Eset Era 63 Era Install Enu Guia de Instalacion Del Antivirus ESET Nod32 Endpoint

ESET
REMOTE
ADMINISTRATOR 6
Installation, Upgrade and Migration Guide
Click here to navigate to the most recent version of this document
Click here to display Online help version of this document
ESET REMOTE ADMINISTRATOR 6

Copyright
2016 by ESET, spol. s r.o.
ESET Remote Admi ni s tra tor 6 wa s devel oped by ESET, s pol . s r.o.
For more i nforma ti on vi s i t www.es et.com.
Al l ri ghts res erved. No pa rt of thi s documenta ti on ma y be reproduced, s tored i n a
retri eva l s ys tem or tra ns mi tted i n a ny form or by a ny mea ns , el ectroni c, mecha ni ca l ,
photocopyi ng, recordi ng, s ca nni ng, or otherwi s e wi thout permi s s i on i n wri ti ng from
the a uthor.
ESET, s pol . s r.o. res erves the ri ght to cha nge a ny of the des cri bed a ppl i ca ti on s oftwa re
wi thout pri or noti ce.
Cus tomer Ca re: www.es et.com/s upport
REV. 5/30/2016
Contents
3.2.5.3
Agent
..................................................................................71
uninstallation and troubleshooting
1. Installation/Upgrade
.......................................................5
3.2.6
Web ..............................................................................72
Console installation
1.1 Features
....................................................................................................5
3.2.7
Proxy..............................................................................72
installation
3.2.7.1
Proxy
..................................................................................73
prerequisites
RD Sensor
..............................................................................73
installation
1.2 Architecture
....................................................................................................6
1.2.1
Server..............................................................................6
3.2.8
1.2.2
Web Console
..............................................................................7
3.2.8.1
RD..................................................................................73
Sensor prerequisites
1.2.3
Agent ..............................................................................7
3.2.9
Mobile
..............................................................................74
Device Connector installation
1.2.4
Proxy ..............................................................................8
3.2.9.1
Mobile
..................................................................................75
Device Connector prerequisites
1.2.5
Rogue..............................................................................9
Detection Sensor
3.2.9.2
Mobile
..................................................................................76
Device Connector activation
1.2.6
Mobile
..............................................................................11
Device Connector
3.2.9.3
MDM
..................................................................................77
iOS licensing funcionality
1.2.7
Apache
..............................................................................11
HTTP Proxy
3.2.9.4
Import
..................................................................................77
HTTPS certificate chain for MDM
3.2.10
Apache
..............................................................................79
HTTP Proxy installation and cache
3.2.11
Mirror
..............................................................................80
tool
3.2.12
Failover
..............................................................................83
Cluster
1.3 Deployment
....................................................................................................12
1.3.1
Single..............................................................................13
Server (Small Business)
1.3.2
Remote
..............................................................................14
Branches with Proxies
1.3.3
High ..............................................................................15
Availability (Enterprise)
1.3.4
Practical
..............................................................................16
deployment examples (Windows)
1.4 Supported
....................................................................................................17
products and languages
1.5 Differences
....................................................................................................18
to version 5
2. System
.......................................................20
requirements
2.1 Supported
....................................................................................................20
Operating Systems
2.1.1
Windows
..............................................................................20
2.1.2
Linux..............................................................................22
2.1.3
OS X ..............................................................................23
2.2 Supported Desktop Provisioning

....................................................................................................23
Environments
2.3 Hardware
....................................................................................................24
2.4 Database
....................................................................................................24
3.3 Component
....................................................................................................84
installation on Linux
3.3.1
Step-by-step
..............................................................................84
ERA Server installation on Linux
3.3.2
MySQL
..............................................................................85
installation and configuration
3.3.3
ODBC..............................................................................86
installation and configuration
3.3.4
Server
..............................................................................87
installation - Linux
3.3.4.1
Server
..................................................................................89
prerequisites - Linux
3.3.5
Agent..............................................................................90
3.3.5.1
Agent
..................................................................................92
3.3.6
Web ..............................................................................92
Console installation - Linux
3.3.6.1
ERA
..................................................................................93
Web Console prerequisites - Linux
3.3.7
Proxy..............................................................................93
3.3.7.1
Proxy
..................................................................................95
3.3.8
RD Sensor
..............................................................................95
installation and prerequisites - Linux
3.3.9
Mobile
..............................................................................96
Device Connector installation - Linux
3.3.9.1
Mobile
..................................................................................97
Device Connector prerequisites - Linux
2.5 Supported
....................................................................................................25
versions of Apache Tomcat
3.3.10
Apache
..............................................................................98
HTTP Proxy installation - Linux
2.6 Supported Web browsers for ERA Web

