy certificate can be used by ERA MDM.
Configure ERA Server to start using custom .pfx certificate.
59
To get ERA Agent or ERA Proxy/MDM to use custom .pfx certificate, run repair of the appropriate component.
Navigate to Start > Program and Features, right-click ESET Remote Administrator Agent and select Change. Click Next
button and run Repair. Click Next leaving Server host and Server port as they were. Click Browse button next to Peer
certificate and locate custom .pfx certifiacte file. Type in the certificate's password you've specified in step 6. Click
Next and complete the repair. ERA Agent is now using custom .pfx certificate.
60
2. Unzip the installer file you downloaded in step one, open the installers folder and double-click Microsoft SQL
Express installer. In our example we use SQLEXPR_2014_x86_ENU:
o The Installation Center will launch, click New installation or add features to an existing installation to start the
Installation Wizard.
NOTE: In step 8 of the installation process set the Authentication mode to Mixed mode (SQL Server
authentication and Windows authentication).
NOTE: To install ERA Server on SBS, you must allow TCP/IP connections to the SQL Server.
3. Install ESET Remote Administrator by running Setup.exe:
61
4. Select the components you want to install, make sure to deselect Microsoft SQL Server Express and click Install.
62
To select the language you want to run the installer in, specify the corresponding TRANSFORMS parameter according
to this table:
Language
English (United States)
Arabic (Egypt)
Chinese Simplified
Chinese Traditional
Croatian (Croatia)
Czech (Czech Republic)
French (France)
French (Canada)
German (Germany)
Italian (Italy)
Japanese
Korean (Korea)
Polish (Poland)
Portuguese (Brazil)
Russian (Russia)
Spanish (Chile)
Spanish (Spain)
Slovak (Slovakia)
Code
en-US
ar-EG
zh-CN
zh-TW
hr-HR
cs-CZ
fr-FR
fr-FC
de-DE
it-IT
ja-JP
ko-KR
pl-PL
pt-BR
ru-RU
es-CL
es-ES
sk-SK
63
6. Select a Service user account. This account will be used to run the ESET Remote Administrator Server Service. The
following options are available:
Network service account
User specified: DOMAIN/USERNAME
64
7. Connect to a Database. All data is stored here (ERA Web Console password, client computer logs, etc.):
Database: MySQL Server/MS SQL Server/MS SQL Server via Windows Authentication
ODBC Driver: MySQL ODBC 5.1 Driver/MySQL ODBC 5.2 Unicode Driver/MySQL ODBC 5.3 Unicode Driver/SQL
Server/SQL Server Native Client 10.0/ODBC Driver 11 for SQL Server
Database name: you can leave the predefined name or change it if required
Hostname: hostname or the IP address of your database server
Port: used for connection to the database server
Database admin account Username/Password
NOTE: ERA Server stores large data blobs in the database, therefore it is necessary to configure MySQL to
accept large packets for ERA to run properly.
This step will verify your connection to the database. If the connection is ok, you can proceed to the next step.
8. Select a user for ESET Remote Administrator that has access to the database. You can use an existing user, or
setup can create one for you.
9. Enter a password for Web Console access.
65
10. ESET Remote Administrator uses certificates for client-server communication. You can either select your own
certificates, or the Server can create new certificates for you.
11. Enter the information for all certificates and password for the Certification authority. Be sure to remember this
password.
12. A new server Peer certificate will be created, select a password for it as well.
13. In the next step, select a password for Agent and Proxy Peer certificates. Optionally, specify additional
information about the certificates (this is not mandatory). You can leave the Authority password field empty, but
if you enter the password, be sure to remember it.
14.Setup can perform an initial Static Group Synchronization task. Select the method (Do not synchronize, Sync with
Windows Network, Sync with Active Directory) and click Next.
15.Confirm or change the installation folder for the server and click Next.
16.Click Install to install the server.
NOTE: Once you have completed the installation of the ERA Server, you can also install ERA Agent on the same
machine (optional). This way you will be able to manage the server itself the same way as you would mange a client
computer.
66
Microsoft .NET Framework 3.5 must be installed, if you are running Windows Server 2008 or 2012 you can install it
using the Roles and Features Wizard (as shown below), if you are using Windows Server 2003, you can download
.NET 3.5 here: http://www.microsoft.com/en-us/download/details.aspx?id=21
67
Configuration
Open the following file in a text editor:
C:\ProgramData\MySQL\MySQL Server 5.7\my.ini
Find and edit or append the following configuration into the [mysqld] section of the my.ini file:
max_allowed_packet=33M
For MySQL 5.6.20 and 5.6.21 (you can determine your MySQL version by using mysql -v):
o innodb_log_file_size needs to be set to at least 200 MB (for example innodb_log_file_size=200M)
For MySQL >= 5.6.22:
o innodb_log_file_size*innodb_log_files_in_group needs to be set to at least 200 MB (* denotes
multiplication, the product of the two parameters must be > 200 MB. The minimal value for
innodb_log_files_in_group is 2)
Save and close the file and enter the following command to restart the MySQL server and apply the configuration
(the process name depends on the version of MySQL, version 5.7 = MySQL57 etc.):
net stop mysql57
net start mysql57
Enter following command in Command Prompt to check whether the MySQL server is running:
sc query mysql57
68
To install the ERA Agent component locally on Windows, follow these steps:
1. Visit the ESET Remote Administrator 6 download section to download Standalone installers for ERA components.
2. Run the ERA Agent installer and accept the EULA if you agree with it.
3. Leave the check box next to This is cluster installation empty and click Next. Is this a cluster installation?
If you are installing ERA Agent on a Failover Cluster, select the check box next to This is cluster installation.
Specify the Custom application data path to point to the shared storage of the cluster. The data must be stored
in one location that is accessible for all nodes within the cluster.
69
4. Enter the Server host (hostname or IP address of your ERA Server or ERA Proxy) and Server port (the default port
is 2222, if you are using a different port, replace the default port with your custom port number).
IMPORTANT: Make sure the Server host matches at least one the values (ideally be FQDN) defined in Host
field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid".
The only exception is in case there is a wild card (*) in Server certificate Host field, which means it will work with
any Server host.
5. Select one of the following installation options and follow the steps from the appropriate section below:
Server-assisted installation - You will need to provide ERA Web Console administrator credentials (installer will
download the required certificates automatically).
Offline installation - You will need to provide an Agent certificate, which can be exported from ESET Remote
Administrator. Alternatively, you can use your custom certificate.
70
Local uninstallation
1. Connect to the endpoint computer where you want to remove the ERA Agent (for example via RDP).
2. Navigate to Control Panel > Programs and Features and double-click ESET Remote Administrator Agent.
3. Click Next > Remove and follow the uninstallation instructions.
IMPORTANT: If you have set up a password using a policy for your ERA Agents, you will need to type the
password during uninstallation. Alternatively, disable the policy first before uninstalling ERA Agent.
71
This step will verify your connection to the database. If the connection is ok, you can proceed to the next step. An
error message will be displayed if a connection cannot be established.
7. Select a proxy communication port. By default port 2222 is used.
8. Configure the proxy connection to ESET Remote Administrator Server. Enter a Server host (hostname/IP address
of your ERA Server) and the Server port (2222).
IMPORTANT: Make sure the Server host matches at least one the values (ideally be FQDN) defined in Host field
of the Server certificate. Otherwise you will get an error saying 'Received server certificate is not valid'. The only
exception is in case there is a wild card (*) in Server certificate Host field, which means it will work with any Server
host.
9. Select a Peer certificate exported from ERA Web Console and a password for this certificate. Optionally, you can
add a Certificate Authority. This is only required for unsigned certificates.
10.Select a folder where the Proxy will be installed or leave the pre-defined folder selected.
11.Click Install. The Proxy will be installed on your computer.
NOTE: Server-assisted installation is not supported when installing ERA Proxy.
73
74
NOTE: In case you are using your custom certificates with ERA (instead of the default ones that were
automatically generated during ESET Remote Administrator installation), then use your custom certificates
accordingly.
10. Specify destination folder for Mobile Device Connector (we recommend using default), click Next, then Install.
11. After the installation is complete, check if the Mobile Device Connector is running correctly by opening https://
your-mdm-hostname:enrollment-port (for example https://mdm.company.com:9980) in your web browser or
from mobile device. If the installation was successful, you will see following message: MDM Server up and
running!
12. You can now activate MDM from ESET Remote Administrator.
75
Certificate requirements
IMPORTANT: You will need an SSL certificate in .pfx format for secure communication over HTTPS. We
recommend that you use the certificate provided by CA. Self-signed certificates are not recommended because not
all mobile devices let users to accept self-signed certificates. This isn't an issue with CA signed certificates, because
they are trusted and do not require acceptance by the user.
NOTE: You need to have certificate signed by CA, and corresponding private key, and utilize standard procedures,
to merge those (traditionally using OpenSSL) into one .pfx file:
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out httpsCredentials.pfx
This is a standard procedure for most servers which are using SSL certificates.
IMPORTANT: In the case of Offline installation, you will also need an Agent certificate exported from ESET
Remote Administrator. Alternatively, you can use your custom certificate with ERA.
