MDM Troubleshooting
MDMCore configuration and log files
See also log files of other ESET PROTECT components.
Location |
File details |
|---|---|
Windows: %ProgramData%\ESET\RemoteAdministrator\MDMCore\Configuration |
•startupconfiguration.ini (Windows), startupconfiguration.ini (Linux) - The database connection information. •loggerLevel.cfg - A single line specifying an override log level for logging. This file takes priority over the setting in any policy (and can be used in cases where policy cannot be delivered). If recognized, the line "Setting log level from loggerLevel.cfg override file to XYZ" is output to the trace log (information level). Recognized values: all, trace, debug, information, warning, error, critical, fatal. When set to all, it also logs all communication to phones. •shouldLogPhoneComm.cfg - A single line specifying whether communication to phones should be logged into a separate log file. Recognized values: 1, true, log. •skipPnsCertCheck.cfg - A single line specifying whether PNS service certificate should be validated. |
Windows: %ProgramData%\ESET\RemoteAdministrator\MDMCore\Data\MultiAgent Linux: /var/opt/eset/RemoteAdministrator/MDMCore/MultiAgent |
Trace logs of individual agents in per-agent subfolders. |
Windows: %ProgramData%\ESET\RemoteAdministrator\MDMCore\Dumps Linux: /var/opt/eset/RemoteAdministrator/MDMCore/Dumps |
Crashdumps that have not been sent to the ESET CrashReporting service yet. |
Windows: %ProgramData%\ESET\RemoteAdministrator\MDMCore\Logs Linux: /var/log/eset/RemoteAdministrator/MDMCore |
•trace.log, trace.log.<N>.gz - The trace log of MDMCore. The numbered gzipped files are older contents of the log. |
Windows: %ProgramData%\ESET\RemoteAdministrator\MDMCore\Logs\Proxy Linux: /var/log/eset/RemoteAdministrator/MDMCore/Proxy |
•trace.log, trace.log.<N>.gz - The trace log of MDMCore's MultiProxy component. The numbered gzipped files are older contents of the log. |
Windows: %ProgramData%\ESET\RemoteAdministrator\MDMCore\Modules Linux: /var/opt/eset/RemoteAdministrator/MDMCore/Modules |
•em*.dat - Config Engine and Loader modules. |
Windows: %ProgramFiles%\ESET\RemoteAdministrator\MDMCore Linux: /opt/eset/RemoteAdministrator/MDMCore |
All executable files needed by MDMCore. |
MDM error messages
The Enrollment token is already being used or is not valid
It is likely that you are attempting to re-enroll with an old enrollment token. Create a new re-enrollment token in the Web Console and use that one instead. It is also possible that you are attempting a second re-enrollment too soon after the first one. Verify that the re-enrollment token is different from the first one. If it is not, then wait a few minutes and try to generate a new re-enrollment token again.
Service certificate validation failed
This error message indicates that there is a problem with your APNS or FCM service certificate. This is announced in ESET PROTECT Web Console as one of the following warnings under MDM Core alerts:
•FCM service certificate validation failed (0x0000000100001002)
•APNS service certificate validation failed (0x0000000100001000)
•APNS Feedback service certificate validation failed (0x0000000100001004)
Make sure you have the correct Certificate Authority available on your system:
•APNS Certificate Authority: Entrust Certification Authority, need to validate certificate from gateway.push.apple.com:2195;
•APNS Feedback Certificate Authority: Entrust Certification Authority, need to validate certificate from feedback.push.apple.com:2196;
•FCM Certificate Authority: GeoTrust Global CA, need to validate certificate from android.googleapis.com:443.
The desired Certificate Authority should be included in the certificate store on the MDM host machine. In a Windows system, you can search for "Manage Trusted Root Certificates". In a Linux system, the certificate location is dependent on the distribution you are using. Some examples of certificate store destinations include:
•on Debian, CentOS: /usr/lib/ssl/cert.pem, /usr/lib/ssl/certs;
•on Red Hat: /usr/share/ssl/cert.pem, /usr/share/ssl/certs;
•command openssl version -d usually returns desired path.
If the desired Certification Authority is not installed on the system the MDM Core is running on, install it. Following installation, restart the ESET PROTECT MDC service.
|
Use caution, certificate validation is a security feature, so if the warning occurs in Web Console it could also indicate a security threat. |