Console
....................................................................................................25
3.3.11
Squid
..............................................................................101
HTTP Proxy installation on Ubuntu Server 14.10
3.3.12
Mirror
..............................................................................101
tool
2.7 Network
....................................................................................................25
3.3.13
Failover
..............................................................................104
Cluster - Linux
3.3.14
How..............................................................................106
to uninstall or reinstall a component - Linux
2.7.1
Ports..............................................................................25
used
3. Installation
.......................................................28
process
3.1 All-in-one
....................................................................................................28
installation on Windows
3.4 Component
....................................................................................................106
installation on Mac OS X
3.4.1
Agent
..............................................................................106
installation - Mac OS X
3.5 Database
....................................................................................................107
3.1.1
Install
..............................................................................29
ERA Server
3.1.2
Install
..............................................................................38
ERA Proxy
3.5.1
Database
..............................................................................107
Server Backup
3.1.3
Install
..............................................................................43
ERA Mobile Device Connector (Standalone)
3.5.2
Database
..............................................................................108
Server Upgrade
3.1.4
Uninstall
..............................................................................47
components
3.5.3
ERA..............................................................................108
Database Migration
3.1.5
Custom
..............................................................................49
certificates with ERA
3.5.3.1
Migration
..................................................................................108
process for SQL Server
3.1.6
Windows
..............................................................................60
SBS / Essentials
3.5.3.2
Migration
..................................................................................117
process for MySQL Server
3.6 ISO
....................................................................................................118
image
3.2 Component
....................................................................................................62
installation on Windows
Server
..............................................................................64
installation
3.7 DNS
....................................................................................................119
Service Record
3.2.1
3.2.1.1
Server
..................................................................................66
prerequisites - Windows
3.2.2
Microsoft
..............................................................................67
SQL Server requirements
3.2.3
MySQL
..............................................................................68
Server installation and configuration
4. Upgrade, migration and reinstallation

.......................................................120
procedures
3.2.4
Dedicated
..............................................................................69
database user account
4.1 Component
....................................................................................................120
upgrade task
3.2.5
Agent..............................................................................69
installation
3.2.5.1
Server-assisted
..................................................................................70
Agent installation
3.2.5.2
Offline
..................................................................................71
Agent installation
4.1.1
Product
..............................................................................129
installation using component upgrade
4.2 Migration
....................................................................................................129
from previous ERA version
4.2.1
Migration
..............................................................................131
scenario 1
4.2.2
Migration
..............................................................................133
scenario 2
4.2.3
Migration
..............................................................................136
scenario 3
4.3 Migration
....................................................................................................138
from one server to another
4.3.1
Clean
..............................................................................139
Installation - same IP address
4.3.2
Clean
..............................................................................140
Installation - different IP address
4.3.3
Migrated
..............................................................................141
Database - same IP address
4.3.4
Migrated
..............................................................................142
Database - different IP address
4.3.5
Uninstallation
..............................................................................143
of the old ERA Server
4.4 Upgrade ERA installed in Failover

....................................................................................................143
Cluster
in Windows
4.5 Upgrading
....................................................................................................144
Apache HTTP Proxy
4.5.1
Windows
..............................................................................144
instructions (All-in-one installer)
4.5.2
Windows
..............................................................................146
instructions (manual)
4.6 Upgrading
....................................................................................................147
Apache Tomcat
4.6.1
Windows
..............................................................................147
instructions (All-in-one installer)
4.6.2
Windows
..............................................................................148
instructions (manual)
4.6.3
Linux
..............................................................................149
instructions
4.7 Change of IP address or hostname on