76
77
Device Connector
service.
NOTE: If this is not performed, MDM HTTPS Server will send only Server certificate, not the entire chain
(intermediate CAs).
78
5. Using a text editor such as Notepad, open the httpd.conf file and add the following lines at the bottom of the file:
ServerRoot "C:\Program Files\Apache HTTP Proxy"
DocumentRoot "C:\Program Files\Apache HTTP Proxy\htdocs"
<Directory "C:\Program Files\Apache HTTP Proxy\htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
CacheRoot "C:\Program Files\Apache HTTP Proxy\cache"
NOTE: If you wish the cache directory to be located somewhere else, for example on another disk drive, such
as D:\Apache HTTP Proxy\cache, then in the last line of the code above change "C:\Program Files\Apache
HTTP Proxy\cache" to "D:\Apache HTTP Proxy\cache" .
6. Start the Apache HTTP Proxy service using the following command:
sc start ApacheHttpProxy
7. You can verify that the Apache HTTP Proxy service is running in the services.msc snap-in (look for
ApacheHttpProxy). By default, the service is configured to start automatically.
Follow the steps below to configure a username and password for Apache HTTP Proxy (recommended):
1. Stop the ApacheHttpProxy service by opening an elevated command prompt and executing the following
command:
sc stop ApacheHttpProxy
2. Verify the presence of the following modules in C:\Program Files\Apache HTTP Proxy\conf\httpd.conf:
LoadModule
LoadModule
LoadModule
LoadModule
authn_core_module modules\mod_authn_core.dll
authn_file_module modules\mod_authn_file.dll
authz_groupfile_module modules\mod_authz_groupfile.dll
auth_basic_module modules\mod_auth_basic.dll
3. Add the following lines to C:\Program Files\Apache HTTP Proxy\conf\httpd.conf under <Proxy
*> :
AuthType Basic
AuthName "Password Required"
AuthUserFile password.file
AuthGroupFile group.file
Require group usergroup
79
4. Use the htpasswd command to create a file named password.file in the folder Apache HTTP Proxy\bin\ (you will
be prompted for password):
htpasswd.exe -c ..\password.file username
5. Manually create the file group.file in the folder Apache HTTP Proxy\ with the following content:
usergroup:username
6. Start the ApacheHttpProxy service by executing the following command in an elevated command prompt:
sc start ApacheHttpProxy
7. Test the connection to HTTP Proxy by accessing the following URL in your browser:
http://localhost:3128/index.html
NOTE: Once you have successfully completed installation of Apache HTTP Proxy, you have the option to allow
ESET communication only (blocking all other traffic - default) or allow all traffic. Perform the necessary configuration
changes as described here:
Forwarding for ESET communication only
Proxy chaining (all traffic)
The following command will display a list of content which is currently cached:
C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe -a -p "C:\ProgramData\Apache HTTP Proxy\cache"
Use the htcacheclean tool to clean up the disk cache. The recommended command (setting cache size to 10 GB and
cached files limit to ~2000) is shown here:
"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -n -t^
-p"C:\ProgramData\Apache HTTP Proxy\cache" -l10000M -L12000
NOTE: The ^ character right after end of line in the commands above is essential, if it is not included the
command will not execute correctly.
For more information, visit our Knowledgebase article or the Apache Authentication and Authorization
documentation.
80
Prerequisites
The target folder must be available for sharing, Samba/Windows or HTTP/FTP service, depending on how you
want to have the updates accessible.
You must have a valid Offline license file that includes the Username and Password. When generating a license
file, be sure to select the mark the check box next to Include Username and Password. Also, you must enter a
License filename.
Visual C++ Redistributables for Visual Studio 2010 must be installed on the system.
There is no installation step, the tool consists of two files:
o Windows:
MirrorTool.exe
and updater.dll
o Linux:
MirrorTool
and updater.so
Usage
81
--help
The parameter --updateServer is optional. When you use it, you must specify the full URL of the update server.
The parameter --offlineLicenseFilename is mandatory. You must specify a path to your offline license file (as
mentioned above).
To create a mirror, run the MirrorTool with at least the minimal required parameters. Here is an example:
o Windows:
MirrorTool.exe --mirrorType regular --intermediateUpdateDirectory
c:\temp\mirrorTemp --offlineLicenseFilename c:\temp\offline.lf --outputDirectory c:\temp\mirror
o Linux:
sudo ./MirrorTool --mirrorType regular --intermediateUpdateDirectory /tmp/mirrorTool/mirrorTemp
--offlineLicenseFilename /tmp/mirrorTool/offline.lf --outputDirectory /tmp/mirrorTool/mirror
82
83
dnf
Core components
ERA Server
ERA Web Console
ERA Agent
a Database server
Optional components
ERA Proxy
RD Sensor
Mobile Device Connector
Apache HTTP Proxy
Mirror Tool
3. Configure the connection to MySQL server, as shown in the MySQL configuration topic.
4. Verify the configuration of the MySQL ODBC driver as shown in the ODBC configuration topic.
5. Customize the installation parameters and execute the ERA Server installation. See Server installation - Linux for
more information.
6. Install the required java and tomcat packages for ERA Web Console as shown in the ERA Web Console
prerequisites topic.
7. Deploy and test the ERA Web console, as shown in the ERA Web Console installation topic.
84
Manual installation
Download and install MySQL Community Server edition from:
http://dev.mysql.com/downloads/
Configuration
Run the following command to open the my.cnf (my.ini for Windows installation) file in a text editor:
sudo nano /etc/mysql/my.cnf
For MySQL 5.6.20 and 5.6.21 (you can determine your MySQL version by using mysql -v):
o innodb_log_file_size needs to be set to at least 200 MB (for example innodb_log_file_size=200M)
For MySQL >= 5.6.22:
o innodb_log_file_size*innodb_log_files_in_group needs to be set to at least 200 MB (* denotes
multiplication, the product of the two parameters must be > 200 MB. The minimal value for
innodb_log_files_in_group is 2)
Save and close the file and enter the following command to restart the MySQL server and apply the configuration (in
some cases, the service name is mysqld):
sudo service mysql restart
Run the following command to set up MySQL including privileges and password (this is optional and may not work
for some Linux distributions):
85
/usr/bin/mysql_secure_installation
Enter the following command to check whether the MySQL server is running:
sudo netstat -tap | grep mysql
If the MySQL server is running, the following line will be displayed. Note that the process identifier - PID (7668 in
the example below) will be different:
tcp
0 localhost:mysql
*:*
LISTEN
7668/mysqld
OpenSUSE distribution
Configuration
Run the following command to open the odbcinst.ini file in a text editor:
sudo nano /etc/odbcinst.ini
Copy the following configuration into the odbcinst.ini file (make sure the paths to Driver and Setup are correct),
then save and close the file:
[MySQL]
Description = ODBC for MySQL
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
If you are using a 32-bit Ubuntu version, use Driver and Setup keys and change the path to:
/usr/lib/i386-linux-gnu/odbc/
The Driver may be in a different location for some distributions. You can find the file using the following command:
sudo find /usr -iname "*libmyodbc*"
ERA products require the MySQL driver to support multi-threading. This is the default for newer unixODBC package
versions (2.3.0 or newer). Older versions require explicit threading configuration. If you have an older version
(command odbcinst --version will show you your version), add the following parameter to the odbcinst.ini file:
Threading = 0
Update the configuration files that control ODBC access to database servers on the current host by running the
following command:
sudo odbcinst -i -d -f /etc/odbcinst.ini
86
The ERA Server and the eraserver service will be installed in the following location:
/opt/eset/RemoteAdministrator/Server
You can modify the following attributes:
Attribute
Description
--uninstall
--keep-database
--locale
--skip-license
Required
Yes
Skip generation of certificates (please use together with the -server-cert-path parameter)
ESET license key. This can be set later.
Yes
--db-hostname
--db-port
Yes
--skip-cert
--license-key
--product-guid
--server-port
--console-port
--server-root-password
--db-type
--db-driver
Yes
Yes
87
Attribute
Description
--db-name
--db-admin-username
Yes
Yes
--server-cert-password
--agent-cert-password
--cert-auth-password
--cert-auth-path
--cert-auth-common-name
--cert-organizational-unit
--cert-organization
--cert-locality
--cert-state
--cert-country
--cert-validity
--ad-server
--ad-user-name
--ad-user-password
--ad-cdn-include
--db-admin-password
--db-user-username
--db-user-password
--cert-hostname
--server-cert-path
--cert-validity-unit
Installer log
The installer log may be useful for troubleshooting and can be found in Log files.
88
Required
-
Yes
Yes
Yes
After installation, verify that the ERA Server service is running using the command shown below:
service eraserver status
version
shows current
Xvfb - Required for proper report printing (Generate Report) on Linux Server systems without a graphical
interface.
Cifs-utils - Required for proper Agent deployment to a Windows OS.
Qt4 WebKit libraries - Used for printing reports to PDF and PS format (must be version 4.8, not 5). All other Qt4
dependencies will be installed automatically. In the case of CentOS, there may be no package in the official
repositories. You can install it from a third-party repository (for example EPEL repositories) or compile it yourself
on a target machine.