ERA
....................................................................................................150
Server
4.8 Upgrade ERA installed in Failover
Cluster
....................................................................................................150
in Linux
5. Troubleshooting
.......................................................153
5.1 Answers
....................................................................................................153
to common installation issues
5.2 Log
....................................................................................................156
files
5.3 Diagnostic
....................................................................................................158
Tool
5.4 Problems after upgrade/migration of
....................................................................................................159
ERA
Server
5.5 MSI
....................................................................................................161
Logging
6. First
.......................................................162
Steps
6.1 Opening
....................................................................................................162
the ERA Web Console
7. ESET
.......................................................164
Remote Administrator API
8. FAQ.......................................................165
1. Installation/Upgrade
ESET Remote Administrator (ERA) is an application that allows you to manage ESET products on client workstations,
servers and mobile devices in a networked environment from one central location. With ESET Remote
Administrator's built-in task management system, you can install ESET security solutions on remote computers and
quickly respond to new problems and threats.
ESET Remote Administrator does not provide protection against malicious code by itself. Protection of your
environment depends on the presence of an ESET security solution such as ESET Endpoint Security on workstations
and mobile devices, or ESET File Security for Microsoft Windows Server on server machines.
ESET Remote Administrator is built around two primary principles:
1. Centralized management - the entire network can be configured, managed and monitored from one place.
2. Scalability - the system can be deployed in a small network as well as in large enterprise environments. ESET
Remote Administrator is designed to accommodate the growth of your infrastructure.
ESET Remote Administrator supports the new generation of ESET security products and is also compatible with the
previous generation of products.
The Installation/Upgrade guide covers many ways to install ESET Remote Administrator and is generally intended
for enterprise customers. Please refer to the guide for small and medium-sized businesses if you want to install
ESET Remote Administrator on a Windows platform to manage up to 250 Windows ESET endpoint products.
The ESET Remote Administrator help pages include a complete Installation and upgrade guide:
Architecture of ESET Remote Administrator
Migration Tool
Installation processes
ESET License Administrator
Deployment processes and Agent deployment using GPO or SCCM
First steps after installing ESET Remote Administrator
Post Installation Tasks
Administration guide
1.1 Features
The following features and capabilities are new in version 6.3:
Platform independency - ERA Server works on both Windows and Linux!
Post Installation Tasks - shows you how to get the most from ESET Remote Administrator and guide you through
the recommended steps for an optimal user experience.
ERA Web Console, the primary user interface for ESET Remote Administrator, is accessed using your web browser.
This makes it easy to use from any place and any device.
ESET License Administrator - ESET Remote Administrator must be activated using an ESET-issued License key
before you can begin using it. See the ESET License Administrator section for instructions on how to activate your
product, or see the ESET License Administrator Online help for more information about using the ESET License
Administrator.
A fully customizable Dashboard gives you a great overview of the security state of your network and the Admin
section of ESET Remote Administrator Web Console (ERA Web Console) is a powerful and user-friendly tool for
managing ESET products.
ERA Agent - the ERA Agent must be installed on all client computers that communicate with the ERA Server.
Notifications - deliver relevant information in real time and Reports allows you to conveniently sort various types
of data that you can use later.
1.2 Architecture
ESET Remote Administrator is a new generation of remote management system and differs significantly from
previous versions of ESET Remote Administrator. Since the architecture is completely different, there is no
backward compatibility with old generation of ESET Remote Administrator. However, compatibility with previous
versions of ESET security products remains.
Together with new ESET Remote Administrator, ESET also released new generation of its security products along
with a new licensing system.
To perform a complete deployment of the ESET security solutions portfolio, the following components must be
installed (Windows and Linux platforms):
ERA Server
ERA Web Console
ERA Agent
The following supporting components are optional, we recommend that you install them for best performance of
the application on the network:
ERA Proxy
RD Sensor
Mobile Device Connector
1.2.1 Server
ESET Remote Administrator Server (ERA Server) is the executive application that processes all data received from
clients that connect to the Server (through the ERA Agent). To correctly process data, the Server requires a stable
connection to a database server where network data is stored. We recommend that you install the database server
on a different computer to achieve better performance.
1.2.2 Web Console

ERA Web Console is a web-based user interface that allows you to manage ESET security solutions in your
environment. It displays an overview of the status of clients on your network and can be used to deploy ESET
solutions to unmanaged computers remotely. The Web Console is accessed using your browser (see Supported Web
browsers). If you choose to make the web server accessible from the internet, you can use ESET Remote
Administrator from virtually any place and device.
1.2.3 Agent
The ESET Remote Administrator Agent (ERA Agent) is an essential part of ESET Remote Administrator 6. Clients do
not communicate with the Server directly, rather the Agent facilitates this communication. The Agent collects
information from the client and sends it to the ERA Server. If the ERA Server sends a task for the client - it is sent to
the Agent which then sends this task to the client.
To simplify implementation of the endpoint protection the stand-alone ERA Agent is included in the ERA suite (from
version 6). It is simple, highly modular and lightweight service covering all communication between ERA Server and
any ESET product or operating system. Rather than communicate with the ERA Server directly, ESET products
communicate through the Agent. Client computers that have ESET Agent installed and can communicate with the
ERA Server are referred to as 'managed'. You can install the Agent on any computer regardless of whether or not
other ESET software has been installed.
The benefits are:

Easy set-up it is possible to deploy Agent as a part of standard corporate installation.
On-place security management since the Agent can be configured to store several security scenarios, reaction
time to threat is significantly lowered.
Off-line security management the Agent can respond to an event if it is not connected to the ERA Server.
1.2.4 Proxy
ERA Proxy is a lightweight version of the ERA Server component. This type of server is used to allow a high degree of
scalability. ERA Proxy allows you to concentrate traffic from client Agents. It allows multiple Agents to connect to
the ERA Proxy, which then distributes traffic to the ERA Server. This allows for the optimization of database queries.
It is also possible for the ERA Proxy to connect to other ERA Proxy and then to the ERA Server. Everything depends
on the network environment and its configuration.
What is the difference between ERA Proxy and Apache HTTP Proxy?
The ERA Proxy is also responsible for passive distribution of configuration data (groups, policies, tasks, etc.) to
Agents. This forwarding is done with no involvement from the ERA Server.
The only way to configure the ERA Proxy (and all other components) is via policy sent from the ERA Server. This
means that the Agent must be installed on the ERA Proxy machine to deliver the configuration from the ERA Server
to the ERA Proxy component.
NOTE: It is not possible for the ERA Server to connect to the ERA Proxy directly without the Agent.
ERA Proxy is another component of ESET Remote Administrator and serves two purposes. In the case of a mediumsized or enterprise network with many clients (for example, 10,000 clients or more), you can use ERA Proxy to
distribute load between multiple ERA Proxies, thereby distributing load away from the main ERA Server. Another
advantage of the ERA Proxy is that you can use it when connecting to a remote branch office with a weak link. This
means that ERA Agent on each client is not connecting to the main ERA Server directly, but rather via ERA Proxy,
which is on the same local network of the branch office. This configuration offers better communication with the
branch office. The ERA Proxy accepts connections from all local ERA Agents, compiles their data and uploads it to the
main ERA Server (or another ERA Proxy). This allows your network to accommodate more clients without
compromising the performance of your network and database queries.
For proper function of the ERA Proxy, the host computer where you install ERA Proxy must have an ESET Agent
installed and must be connected to the upper level (either ERA Server or an upper ERA Proxy, if there is one) of your
network.
NOTE: See a deployment scenario with ERA Proxy.
1.2.5 Rogue Detection Sensor

Rogue Detection Sensor (RD Sensor) is a rogue system detector tool that searches your network for computers. The
Sensor is convenient because it can locate new computers from ESET Remote Administrator without the need to
search and add them manually. Discovered machines are immediately located and reported in a predefined report,
allowing you to move them to specific static groups and proceed with management tasks.
RD Sensor is a passive listener that detects computers that are present on the network and sends information about
them to the ERA Server. ERA Server then evaluates whether the PCs found on the network are unknown to ERA
Server or already managed.
Every computer within the network structure (domain, LDAP, Windows network) is added to ERA Server's computers
list automatically via a server synchronization task. Using RD sensor is a convenient way to find computers that are
not in the domain or other network structure and add them to ESET Remote Administrator Server. RD Sensor
remembers computers that are already discovered and will not send the same information twice.
10
1.2.6 Mobile Device Connector

ESET Mobile Device Connector (ESET MDC) is a component that allows for Mobile Device Management with ESET
Remote Administrator, permitting you to manage mobile devices (Android and iOS) and administer ESET Endpoint
Security for Android.
1.2.7 Apache HTTP Proxy