Kinit + klist - Used for Kerberos authentication during the AD synchronization task and login with a domain user.
Also a proper Kerberos configuration is required (/etc/krb5.conf).
Wbinfo + ntlm auth - Used for authentication with the domain accounts + NTLM authentication with SMTP server
(sending emails).
Ldapsearch - Used in AD synchronization task.
Snmptrap - Used to send SNMP traps. Optional if this functionality wont be used. SNMP also requires
configuration.
89
SELinux devel package - Used during product installation to build SELinux policy modules. This is only required on
systems with SELinux enabled (CentOS, Fedora, RHEL). SELinux may cause problems with other applications. For
ERA Server it is not necessary.
The table below contains the appropriate terminal commands for each package described above for both Debian
and Ubuntu distributions and Centos, Red Hat and Fedora distributions:
Debian and Ubuntu distributions
OpenSUSE distribution
ODBC Driver
apt-get install unixodbc
libmyodbc
xvfb
apt-get install xvfb
cifs-utils
apt-get install cifs-utils
wbinfo + ntlm_auth
apt-get install winbind
ldapsearch
apt-get install ldap-utils ldap-utils
yum install openldap-clients
libsasl2-modules-gssapi-mit
cyrus-sasl-gssapi cyrus-sasl-ldap
snmptrap
apt-get install snmp
SELinux devel package (optional; SELinux may cause problems with other applications. For ERA Server it is not
necessary.)
apt-get install selinux-policy-dev
y um install policycoreutils-devel
samba
apt-get install samba
90
The SRV record must start with the prefix "_NAME._tcp" where 'NAME' represents custom naming (for example,
'era').
Example of an installation script
(New l i nes a re s pl i t by "\" for copyi ng the whol e comma nd to Termi na l )
./Agent-Linux-x86_64.sh \
--skip-license \
--cert-path=/home/admin/Desktop/agent.pfx \
--cert-auth-path=/home/admin/Desktop/CA.der \
--cert-password=N3lluI4#2aCC \
--hostname=10.1.179.36 \
--port=2222
Attribute
Description
--skip-license
--cert-path
--cert-auth-path
--cert-password
--hostname
--port
Optional parameters
Attribute
Description
--product-guid
--cert-content
Base64 encoded content of PKCS12 encoded public key certificate plus private key
used to set up secure communication channels with Server and Agents. Use only
one of the --cert-path or --cert-content options.
--cert-auth-content
--webconsole-hostname
Hostname or IP address used by Web console to connect to the server (if left
empty, value will be copied from 'hostname')
--webconsole-port
Port used by Web Console to connect to the server (default value is 2223)
--webconsole-user
--webconsole-password
--cert-auth-password
--
webconsole-password
91
Password type parameters can be provided as environment variables, files, read from stdn or provided as plain text,
i.e.:
--password=env:SECRET_PASSWORD where SECRET_PASSWORD is an environment variable with password
--password=file:/opt/secret where first line of regular file /opt/secret contains your password
--password=stdin instructs the installer to read the password from standard input
--password="pass:PASSWORD" is equal to --password="PASSWORD" and is mandatory if the actual password is
"stdin" (standard input) or a string starting with "env:" , "file:" or "pass:"
Installer log
The installer log may be useful for troubleshooting and can be found in Log files.
To see if the installation was successful, verify that the service is running by executing the following command:
sudo service eraagent status
OpenSUSE distribution
OpenSUSE distribution
Test the connection to ERA Web Console after installation. Open the following link in your browser on localhost (a
login screen should be displayed):
http://localhost:8080/era
NOTE: HTTP port, by default 8080, is set during manual Apache Tomcat installation. You can also set up HTTPS
connection for Apache Tomcat.
92
OpenSUSE distribution
Description
--db-hostname
--db-name
Required
Yes
Yes
93
Attribute
Description
--db-admin-username
--db-admin-password
--db-user-username
--db-user-password
--db-port
--db-type
--db-driver
--skip-license
--hostname
--port
--proxy-port
--product-guid
--cert-path
--cert-content
--cert-auth-path
--cert-auth-content
--cert-password
--cert-auth-password
--keep-database
Required
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes*
Yes*
Yes**
Yes**
Yes
The installer log may be useful for troubleshooting and can be found in Log files.
94
3. Read the End-User License Agreement. Use Space bar to proceed to the next page of the EULA.
You will be prompted to specify whether you accept the license. Press Y on your keyboard if you agree, otherwise
press N.
4. ESET Rogue Detection Sensor will start after installation is completed.
5. To see if installation was successful, verify that the service is running by executing the following command:
sudo service rdsensor status
6. The Rogue Detection Sensor log file can be found in Log files:
/var/log/eset/RogueDetectionSensor/trace.log
95
Peer Certificate:
For a Server assisted installation at least include:
--webconsole-password=
(password is not needed for the default Agent Certificate created during initial ERA Server
installation)
Connection to ERA Server (name or IP address):
--hostname=
96
Installer log
The installer log may be useful for troubleshooting and can be found in Log files.
After installation is complete, check to see if the Mobile Device Connector is running correctly by opening https://
your-mdm-hostname:enrollment-port (for example https://eramdm:9980) in your web browser. If the installation
was successful, you will see following message:
You can also use this URL to check the availability of the Mobile Device Connector server from the internet (if
configured in such a way) by visiting it from a mobile device. If you are unable to reach the page, check your firewall
and the configuration of your network infrastructure.
NOTE: You should use unixODBC_23 package (not the default unixODBC) in order for the ERA Server to connect to
the MySQL database without any issues. This is especially true for SUSE Linux.
o MDMCore installation file set as an executable.
chmod +x MDMCore-Linux-x86_64.sh
97
NOTE: You need to have certificate signed by CA, and corresponding private key, and utilize standard procedures,
to merge those (traditionally using OpenSSL) into one .pfx file:
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out httpsCredentials.pfx
This is a standard procedure for most servers which are using SSL certificates.
IMPORTANT: For Offline installation, you will also need a Peer certificate (the Agent certificate exported from
ESET Remote Administrator). Alternatively, you can use your custom certificate with ERA.
4. If the directory /var/cache/apache2/mod_cache_disk does not exist, create it and assign Apache privileges
(r,w,x).
5. Add Proxy configuration:
ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
6. Enable the added caching proxy and configuration (if configuration is in the main Apache configuration file, you
can skip this step).
7. If required, change listening to your desired port (port 3128 is set by default).
8. Optional basic authentication:
o Add authentication configuration to the proxy directive:
AuthType Basic
AuthName "Password Required"
AuthUserFile /etc/apache2/password.file
AuthGroupFile /etc/apache2/group.file
Require group usergroup
-c
4. This step should not be required, but if the caching directory is missing, run following commands:
sudo mkdir /var/cache/apache2/mod_cache_disk
sudo chown www-data /var/cache/apache2/mod_cache_disk
sudo chgrp www-data /var/cache/apache2/mod_cache_disk
6. Enable the configuration files you have edited in the latest steps:
sudo a2enconf caching.conf proxy.conf
7. Switch the listening port of Apache HTTP Server to 3128. Edit the file /etc/apache2/ports.conf and replace Listen
80 with Listen 3128 .
8. Optional basic authentication:
sudo vim /etc/apache2/conf-available/proxy.conf
install apache2-utils and create a new password file (for example username: user, group: usergroup):
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/apache2/password.file user
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s
Allow from all
</ProxyMatch>
#*.eset.eu:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s
Allow from all
</ProxyMatch>
#Antispam module (ESET Mail Security only):
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mails
Allow from all
</ProxyMatch>
#Services (activation)
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs
Allow from all
</ProxyMatch>
#ESET servers accessed directly via IP address:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([
Allow from all
</ProxyMatch>
#*.eset.com:
ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,
Allow from all
</ProxyMatch>
#*.eset.eu:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s
Allow from all
</ProxyMatch>
100
#Services (activation)
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs
Allow from all
</ProxyMatch>
with:
cache_dir ufs /var/spool/squid3 5000 16 256
max-size=200000000
allow all
before http_access
deny all
to allow
Prerequisites
101
The target folder must be available for sharing, Samba/Windows or HTTP/FTP service, depending on how you
want to have the updates accessible.
You must have a valid Offline license file that includes the Username and Password. When generating a license
file, be sure to select the mark the check box next to Include Username and Password. Also, you must enter a
License filename.
Visual C++ Redistributables for Visual Studio 2010 must be installed on the system.
There is no installation step, the tool consists of two files:
o Windows:
MirrorTool.exe
and updater.dll
o Linux:
MirrorTool
Usage
102
and updater.so
--help
The parameter --updateServer is optional. When you use it, you must specify the full URL of the update server.
The parameter --offlineLicenseFilename is mandatory. You must specify a path to your offline license file (as
mentioned above).
To create a mirror, run the MirrorTool with at least the minimal required parameters. Here is an example:
o Windows:
MirrorTool.exe --mirrorType regular --intermediateUpdateDirectory
c:\temp\mirrorTemp --offlineLicenseFilename c:\temp\offline.lf --outputDirectory c:\temp\mirror
o Linux:
sudo ./MirrorTool --mirrorType regular --intermediateUpdateDirectory /tmp/mirrorTool/mirrorTemp
--offlineLicenseFilename /tmp/mirrorTool/offline.lf --outputDirectory /tmp/mirrorTool/mirror
103
3. Mount shared storage to node1. In this example, the shared storage is mounted to /usr/share/erag2cluster.
104
Move to:
/etc/opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator
/opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/opt/eset/RemoteAdministrator
/var/log/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/log/eset/RemoteAdministrator
/var/opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/opt/eset/RemoteAdministrator
6. Create symbolic links (this may require to create new folders manually):
ln
ln
ln
ln
-s
-s
-s
-s
/usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator/Server /etc/opt/eset/RemoteAdministrator/S
/usr/share/erag2cluster/opt/eset/RemoteAdministrator/Server /opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/log/eset/RemoteAdministrator/Server /var/log/eset/RemoteAdministrator/S
/usr/share/erag2cluster/var/opt/eset/RemoteAdministrator/Server /var/opt/eset/RemoteAdministrator/S
7. Copy the eracluster_server ( eracluster_proxy) script found in the setup director of ERA Server or ERA Proxy to /
usr/share/cluster. The scripts do not use the .sh extension in the setup directory.
cp /opt/eset/RemoteAdministrator/Server/setup/eracluster_server /usr/share/cluster/eracluster_server.sh
-s
-s
-s
-s
/usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator/Server /etc/opt/eset/RemoteAdministrator/S
/usr/share/erag2cluster/opt/eset/RemoteAdministrator/Server /opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/log/eset/RemoteAdministrator/Server /var/log/eset/RemoteAdministrator/S
/usr/share/erag2cluster/var/opt/eset/RemoteAdministrator/Server /var/opt/eset/RemoteAdministrator/S
11. Copy the eracluster_server or ( eracluster_proxy) script found in the setup director of ERA Server or ERA Proxy
to /usr/share/cluster. The scripts do not use the .sh extension in the setup directory.
cp /opt/eset/RemoteAdministrator/Server/setup/eracluster_server /usr/share/cluster/eracluster_server.sh
105
If you want to uninstall other component, use appropriate package name in the command. For example ERA Agent:
sudo ./Agent-Linux-x86_64.sh --uninstall
IMPORTANT: Configuration and database files will be removed during uninstallation. To preserve database files,
create a SQL dump of the database or use the --keep-database parameter.
After uninstalling, verify whether
the service eraserver is deleted.
the folder /etc/opt/eset/RemoteAdministrator/Server/ is deleted.
NOTE: We recommend that you create a database dump backup before performing uninstallation in case you
need to restore your data.
106
3.5 Database
ESET Remote Administrator uses a database to store client data. The following sections detail the installation,
backup, upgrade and migration of the ERA Server/ERA Proxy database:
Review database compatibility and system requirements for ERA Server.
If you do not have a database configured for use with ERA Server, Microsoft SQL Server Express is included with
the installer.
If you use Microsoft Small Business Server (SBS) or Essentials, we recommended that you make sure all
requirements are met and that you are using a supported Operating System. When all requirements are met,
follow the installation instructions for Windows SBS / Essentials to install ERA on these operating systems.
If you have Microsoft SQL Server installed in your system, review the requirements below to make sure your
version of Microsoft SQL Server is supported by ESET Remote Administrator. If your version of Microsoft SQL
Server is not supported, upgrade to a compatible version of SQL Server.
One of the prerequisites for the installation is to have Microsoft SQL Server installed and configured. The following
requirements must be met:
Install Microsoft SQL Server 2008 R2 or later, alternatively you can install Microsoft SQL Server 2008 R2 Express or
later. Choose Mixed mode authentication during installation.
If you have Microsoft SQL Server already installed, set authentication to Mixed mode (SQL Server authentication
and Windows authentication). To do so, follow the instructions in this Knowledgease article.
Allow TCP/IP connections to the SQL Server. To do so, follow instructions in this Knowledgebase article from part
II. Allow TCP/IP connections to the SQL database.
NOTE: For configuring, managing, administering of Microsoft SQL Server (databases and users), download SQL
Server Management Studio (SSMS).
NOTE: If you choose to install Microsoft SQL Server Express during installation, you will not be able to install it on
a Domain Controller. This is likely to happen if you are using Microsoft SBS. If you use Microsoft SBS, we recommend
that you install ESET Remote Administrator on a different server or do not select the SQL Server Express component
during installation (this requires you to use your existing SQL Server or MySQL to run the ERA database). For
instructions to install ERA Server on a Domain Controller, see our Knowledgebase article.
107
Prerequisites:
o Source and target SQL Server instances must be installed. They may be hosted on different machines.
o The target SQL Server instance must have at least the same version as the source instance. Downgrade is not
supported!
o SQL Server Management Studio must be installed. If the SQL Server instances are on different machines, it must
be present on both.
Migration:
1. Stop the ERA Server or ERA Proxy Service.
2. Log into the source SQL Server instance via SQL Server Management Studio.
3. Create a full database backup of the database to be migrated. We recommend that you specify a new backup set
name. Otherwise if the backup set has already been used, the new backup will be appended to it, which will
result in an unnecessarily large backup file.
4. Take the source database offline, select Tasks > Take Offline.
108
5. Copy the backup (.bak) file that you created in step 3 to a location that is accessible from the target SQL Server
instance. You may need to edit access rights for the database backup file.
6. Bring the source database online again but do not start ERA Server yet!
7. Log into the target SQL Server instance with SQL Server Management Studio.
8. Restore your database on the target SQL Server instance.
9. Type a name for your new database into the To database field. You can use the same name as your old database if
your prefer.
10. Select From device under Specify the source and location of backup sets to restore and then click .
109
11. Click Add, navigate to your backup file and then open it.
12. Select the most recent possible backup to restore (the backup set may contain multiple backups).
13. Click the Options page of the restore wizard. Optionally, select Overwrite existing database and ensure that the
restore locations for the database ( .mdf) and for the log ( .ldf) are correct. Leaving the default values unchanged
will use the paths from your source SQL server, so please check these values.
o If you are unsure where the DB files are stored on the target SQL Server instance, right-click an existing
database, select properties and click the Files tab. The directory where the database is stored is displayed in
the Path column of the table shown below.
110
111
16. Create a new SQL Server login (for ERA Server/Proxy) in the target SQL Server with SQL Server authentication and
map the login to a user in the restored database.
o Do not enforce password expiration!
o Recommended characters for usernames:
Small ASCII letters, numbers and character underscore "_"
o Recommended characters for passwords:
ASCII characters ONLY, including big and small ASCII letters, numbers, spaces, special characters
o Do not use non-ASCII characters, curly braces {} or @
o Please note that if you do not follow the character recommendations above, you may have database
connectivity problems or you will need to escape the special characters in the later steps during database
connection string modification. Character escaping rules are not included in this document.
112
17. Map the login to a user in the target database. In the user mappings tab, ensure that the database user has the
roles: db_datareader, db_datawriter, db_owner.
113
18. To enable the latest database server features, change the restored database Compatibility level to the newest.
Right-click the new database and open the database Properties.
114
NOTE: SQL Server Management Studio is unable to define compatibility levels later than that of the version in
use. For example SQL Server Management Studio 2008 is unable to set compatibility level for SQL Server 2014.
19. Make sure the TCP/IP connection protocol is enabled for SQLEXPRESS and the TCP/IP port is set to 1433. You can
do so by opening Sql Server Configuration Manager, navigate to SQL Server Network Configuration > Protocols for
SQLEXPRESS. Right-click TCP/IP and select Enabled. Then double-click TCP/IP, switch to Protocols tab, scroll down
to IPAll and into Port field type 1433. Click OK and restart the SQL Server service.
115
DatabaseType=MSSQLOdbc
DatabaseConnectionString=Driver=SQL Server;Server=localhost,1433;Uid=era_user1;Pwd={SecretPassword123};Ch
21. Start the ERA Server/Proxy and verify that the ERA Server/Proxy service is running correctly.
116
NOTE: Use the apostrophe character ' instead of " quotation marks on Linux systems.
4. Restore the database on the target MySQL server to the previously prepared empty database:
mysql --host TARGETHOST -u TARGETROOTLOGIN -p TARGETERADBNAME < BACKUPFILE
6. Grant proper access rights for the ERA database user on the target MySQL server:
NOTE: Use the apostrophe character ' instead of " quotation marks on Linux systems.
7. Find startupconfiguration.ini on the machine where ERA Server/Proxy is installed.
o For Windows Vista and later:
% PROGRAMDATA %\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration
\startupconfiguration.ini
o For earlier Windows versions:
% ALLUSERSPROFILE %\ Application Data\ESET\RemoteAdministrator\Server\EraServerApplicationData
\Configuration\startupconfiguration.ini
o For Linux:
/etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
8. Change the database connection string in ERA Server/Proxy
startupconfiguration.ini
DatabaseType=MySqlOdbc
DatabaseConnectionString=Driver=MySQL ODBC 5.3 Unicode Driver;Server=TARGETHOST;Port=3306;User=TARGETERAL
Password={TARGETERAPASSWD};CharSet=utf8;Database=TARGETERADBNAME;
9. Start the ERA Server/Proxy and verify that the ERA Server/Proxy service is running correctly.
118
NOTE
Don't forget to change the "Host offering this service:" value to the FQDN of your new server when you install
ESET Remote Administrator Server on a different machine.