Apache HTTP Proxy is a proxy service that can be used in combination with ESET Remote Administrator 6 and later to
distribute updates to client computers. Apache HTTP Proxy performs a similar role to the mirror server feature
popular in ESET Remote Administrator 5 and earlier.
Using Apache HTTP Proxy offers the following benefits:
Downloads and caches
- virus signature database updates,
- activation tasks,
- ERA repository data,
- product component updates,
and then distributes them to endpoint clients on your network.
Minimized internet traffic on your network.
Compared to the Mirror tool, which downloads all available data on ESET update servers, Apache HTTP Proxy
downloads only data requested by ERA components or ESET endpoint products to reduce network load. If an
endpoint client requests an update, Apache HTTP Proxy downloads it from ESET update servers, saves the update
to its cache directory and serves it to the particular endpoint client. If another endpoint client requests the same
update, then Apache HTTP Proxy serves the download to the client directly from cache, so there is no additional
download from ESET update servers.
The following scheme illustrates a proxy server (Apache HTTP Proxy) used to distribute ESET cloud traffic to all ERA
components and ESET endpoint products. Note that ERA Proxy (not Apache HTTP Proxy!) is used to collect and
forward aggregated data from ERA components in a remote location (for example a branch office) to ERA Server in a
primary location (for example a HQ office). Two locations are used to demonstrate different roles covered by ERA
Proxy and Apache HTTP Proxy.
What is the difference between ERA Proxy and Apache HTTP Proxy?
11
NOTE: For offline virus database updates, use the Mirror tool instead of Apache HTTP Proxy. This tool is available
for both platforms (Windows and Linux).
1.3 Deployment
In the following chapters, we will cover deployment scenarios for different network environments. For more
detailed instructions, see the appropriate chapter:
Single Server (Small Business)
High Availability (Enterprise)
Remote Branches with Proxies
12
1.3.1 Single Server (Small Business)

To manage small networks (1000 clients or less), a single machine with ERA Server and all it's components (supplied
web server, database, etc.) installed on it is usually sufficient. You can think of it as a single server or standalone
installation. All managed clients are connected directly to the ERA Server via ERA Agent. The administrator can
connect to the ERA Web Console via web browser from any computer on the network or run the Web Console
directly from the ERA Server.
13
1.3.2 Remote Branches with Proxies

In a medium-sized network (for example, 10,000 clients), an additional layer which consists of ERA Proxy servers is
added. ERA Agents are connected to the ERA Proxy server, the reason for the inclusion of the ERA Proxy server can
be a weak link to the remote site (branch office). However, it is still possible to connect the ERA Agents (located on
a remote site) directly to the main server.
14
1.3.3 High Availability (Enterprise)

For enterprise environments (for example, 100,000 clients), additional ERA components should be employed. One
is RD Sensor, which helps to search your network and discover new computers. Another addition is a layer of ERA
Proxy servers. ERA Agents are connected to the ERA Proxy server, thereby balancing the load on the master server
which is important for performance. Using this configuration it is still possible to connect the ERA Agents directly to
the main server. A SQL database is also implemented on a Failover Cluster to provide redundancy.
15
1.3.4 Practical deployment examples (Windows)

For best performance, we recommend that you use Microsoft SQL Server as your ESET Remote Administrator
database. While ESET Remote Administrator is compatible with MySQL, using MySQL can negatively impact system
performance when working with large amounts of data including dashboards, threats and clients. The same
hardware with Microsoft SQL Server is capable of handling about 10x the number of clients as with MySQL.
For testing purposes each client stores about 30 logs in the database. Microsoft SQL Server uses large quantities of
RAM to cache database data, so we recommend that you have at least as much memory as Microsoft SQL Server has
on disk.
There is no easy way to calculate the exact amount of resources used by ESET Remote Administrator since resources
used will vary depending on your network configuration. Below are test results for common network configurations:
Test case - maximum of 5,000 clients connecting to ERA Server
Test case - maximum of 100,000 clients connecting to ERA Server
To achieve the optimum configuration for your needs, we recommend that you test with a smaller number of clients
and slower hardware and project your system requirements based on test results.
TEST CASE (5,000 CLIENTS)
Hardware/software
Windows Server 2003 R2, x86 processor architecture
Microsoft SQL Server Express 2008 R2
Intel Core2Duo E8400 @3 GHz
3 GB RAM
Seagate Barracuda 7200rpm, 500GB, 16MB cache, Sata 3.0 Gb/s
Results
ERA Web Console is very responsive (less than 5s)
Memory consumption:
o Apache Tomcat 200 MB
o ERA Server 200 MB
o SQL Server Database 1 GB
Server replication performance 10 replications per second
Database size on disk 1GB (5,000 clients, each with 30 logs in database)
For this example, SQL Server Express 2008 R2 was used. In spite of its limits (10GB database, 1CPU and 1GB of RAM
usage), this configuration was functional and performed well. Using SQL Server Express is recommended for servers
with less than 5,000 clients. You can deploy SQL Server Express initially and upgrade to Microsoft SQL Server (full
version) when a larger database becomes necessary. Be aware that older Express versions (<2008 R2) have a
database size limit of 4GB on disk.
Server replication performance defines a replication interval for clients. 10 replications per second results in 600
replications per minute. So in an ideal case, the replication interval on all 5000 clients should be set to 8 minutes,
however this would incur a 100% load on the server, so a longer interval is necessary in this case. In this example, a
20-30 minute replication interval is recommended.
16
TEST CASE (100,000 CLIENTS)