119
120
Before upgrading:
If the component upgrade fails on a machine running an ERA Server or Web Console, you may not be able to log
into the Web Console remotely. We strongly recommend that you configure physical access to the server machine
before performing this upgrade. If you cannot arrange for physical access to the machine, make sure you can log
onto it with administrative privileges using a remote desktop. We also recommend that you back up your ERA Server
and Mobile Device Connector databases before performing this operation. To backup your Virtual Appliance, create
a snapshot or clone your virtual machine.
Upgrading from ERA version 6.1.x?
If you are upgrading from ERA version 6.1 and use an ERA Proxy, client machines connecting via ERA Proxy will
not automatically receive the upgraded ERA Agent. We recommend that you use Agent Live Installers and
distribute them via GPO or SCCM. If you have ERA 6.2, clients will upgrade normally even when connecting via
ERA Proxy.
ERA Server instance is installed on a failover cluster?
If your ERA Server instance is installed on a failover cluster, you must upgrade the ERA Server component on
each cluster node manually. After upgrading the ERA Server, run the Component Upgrade task to upgrade the
rest of your infrastructure (for example, ERA Agents on client computers).
ERA Agent installed on Linux clients running with systemd in your infrastructure?
If you have the ERA Agent installed on Linux clients running with systemd in your infrastructure (distributions
with SysV init scripts or upstart are unaffected), run the script below prior to running a Components Upgrade
task. This is only necessary for version 6.1.450.0 or earlier.
121
#!/bin/sh -e
systemd_service=eraagent.service
systemd_service_path="/etc/systemd/system/$systemd_service"
if ! grep "^KillMode=" "$systemd_service_path" > /dev/null
then
echo "Applying 'KillMode' change to '$systemd_service_path'"
sed -i 's/\[Service\]/[Service]\nKillMode=process/' "$systemd_service_path"
else
echo "'KillMode' already set. No changes applied."
exit 0
fi
systemctl daemon-reload
if systemctl is active $systemd_service > /dev/null
then
echo "Restarting instance of '$systemd_service'"
systemctl restart $systemd_service
fi
122
Alternatively, you can run the same command directly from within the ERA Virtual Appliance's console. Another
option is to replace the Apache HTTP Proxy configuration file httpd.conf manually.
WARNING: If you have custom settings in your original httpd.conf file (such as your username and
password), copy the settings from the backup httpd.conf file and add only the custom settings to the new
httpd.conf file. Do not use your original httpd.conf file with the new upgraded version of Apache HTTP Proxy,
it will not work correctly. Copy only your custom settings from it and use the new httpd.conf file. Alternatively,
you can customize your new httpd.conf file manually, the settings are described in Apache HTTP Proxy
installation - Linux.
123
Basic
3. Enter a task Name and Description.
4. In the Task drop-down menu, select Remote Administrator Components Upgrade.
124
Target
5. Mark the check boxes next to all targets receiving this task (individual computers or whole groups). Click Add
targets to display all Static and Dynamic Groups and their corresponding members. Select Static Group > All to run
the update on your full infrastructure.
Trigger
6. In the Trigger Type drop-down menu.
IMPORTANT: For version 6.2.x and higher, select Schedule Once and type Schedule Once At with Random
Delay Interval set to 12 hours.
125
IMPORTANT: For version 6.1.x select CRON Expression. In the CRON Expression box, enter a CRON expression
for the date when you want to fire the task.
For example, R R R 15 5 ? 2015 will run the task randomly once on May 15.
7.
IMPORTANT: Invoke ASAP if an event is missed: Use this option carefully. If you are using multiple virtualized
clients this can cause all clients to upgrade at the same time, resulting in high loads on your virtual infrastructure.
8. We recommend that you select the check box next to Use Local Time. This refers to the local time of the client(s),
not the server. Click Finish when you are finished.
Settings
126
9. Mark the check box next to I agree with application End User License Agreement, if you agree. For more
information, see License Management or EULA.
127
Summary
11.Review the summary of configured settings and click Finish. The task is now created and will be sent to clients.
Troubleshooting:
Verify whether you can access the ERA repository from an upgraded computer.
Re-running the Remote Administrator Components Upgrade task will not work if there is at least one component
already upgraded to a newer version.
If there is no clear reason for the failure, you can upgrade components manually. See our instructions for
Windows or Linux.
On Linux machines utilizing systemd as a service manager, this task might not finish successfully. Linux
distributions with SysV init scripts or upstart are unaffected.
See general troubleshooting information for more suggestions to resolve upgrade issues.
128
129
If there are settings for multiple products in a single policy in old ERA, an individual policy for each product
will be created in ERA 6.
NOTE: After the migration, we recommend you to check items (Computers, Static Groups, Policies, etc.) to make
sure these are in place and that the result of migration meets the expectations. In case there are some
discrepancies, an intervention is needed, such as creating policies manually.
NOTE: If an error occurs during the migration process, it is written in migration.log file located in the same folder
as Migration Tool. If you have read-only access to this folder, then a log window will open instead. Same thing
happens should there be not enough disk space, that means the log file is not created and you will only see results
in the log window.
NOTE: To resolve a problem with missing MSVCP100.dll or MSVCR100.dll files, install the latest Microsoft Visual C+
+ 2010 Redistributable Package. You can use the following link Microsoft Visual C++ 2010 Redistributable Package
(x86).
The following are migration scenarios which should guide you through the migration process itself:
Migration scenario 1 - Migration to ERA 6.x running on a different computer than ERA 4.x / 5.x.
Migration scenario 2 - Migration to ESET Remote Administrator 6.x running on the same computer as ERA 4.x / 5.x.
Migration scenario 3 - Migration to ERA 6.x where endpoints connect to old ERA 4.x / 5.x until the ERA Agent is
deployed by ERA 6.x.
130
After you have selected a folder in which to save the temporary database, the wizard will display the status of
archival of the ERA 4.x / 5.x database.
All data is exported to an intermediate database.
4. When data is finished exporting, there are two options you can choose from:
One option is to Finish the export, Copy the temporary database file to a server that is running ESET Remote
Administrator 6.x, and import the data using the ERA Migration tool on that server.
A second option is to click Import now and import the data directly to ESET Remote Administrator 6.x over the
network. Specify the connection and logon details of the new ERA Server.
NOTE: Static groups synchronized from Active Directory are ignored and will not be exported.
If server settings wont allow for importation of specific data, the ESET Remote Administrator Migration tool
will let you choose whether you want to change settings in ERA 6.x for specific components.
131
Each of the components is then imported. An import (migration) log is available for each component. After
the import is complete, the Migration tool will display the results of the import process.
If you chose to migrate users, their passwords were reset and replaced with randomly generated passwords.
These passwords can be exported in the .CSV format.
The migration tool wizard also generates a script that can be used to preconfigure ERA Agents on client
machines. This script is a small executable .bat file distributable to client computers.
We recommend that you review migrated settings and data to make sure that importation was successful.
After checking, use this script to deploy the ERA Agent on a small group of computers to check if they are
connecting to the server correctly.
After the successful connection of the test group, you can deploy the Agent to the remaining computers
(either manually or using an AD synchronization task).
NOTE: If any of the migration steps fail you should roll back changes for ERA 6.x, setup the computers to connect
to ERA 4.x / 5.x, recover the backup data from ERA 4.x / 5.x and contact ESET customer care.
132
Download the ESET Remote Administrator migration tool and then follow the steps below.
NOTE: If you receive a system error, ensure that you have installed the required Microsoft Redistributable
Package.
1. After running the ESET Remote Administrator Migration tool on the ERA 4.x / 5.x machine, the administrator
selects the Export option to save the data from ERA 4.x / 5.x to an intermediate database file. Migration wizard is
able to transfer specific data only:
NOTE: It is not possible to transfer parametric groups and tasks from ERA 4.x / 5.x, because of the new design
and functions of dynamic groups in ERA 6.x.
133
2. After selecting a save folder for the temporary database, the wizard will display the status of archival of the ERA
4.x / 5.x database.
When new ERA 6.x is installed, exported database can be imported using the Migration tool. Administrator is
prompted to enter the IP address of the machine (the one that was displayed concerning ERA Console in the
Installation successful screen, but without protocol ":8443") into the Host field, the administrator password
configured during installation and to select the saved database file.
If server settings wont allow for importation of specific data, the ESET Remote Administrator Migration tool
will let you choose whether you want to change settings in ERA 6.x for specific components.
Each of the components is then imported. An import (migration) log is available for each component. After
the import is complete, the Migration tool will display the results of the import process.
If you chose to migrate users, their passwords were reset and replaced with randomly generated passwords.
These passwords can be exported in the .CSV format.
The migration tool wizard also generates a script that can be used to preconfigure ERA Agents on client
machines. This script is a small executable .bat file distributable to client computers.
We recommend that you review migrated settings and data to make sure that importation was successful.