Hardware/software
Windows Server 2012 R2 Datacenter, x64 processor architecture
Microsoft SQL Server 2012
Intel Xeon E5-2650v2 @2.60GHz
64 GB RAM
Network adapter Intel NIC/PRO/1000 PT Dual
2x Micron RealSSD C400 256GB SSD Drives (one for system+software, second for SQL Server Data Files)
Results
Web Console is responsive (less than 30s)
Memory consumption
o Apache Tomcat 1 GB
o ERA Server 2 GB
o SQL Server Database 10 GB
Server replication performance 80 replications per second
Database size on disk 10 GB (100,000 clients, each with 30 logs in database)
In this case we chose to install all components (Apache Tomcat + Web Console, ERA Server, SQL Server) on one
machine to test the capacity of the ERA Server.
The large number of clients resulted in increased memory and disk usage by Microsoft SQL Server. SQL Server
chaches almost entirely from the database stored in memory for optimum performance. Apache Tomcat (Web
Console) and ERA Server cache data as well, which explains the increased memory usage in this example.
ERA Server is capable of serving 80 replications per second (288,000 per hour), so in an ideal case, the replication
interval on all 100,000 clients should be set to every ~30 minutes (load 200,000 replications per hour), but this will
result in 100% server load, so the best replication interval to use would be 1 hour (100,000 replication per hour).
Network data usage depends on the number of logs harvested by clients. In this test, this number was about 20 KB
per replication, so 80 replications per second gives us about 1600 KB/s (20 Mbit/s) network speed.
In this example we used a single server scenario. CPU and network load will be better distributed when using
multiple ERA Proxies (more is better). This will distribute both CPU load and network load when servicing client
replications. It is good to distribute network load, particularly for clients in distant locations. Proxy replication
interval to the server can be performed during non-working hours, when network speed from distant locations is
better.
1.4 Supported products and languages

ESET Remote Administrator is able to deploy, activate or manage the following ESET products:
Manageable via ESET Remote Administrator 6
Product version
Activation method
ESET Endpoint Security for Windows
6.x & 5.x
6.x - License Key

5.x - Username/Password
ESET Endpoint Antivirus for Windows
6.x & 5.x
ESET Endpoint Security for OS X

ESET Endpoint Antivirus for OS X
ESET Endpoint Security for Android
ESET File Security for Windows Server
ESET Mail Security for Microsoft Exchange Server
ESET File Security for Microsoft Windows Server
ESET NOD32 Antivirus 4 Business Edition for Mac OS X
6.x
6.x
2.x
6.x
6.x
4.5.x
4.x
6.x - License Key

5.x - Username/Password
License Key
License Key
License Key
License Key
License Key
Username/Password
Username/Password
17
Manageable via ESET Remote Administrator 6
Product version
Activation method
4.x
4.5.x
4.5.x
4.5.x
4.5.x
4.5.x
4.5.x
4.2.76
4.2.76
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
Username/Password
ESET NOD32 Antivirus 4 Business Edition for Linux Desktop

ESET Mail Security for Microsoft Exchange Server
ESET Mail Security for IBM Lotus Domino
ESET Security for Microsoft Windows Server Core
ESET Security for Microsoft SharePoint Server
ESET Security for Kerio
ESET File/Mail/Gateway Security for Linux/FreeBSD
ESET NOD32 Antivirus Business Edition
ESET Smart Security Business Edition
NOTE: ESET Windows Server product versions earlier than those shown in the table above are not currently
manageable using ESET Remote Administrator.
NOTE: See also End of Life policy for ESET business products.
Supported languages
Language
English (United States)
Arabic (Egypt)
Chinese Simplified
Chinese Traditional
Croatian (Croatia)
Czech (Czech Republic)
French (France)
French (Canada)
German (Germany)
Italian (Italy)
Japanese
Korean (Korea)
Polish (Poland)
Portuguese (Brazil)
Russian (Russia)
Spanish (Chile)
Spanish (Spain)
Slovak (Slovakia)
Code
en-US
ar-EG
zh-CN
zh-TW
hr-HR
cs-CZ
fr-FR
fr-FC
de-DE
it-IT
ja-JP
ko-KR
pl-PL
pt-BR
ru-RU
es-CL
es-ES
sk-SK
1.5 Differences to version 5