After checking, use this script to deploy the ERA Agent on a small group of computers to check if they are
connecting to the server correctly.
After the successful connection of the test group, you can deploy the Agent to the remaining computers
(either manually or using an AD synchronization task).
NOTE: If any of the migration steps fail you should roll back changes for ERA 6.x, setup the computers to connect
to ERA 4.x / 5.x, recover the backup data from ERA 4.x / 5.x and contact ESET customer care.
135
NOTE: It is not possible to transfer parametric groups and tasks from ERA 4.x / 5.x, because of the new design
and functions of dynamic groups in ERA 6.x.
136
2. After selecting a save folder for the temporary database, the wizard will display the status of archival of the ERA
4.x / 5.x database.
5. ESET Remote Administrator 4.x / 5.x should be started again following the export of your data.
6. Install ESET Remote Administrator 6 and import the intermediate database using the Migration tool. You will be
prompted to enter the IP address of the machine (the one that was displayed for ERA Console in the Installation
successful screen, but without the protocol ":8443") in the Host field, the administrator password configured
during installation and to select the saved database file.
If server settings wont allow for importation of specific data, the ESET Remote Administrator Migration tool
will let you choose whether you want to change settings in ERA 6.x for specific components.
Each of the components is then imported. An import (migration) log is available for each component. After
the import is complete, the Migration tool will display the results of the import process.
If you chose to migrate users, their passwords were reset and replaced with randomly generated passwords.
These passwords can be exported in the .CSV format.
The migration tool wizard also generates a script that can be used to preconfigure ERA Agents on client
machines. This script is a small executable .bat file distributable to client computers.
We recommend that you review migrated settings and data to make sure that importation was successful.
After checking, use this script to deploy the ERA Agent on a small group of computers to check if they are
connecting to the server correctly.
After the successful connection of the test group, you can deploy the Agent to the remaining computers
(either manually or using an AD synchronization task).
NOTE: If any of the migration steps fail you should roll back changes for ERA 6.x, setup the computers to connect
to ERA 4.x / 5.x, recover the backup data from ERA 4.x / 5.x and contact ESET customer care.
The consequence of this type of migration is that there wont be any logs exported between the process of backing
up the ERA 4.x / 5.x database and deploying the Agent on a client computer. However that data will still be present
on your old copy of ERA 4.x / 5.x.
138
Client computers should now connect to your new ERA Server using their original ERA Agent certificate, which is
being authenticated by the imported CA from the old ERA Server. If clients are not connecting, see Problems after
upgrade/migration of ERA Server.
140
Once you have everything running correctly on your new ERA Server, carefully decommission your old ERA Server
using our step-by-step instructions.
142
143
144
After accepting the EULA, click Next. Follow the instructions on-screen to complete installation and then click Finish.
If you use a username/password to access your Apache HTTP Proxy (step no. 8 in the Apache HTTP Proxy installation
topic), replace the following block of code:
<Proxy *>
Deny from all
</Proxy>
with this one (found in the backup of httpd.conf you made in step 1):
<Proxy *>
AuthType Basic
AuthName "Password Required"
AuthUserFile password.file
AuthGroupFile group.file
Require group usergroup
Order deny,allow
Deny from all
Allow from all
</Proxy>
If you had other customizations made to your httpd.conf file in place in your previous installation of Apache
HTTP Proxy, you can copy over those modifications from the backed-up httpd.conf file to the new (upgraded)
httpd.conf file.
5. Save your changes and start the ApacheHttpProxy service by executing the following command in an elevated
command prompt:
sc start ApacheHttpProxy
145
6. Test the connection to Apache HTTP Proxy by accessing the following URL in your browser:
http://localhost:3128/index.html
See the Apache HTTP Proxy log files if you need to troubleshoot an issue.
3. Download the Apache HTTP Proxy installer file from ESET download site and extract its contents to C:\Program
Files\Apache HTTP Proxy\. Overwriting the existing files.
4. Navigate to C:\Program Files\Apache HTTP Proxy\conf, right-click httpd.conf, from the context menu and select
Open with > Notepad
5. Add the following code at the bottom of httpd.conf:
ServerRoot "C:\Program Files\Apache HTTP Proxy"
DocumentRoot "C:\Program Files\Apache HTTP Proxy\htdocs"
<Directory "C:\Program Files\Apache HTTP Proxy\htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
CacheRoot "C:\Program Files\Apache HTTP Proxy\cache"
6. If you set a username/password to access your Apache HTTP Proxy (step no. 8 in the Apache HTTP Proxy
installation topic), replace the following block of code:
<Proxy *>
Deny from all
</Proxy>
with this one (found in your backed-up httpd.conf file you backed up in step 1):
<Proxy *>
AuthType Basic
AuthName "Password Required"
AuthUserFile password.file
AuthGroupFile group.file
Require group usergroup
Order deny,allow
Deny from all
Allow from all
</Proxy>
If you had other customizations made to your httpd.conf file in place in your previous installation of Apache
HTTP Proxy, you can copy over those modifications from the backed-up httpd.conf file to the new (upgraded)
httpd.conf file.
7. Save your changes and start the ApacheHttpProxy service by executing the following command in an
administrative command prompt:
sc start ApacheHttpProxy
8. Test the connection to Apache HTTP Proxy by accessing the following URL in your browser:
146
http://localhost:3128/index.html
See the Apache HTTP Proxy log files if you need to troubleshoot an issue.
How to upgrade
1. Stop the Apache Tomcat service and close Tomcat7w.exe:
a. Open a Run dialog, type services.msc, click OK.
b. Right-click the Apache Tomcat service and then click Stop.
c. Close Tomcat7w.exe in your system tray.
2. Back up the following files (in some cases the folder name is Tomcat 8.0):
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\server.xml
C:\Program Files\Apache Software Foundation\Tomcat 7.0\.keystore
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\tomcat-users.xml
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps/era/WEB-INF/classes/sk/eset/era/
g2webconsole/server/modules/config/EraWebServerConfig.properties
147
3. Download the latest supported version of the Apache Tomcat installer file apache-tomcat-[version].exe from
http://tomcat.apache.org.
4. Uninstall the current version of Apache Tomcat.
5. Delete the following folder if it is still present on your system:
C:\Program Files\Apache Software Foundation\Tomcat 7.0\
6. Navigate to the folder where you saved the All-in-one installer.
7. Copy apache-tomcat-[version].exe into the ./win32/installers or ./x64/installers directory. Delete the old Tomcat
installation file from this directory.
8. Open a Command Prompt, navigate to the All-in-one installer folder and run the following command:
Setup.exe --mode webconsole
9. Select ESET Remote Administrator Webconsole in the setup window, select your Language and click Next.
10. After accepting the EULA, click Next.
11. In the components window click Install.
12. Restore EraWebServerConfig.properties to its original location.
13. Connect to ERA Web Console and ensure that the program works correctly.
How to upgrade
1. Stop the Apache Tomcat service and close Tomcat7w.exe:
a. Open a Run dialog, type services.msc, click OK.
b. Right-click the Apache Tomcat service and then click Stop.
c. Close Tomcat7w.exe in your system tray.
2. Back up the following files (in some cases the folder name is Tomcat 8.0):
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\server.xml
C:\Program Files\Apache Software Foundation\Tomcat 7.0\.keystore
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\tomcat-users.xml
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps/era/WEB-INF/classes/sk/eset/era/
g2webconsole/server/modules/config/EraWebServerConfig.properties
3. Download the latest supported version of the Apache Tomcat installer file apache-tomcat-[version].exe from
http://tomcat.apache.org.
4. Uninstall the current version of Apache Tomcat.
148
Troubleshooting
If you are unsuccessful setting up an HTTPS connection for Apache Tomcat, you can skip this step and use an HTTP
connection temporarily.
If you are unable to upgrade Apache Tomcat, install your original version and apply the configuration from step 2.
3. Check our list of supported versions of Apache Tomcat to ensure that the new version is compatible with ESET
products.
How to upgrade
1. Stop the Apache Tomcat service:
Execute the following command: service
tomcat8 )
tomcat stop
2. Upgrade Apache Tomcat and Java according to the Linux distribution used. Execute the following commands in
Terminal:
Debian and Ubuntu
distributions
sudo-apt-get update
sudo apt-get install openjdk-7-jdk tomcat7
149
yum update
yum install java-1.8.0-openjdk tomcat
OpenSUSE
zypper refresh
zypper install java-1_8_0-openjdk tomcat
IMPORTANT: After upgrading Apache Tomcat to a later major version (for example Apache Tomcat version 7.x to
8.x):
Deploy ERA Web Console again (see ERA Web Console installation - Linux) and reuse %TOMCAT_HOME%/
webapps/era/WEB-INF/classes/sk/eset/era/g2webconsole/server/modules/config/EraWebServerConfig.properties
to preserve any custom settings in ERA Web Console.
Set up an HTTPS connection for Apache Tomcat.
3.
4.
5.
6.
Please note that for older ERA versions the ERA Agent service was running always only on the active node in the
failover cluster. Starting with ERA 6.3, the ERA Agent service is running on all nodes all the time. This way all nodes
can be monitored by ERA all the time.