See the table below and become familiar with main differences between ESET Remote Administrator versions.
Difference
Version 6
Version 5
Console
Web Console (browser-based)
Console (Windows application)
18
Components
Server, Web Console (web interface, Server and Console (Windows

Java and Apache Tomcat needed on program GUI)
server side), Agent, Proxy, Rogue
Detection Sensor, Mobile Device
Connector, Apache HTTP Proxy for
update caching
Computer discovery
Using Rogue Detection Sensor
Using Network Search Task
Remote installation
Possible remote deployment of ERA

Agent, installation of ESET security
products done via ERA agent
Directly, live progress tracking
Remote installation methods
Remote push installation, live

Remote push installion, SSH, WMI,
installer scripts (delivery via e-mail or mail delivery, WSUS, GPO, LogOn
via removable media), GPO, SCCM
script
Support for ESET business products

(6.x)
Yes
Policies
Redesigned policy editor, with

Tree-structured policy configuration
possibility to set force / apply flags, editor
as the final configuration is a result of
multiple policies (merged by agent
into one configuration)
Groups
Static and Dynamic groups. One static Static and Parametric groups
group per computer. Dynamic groups
are evaluated by an Agent, regardless
of connectivity to the Server.
Membership is reported to the
Server.
Reporting
Rich reporting kit allows you to create

individual charts of combined data.
Ability to send reports by e-mail in
CSV or PDF, and to save reports.
Separate report set for web-based

dashboard and extended
customizable general report
templates. Export to HTML, ZIP and
PDF.
Mirror
Apache HTTP Proxy acts as a

transparent proxy/cache for files
downloaded from ESET servers.
Offline mirror tool is available as an
alternative.
Mirror functionality allows you to

store updates/files locally on ERA
Server hard-disk
OS platform support
Windows, Linux, Mac and Virtual

environments (ability to import a
virtual appliance). Server to server
replication is deprecated.
Windows only
Database
MSSQL Express (default), MSSQL,

MySQL (only MySQL supported on
Linux)
ODBC-connected MSAccess (default),

MSSQL, MySQL, Oracle
No
19
2. System requirements
There is a set of hardware, database and software prerequisites which must be met in order to install and operate
ESET Remote Administrator.
2.1 Supported Operating Systems

The following sections describe which operating system versions are supported under Windows, Linux and Mac OS
by particular component of ESET Remote Administrator.
2.1.1 Windows
The following table displays supported Windows operating systems for each ESET Remote Administrator
component:
Operating System
Server
Windows Home Server 2003 SP2

Windows Home Server 2011 x64
Agent
Proxy
X
X
RD Sensor
MDM
X
X
Windows Server 2003 x86 SP2

Windows Server 2003 x86 R2 SP2
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X

Windows Server 2008 x64 R2 CORE
Windows Server 2008 x86
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X

Windows Server 2012 x64 CORE
Windows Server 2012 x64 R2
Windows Server 2012 x64 R2 CORE
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Microsoft SBS 2003 x86 SP2 **

Microsoft SBS 2003 x86 R2 **
Microsoft SBS 2008 x64
Microsoft SBS 2008 x64 SP2 **
Microsoft SBS 2011 x64 Standard
Microsoft SBS 2011 x64 Essentials
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Server
Agent
Proxy
RD Sensor
MDM
Operating System
Windows XP x86 SP3

Windows XP x64 SP2
X
X
X
X
Windows Vista x86 SP2

Windows Vista x64 SP2
X
X
X
X
X
X
Windows 7 x86 SP1

Windows 7 x64 SP1
X*
X*
X
X
X*
X*
X
X
X*
X*
Windows 8 x86
X*
X*
X*
20
Windows 8 x64
X*
X*
X*
Windows 8.1 x86