Please be aware, that the change described above will cause that during upgrade new computer will be created at
least for one of the cluster nodes. If you do not need event history for them, do not forget to manually remove the
old computer(s) via ERA Console.
1. Disable EraService in Conga (Cluster Administration GUI) under Service groups and ensure that ERA Agent and ERA
Server are stopped on both nodes.
2. Upgrade ERA Server on node1 by performing the following steps:
o Mount the shared storage to this node
o Upgrade ERA Server manually to version 6.3 by executing .sudo ./Server-Linux-x86_64.sh command in a
Terminal window
o Replace the old cluster script located at /usr/share/cluster/eracluster_server.sh with the new one found in /
opt/eset/RemoteAdministrator/Server/setup/eracluster_server. Keep the old file name.
o Stop the ERA Server service (stop eraserver) after the upgrade
o Disable ERA Server autostart by renaming the following 2 files:
mv /etc/init/eraserver.conf /etc/init/eraserver.conf.disabled
mv /etc/init/eraserver-xvfb.conf /etc/init/eraserver-xvfb.conf.disabled
o Unmount the shared storage from node1
3. Upgrade ERA Server on node2 by performing the same steps as in previous point 2.
4. Remove old agent from node1 by ferforming the following steps:
o Mount the shared storage to this node
o Uninstall old ERA Agent (use the installer script with --uninstall parameter)
o Check whether your system has the following symbolic links
/etc/opt/eset -> /usr/share/erag2cluster/etc/opt/eset
/opt/eset -> /usr/share/erag2cluster/opt/eset
/var/log/eset -> /usr/share/erag2cluster/var/log/eset
/var/opt/eset -> /usr/share/erag2cluster/var/opt/eset
Command to list symbolic links in directory /etc/opt/:
find /etc/opt/ -maxdepth 1 -type l -ls
o If those symbolic links exist, remove them using the commands below
unlink /etc/opt/eset
unlink /opt/eset
unlink /var/log/eset
unlink /var/opt/eset
o Create new symbolic links - for each of them corresponding folder needs to be created first. Use the
commands below:
mkdir -p /etc/opt/eset/RemoteAdministrator
ln -s /usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator/Server /etc/opt/eset/RemoteAdministrat
mkdir -p /opt/eset/RemoteAdministrator
ln -s /usr/share/erag2cluster/opt/eset/RemoteAdministrator/Server /opt/eset/RemoteAdministrator/Serve
mkdir -p /var/log/eset/RemoteAdministrator
ln -s /usr/share/erag2cluster/var/log/eset/RemoteAdministrator/Server /var/log/eset/RemoteAdministrat
mkdir -p /var/opt/eset/RemoteAdministrator
ln -s /usr/share/erag2cluster/var/opt/eset/RemoteAdministrator/Server /var/opt/eset/RemoteAdministrat
151
5.
6.
7.
8.
152
5. Troubleshooting
Since ESET Remote Administrator is a complex product that uses several third-party tools and supports many OS
platforms, there is the potential that you will encounter issues that require troubleshooting.
ESET documentation includes several methods to troubleshoot ESET Remote Administrator, see Answers to
common installation issues to resolve some common issues with ESET Remote Administrator.
Unable to resolve your issue?
Each ERA component has a log file which can be configured to be more or less verbose. Review logs to identify
errors that might explain the issue you are having.
If you are unable to resolve your issue, you can visit the ESET Security Forum and consult the ESET community for
information about issues you may encounter.
When contacting ESET Customer Care, you may be asked by technical support to collect log files - to do so, use
ESET Log Collector or our Diagnostic Tool to collect the necessary logs. We strongly recommend that you include
logs when contacting support to speed up your customer care service request.
Linux:
netstat | grep 2222
netstat | grep 2223
153
Windows users: run and review information in Task Manager or Event Viewer
Linux users may run any of these commands:
df -h (to review disk space information)
cat /proc/meminfo (to review memory space information)
dmesg (to review your Linux system healh)
Error with ODBC connector during ERA Server installation
Error: (Error 65533) ODBC connector compatibility check failed.
Please install ODBC driver with support for multi-threading.
Reinstall an ODBC driver version that supports multi-threading or reconfigure odbcinst.ini as shown in the
ODBC configuration section.
Error with a database connection during ERA Server installation
Installation of ERA Server finishes with the following error message:
Error: It is not possible to store big blocks of data in the database.
Please reconfigure the database server first.
Verify that the configuration of your database driver matches that shown as in the ODBC configuration section.
ERA Agent
The message "The database cannot be upgraded. Please remove the product first." is displayed during Agent
uninstallation
Repair ERA Agent:
1. Navigate to Control Panel > Programs and Features and double-click ESET Remote Administrator Agent.
2. Click Next > Repair and follow the instructions.
Are there any other ways how to uninstall ERA Agent?
All possible ways of uninstalling ERA Agent are described in Uninstallation seciton.
Error Code 1603 occurred during the Agent installation
This error can occur when the installer files are not located on the local disk. To fix this copy the installer files
to the local directory and run the installation again. If the files are already present, or the error persists, follow
our Knowledgebase instructions.
Web Console
How to resolve the following error messages in Web Console?
Login Failed, Connection has failed with state of 'Not connected'?
Check to see whether the ERA Server service and your database service are running. Additionally, ensure
that the connection is not broken. If they are not running, restart the services, refresh Web Console and
then try to log in again. Review the log files for your database service (MS SQL, MySQL) for more
information.
Login failed: Communication error
Verify that Apache Tomcat is running and working properly. Review the log files for Apache Tomcat.
154
If you experience problems with the HTTPS connection to Web Console, see HTTPS/SSL connection set up.
Apache HTTP Proxy
Apache HTTP Proxy cache has its size in GigaBytes and it is still growing
If you have installed Apache HTTP Proxy using All-in-one installer, clean-ups are automatically enabled. If
clean-ups are not working correctly, perform a clean-up manually or schedule a clean-up task.
Updates of virus signature database are not working after Apache HTTP Proxy is installed
If client workstations are not able to update, see our Knowledgebase instructions to disable Apache HTTP Proxy
on endpoint workstations for a temporary period. After connection issues are resolved, consider enabling
Apache HTTP Proxy again.
Remote update of ERA Agent fails with error code 20008
If remote update of ERA Agent fails with the following message:
GetFile: Failed to process the HTTP request (error code 20008, url: 'http://repository.eset.com/v1//info.meta')
follow steps I - III in this article to troubleshoot the connection issue. In case the machine on which ERA Agent
is supposed to be updated is outside your corporate network, configure a policy for ERA Agent not to use a
proxy to connect to repository when outside the corporate network.
ESET Rogue Detector Sensor
Why is the following error message continuously logged in ESET Rogue Detector's trace.log?
Information: CPCAPDeviceSniffer [Thread 764]:
CPCAPDeviceSniffer on rpcap://\Device\NPF_{2BDB8A61-FFDA-42FC-A883-CDAF6D129C6B} throwed error:
Device open failed with error:Error opening adapter: The system cannot find the device specified. (20)
This is a problem with WinPcap. Stop the ESET Rogue Detector Sensor service, reinstall the latest version of
WinPcap (at least 4.1.0) and restart the ESET Rogue Detector Sensor service.
Linux
Missing libQtWebKit dependecy on CentOS Linux
If the following error is displayed:
Error: CReportPrinterModule [Thread 7f5f4c7b8700]:
ReportPrinter: ReportPrinterTool exited with:
/opt/eset/RemoteAdministrator/Server//ReportPrinterTool:
error while loading shared libraries: libQtWebKit.so.4:
cannot open shared object file: No such file or directory [code:127]
The issue is probably caused by environment/locale settings. Running the following command before the
server installer script should help:
export LC_ALL="en_US.UTF-8"
C:\ProgramData\ESET\RemoteAdministrator\Server
\EraServerApplicationData\Logs\
ERA Agent
C:\ProgramData\ESET\RemoteAdministrator\Agent
\EraAgentApplicationData\Logs\
C:\ProgramData\ESET\RemoteAdministrator\MDMCore\Logs\
ERA Proxy
C:\ProgramData\ESET\RemoteAdministrator\Proxy
\EraProxyApplicationData\Logs\
1. Navigate to Start > Control Panel > Folder Options > View.
2. Select Show hidden files, folders and drives and click OK.
156
Linux
ERA Server
/var/log/eset/RemoteAdministrator/Server/
/var/log/eset/RemoteAdministrator/EraServerInstaller.log
ERA Agent
/var/log/eset/RemoteAdministrator/Agent/
/var/log/eset/RemoteAdministrator/EraAgentInstaller.log
/var/log/eset/RemoteAdministrator/MDMCore/
/var/log/eset/RemoteAdministrator/MDMCore/Proxy/
/var/log/httpd/
ERA Proxy
/var/log/eset/RemoteAdministrator/Proxy/
ERA RD Sensor
/var/log/eset/RogueDetectionSensor/
/root/appliance-configuration-log.txt
ERA Server
/var/log/eset/RemoteAdministrator/EraServerInstaller.log
OS X
/Library/Application Support/com.eset.remoteadministrator.agent/Logs/
/Users/%user%/Library/Logs/EraAgentInstaller.log
157
Usage (Windows)
1. Run the tool using a Command Prompt.
2. Enter the location of log files to be stored (in our example "logs") and press Enter.
3. Enter the information you want to gather (in our example 1
information.
4. When your ar finished, you can find the log files compressed in a .zip file in the "logs" directory in the
Diagnostic Tool location.
158
Actions
ActionEraLogs - A logs folder is created where all logs are saved. To specify certain logs only, use a space to
separate each log.
ActionGetDumps - A new folder is created. A process dump file is generally created in cases where a problem
was detected. When a serious problem is detected, a dump file is created by system. To check it manually, go to
the folder %temp% (in Windows) or folder /tmp/ (in Linux) and insert a dmp file.
NOTE: The component service (Agent, Proxy, Server, RD Sensor, FileServer) must be running.
ActionGeneralApplicationInformation - The GeneralApplicationInformation folder is created and inside it the
file GeneralApplicationInformation.txt. This file contains text information including the product name and
product version of the currently installed product.
ActionConfiguration - A configuration folder is created where file storage.lua is saved.
159
6. Click Repair.
7. Connect to Web Console again and check if everything is OK.
161
6. First Steps
After you have successfully installed ESET Remote Administrator you can begin setting things up.
First, open ERA Web Console in your web browser and log in.
Getting to know ERA Web Console
Before you begin initial setup, we recommend that you get to know the ERA Web Console, as it is the interface
used to manage ESET security solutions. Our Post-Installation Tasks will guide you through recommended steps
for an optimal setup experience.
User account creation
During installation you create the default administrator account. We recommend that you save the
Administrator account and create a new account to manage clients and configure their permissions.
Adding client computers, servers and mobile devices on your network to ERA
During installation, you can choose to search your network for computers (clients). All clients found will be
listed in the Computers section when you start ESET Remote Administrator. If clients are not shown in the
Computers section, run a Static Group Synchronization task to search for computers and show them in groups.
Deploying an Agent
Once client computers are found, deploy the Agent to them. The Agent provides communication between ESET
Remote Administrator and clients.
Installing ESET product (including activation)
To keep your clients and network secure, use the Software Install task to install ESET products.
Creating/editing groups
We recommend that you sort clients into static or dynamic Groups based on various criteria. This makes
managing clients easier and helps you keep an overview of your network.
Creating a new policy
Policies allow you to push specific configurations to ESET products on your client computers. This allows you to
avoid configuring each client's ESET product manually. Once you have created a new policy with your custom
configuration, you can assign it to a group (either static or dynamic) to apply your custom settings to all the
computers in that group.
Assigning policy to a group
As explained above, in order for a policy to be applied it needs to be assigned to a group. Computers that belong
to the group will have the policy applied to them. The policy is applied every time an Agent connects to ERA
Server.
Setting up Notifications and creating Reports
To keep a better overview of what is going on with client computers in your environment, we recommend that
you use notifications and reports. For example, if you want to be notified that a certain event occurred or want
to see or download a report.
162
If this is your first login, please provide the credentials you entered during the Installation process. For more details
about this screen, see Web Console login screen.
NOTE: In the rare case that you do not see the login screen or when the login screen appears to be constantly
loading, restart the ESET Remote Administrator Server service. Once the ESET Remote Administrator Server service is
up and running again, restart the Apache Tomcat service. After this, the Web Console login screen will load
successfully.
163
164
8. FAQ
Why are we installing Java on a server? Doesnt this create a security risk? The majority of all security companies
and security frameworks recommend you uninstall Java from computers and especially from servers.
ERA Web Console requires Java to function. Java is an industry standard for web-based consoles, where all major
web consoles are using Java and Web Server (Apache Tomcat) for their operation. Java is necessary to support a
multi-platform web server.
Although ERA Web Console requires at least Java version 7, we strongly recommend you use the latest officially
released version of Java. It is possible to install Web Server on a dedicated machine, in case the security is a risk.
After installing SQL Server Express (included in my ERA package) on my Windows Server 2012 it does not appear to
be listening on a standard SQL port. It is most likely listening to a port other than the default, port 1433.
165
Why is my ERA installation failing during database setup? I have binary logging enabled in MySQL.
A: ERA v6.2 does not support MySQL databases with binary log enabled at all. Please disable binary log in MySQL
or use a newer version of ERA.
A: ERA v6.3 does not support STATEMENT based binary log format. Please use ROW or MIXED binary log formats.
For more information on MySQL binary logs, see https://dev.mysql.com/doc/refman/5.6/en/binary-log.html and
https://dev.mysql.com/doc/refman/5.6/en/replication-options-binary-log.html#sysvar_binlog_format
Can ERA Installer create a new database for me in an existing SQL Server installation, if I give it the proper SQL
Server connection details and credentials? It would be convenient if the installer supported different versions of
SQL Server (2008, 2014, etc.).
Database is created by Server.msi. So, yes, it can create an ERA database for you on individually installed SQL Server
instances. And yes, the supported versions of SQL Server are 2008, 2012, 2014.
If installing on an existing SQL Server, should the SQL Server use built-in Windows Authentication mode by default?
No, because Windows Authentication mode can be disabled on the SQL Server and the only way to log in is to use
SQL Server Authentication (entering a Username and Password). You must use the SQL Server Authentication or
Mixed Mode. When manually installing the SQL Server, we recommend you create a root password (root user is
named sa, which stands for security admin) and store it for later in a safe place. The root password may be needed
when upgrading the ERA Server.
I had to install Microsoft .NET Framework 3.5 as ERA Installer pointed me to (http://www.microsoft.com/en-us/
download/details.aspx?id=21), but that did not work on a fresh installation of Windows Server 2012 R2 with SP1.
This installer cannot be used on Windows Server 2012 because of the Windows Server 2012 security policy.
Microsoft .NET Framework must be installed via the Roles and Features Wizard.
Microsoft .NET 4.5 framework was already installed on my system. I had to use the Roles and Features Wizard to add
.NET 3.5. Why doesn't ESET Remote Administrator support .NET 4.5?
Because .NET 4.5 is not backwards compatible with .NET 3.5, which is a prerequisite of the SQL Server installer.
166
It is very difficult to tell whether the SQL Server installation is running. How can I tell what is happening if the
installation takes more than 10 minutes?
The SQL Server installation can, in rare cases, take up to 1 hour. Install times depend on system performance.
How do I reset the Administrator password for my Web Console (entered during set up)?
It is possible to reset the password by running the server installer and choosing Repair. Be aware the password may
be required to gain access to the ERA database if you did not use Windows Authentication during creation of the
database.
NOTE: Please be careful, some of the repair options can potentially remove stored data.
When importing a file containing a list of computers to add to ERA, what is the format required for the file?
See FAQs in the Administrator guide.
Can you use IIS instead of Apache? What about another HTTP server?
IIS is an HTTP server. The web console needs a Java servlet container (like Tomcat) to run, the HTTP server is not
sufficient. There have been solutions about how to change IIS into a Java servlet container, but in general, this is not
supported.
NOTE: We do not use Apache HTTP Server, we use Apache Tomcat, which is a different product.
Is there any way to use the wizard for installing on a domain controller?
You can use the wizard but you have to uncheck the installation of the SQL in the component selection window.
167
Will the ERA server installation detect if SQL is already installed on the system? What happens if it does? What
about MySQL?
ERA will check for SQL running on a system in case you are using the installation wizard and you have selected SQL
express to install. In the event there is already an SQL running on a system, the wizard will display a notification to
uninstall the existing SQL, and then run the installation again, or to install ERA without SQL Express. See database
requirements for ERA.
How do I perform a component-based upgrade of ESET Remote Administrator 6.1.21, 6.1.28 or 6.2.11 to the latest
version?
Windows OS: http://support.eset.com/kb3668/
Linux OS: http://support.eset.com/kb3670/
How do I reinstall my ERA Server and connect it to an existing SQL server if the SQL server was set up automatically
by the initial ERA install?
If you are installing the new instance of the ERA Server using the same user account (for example, a domain
administrators account) under which you have installed the original ERA server, you can use MS SQL Server via
Windows Authentication.
Is there a way to use my own network resource (like SMB share) instead of the repository?
You can choose to provide the direct URL where a package is located. If you are using a file share, specify it in a
following format: file:// followed by the full network path to the file, for example:
file://\\eraserver\install\ees_nt64_ENU.msi
168
Open Programs and Features (run appwiz.cpl), locate ESET Remote Administrator Server and right-click.
Select Change from the context menu.
Choose Repair.
Specify database connection details.
Select Use existing database and apply upgrade.
Deselect Use password already Stored in database and enter a new password.
Log into the ERA Web Console with your new password.
NOTE: We strongly recommend you create additional accounts with specific access rights based on your desired
account competencies.
169
Can I upgrade from ERA v.5/v.4 to v.6 directly via All-in-one installer?
The direct upgrade is not supported, we recommend you use migration tool. For more details, please review
Upgrade from previous ERA version and our ESET Knowledgebase article: How do I upgrade ESET Remote
Administrator 5 to version 6?
I am receiving error messages or have problems with ESET Remote Administrator, what should I do?
See Troubleshooting FAQs.
170