Windows 8.1 x64
X*
X*
X
X
X*
X*
X
X
X*
X*
Windows 10 x86
Windows 10 x64
X*
X*
X
X
X*
X*
X
X
X*
X*
* Installing ERA components on a client OS might not be aligned with Microsoft licensing policy. Check Microsoft
licensing policy or consult your software supplier for details. In SMB / small network environments, we encourage
you to consider a Linux ERA installation or virtual appliance where applicable.
** Microsoft SQL Server Express included with Microsoft Small Business Server (SBS) is not supported by ESET
Remote Administrator. If you want to run your ERA database on SBS, you must use a newer version of Microsoft SQL
Server Express or MySQL. For more details and instructions, see Installation on Windows SBS / Essentials.
On older Windows operating systems, for example Windows Server 2003, protocol encryption might not be fully
supported on the operating system side. In such a configuration, TLSv1.0 will be used instead of TLSv1.2, (TLSv1.0 is
considered less secure than more recent versions). This situation can also occur when the operating system
supports TLSv1.2 but the client does not. In this case, communication takes place using TLS1.0. To ensure the most
secure communication, we suggest that you use newer operating systems (Windows Server 2008 R2 and later for
servers and Windows Vista and later for clients).
NOTE: It is possible to install VMware Player on a desktop Operating System and deploy the ESET Remote
Administrator virtual appliance. This lets you run ESET Remote Administrator on a non-server OS without the need
for ESXi.
21
2.1.2 Linux
The following table displays supported Linux operating systems for each ESET Remote Administrator component:
Operating System
Server
Agent
Proxy
RD Sensor
MDM
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
CentOS 5 x86
CentOS 5 x64
CentOS 6 x86
CentOS 6 x64
CentOS 7 x86
CentOS 7 x64
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
SLED 11 x86
SLED 11 x64
SLES 11 x86
SLES 11 x64
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
OpenSUSE 13 x86
OpenSUSE 13 x64
X
X
X
X
X
X
X
X
X
X
Debian 7 x86
Debian 7 x64
X
X
X
X
X
X
X
X
X
X
Fedora 19 x86
Fedora 19 x64
Fedora 20 x86
Fedora 20 x64
Fedora 23 x86
Fedora 23 x64
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
X
Ubuntu 12.04 LTS x86 Desktop

Ubuntu 12.04 LTS x86 Server
RHEL 5 x86
RHEL 5 x64
RHEL Server 6 x86
RHEL Server 6 x64
RHEL Server 7 x86
RHEL Server 7 x64
22
2.1.3 OS X
Operating System
OS X 10.7 Lion
OS X 10.8 Mountain Lion
OS X 10.9 Mavericks
OS X 10.10 Yosemite
OS X 10.11 El Capitan
Agent
X
X
X
X
X
NOTE: OS X is supported as a client only. The ERA Agent and ESET products for OS X can be installed on OS X
however ERA Server cannot be installed on OS X.
2.2 Supported Desktop Provisioning Environments

Desktop Provisioning makes device management easier and provides for a faster hand-off of desktop computers to
end users.
Provisioned desktops usually come in two different forms, either physical or virtual. ESET Remote Administrator
supports most of the environments as long as the client machine has a persistent system disk. For virtualized
environments and Streamed OS (Citrix provisioning services), see the list of supported hypervisors and their
extensions below.
Another significant difference is whether the provisioned desktop computer uses persistent or non-persistent
system disk.
Persistent desktop
Non-persistent desktop
Persistent has a personalization layer that will capture

all user data, settings and user-installed applications.
This personalization layer is essential for ERA Agent and
ESET security product due to a number of reasons.
Non-persistent drops the personalization layer after each

use. This means that the user always experiences "fresh"
or "clean" state of the desktop without any user data or
settings.
IMPORTANT: Non-persistent disks are not supported.
System disk on a provisioned machines must be
Persistent. Otherwise, ERA Agent will not work correctly
and multiple issues with ESET security product might
appear on such provisioned desktop computer as a result.
Supported Hypervisors
Citrix XenServer
Microsoft Hyper-V
VMware vSphere
VMware ESXi
VMware Workstation
VMware View
Supported Hypervisor extensions
Citrix VDI-in-a-box
Citrix XenDesktop
Tools
(applies to both virtual and physical machines)
Microsoft SCCM
Windows Server 2012 Server Manager
23
2.3 Hardware
For seamless operation of ESET Remote Administrator, your system should meet the following hardware
requirements:
Memory
Hard Drive
Processor
Network connection
4 GB RAM
At least 20 GB of free space
Dual-Core, 2.0 GHz or faster
1 Gbit/s
2.4 Database
ESET Remote Administrator supports two types of database servers:
Microsoft SQL Server (including Express and non-Express editions) 2008, 2008 R2, 2012, 2014
MySQL (5.5+ is supported, we strongly recommend you to use at least version 5.6)
Specify the database server you want to use when installing ERA Server or ERA Proxy. Microsoft SQL Server Express
is installed by default and is a part of the All-in-one installer. You can use an existing Microsoft SQL Server running in
your environment; however, it must meet minimum requirements.
Database server hardware requirements
Memory
1 GB RAM
Hard Drive
At least 10 GB of free space
Processor Speed
x86 Processor: 1.0 GHz

x64 Processor: 1.4 GHz
Note: A 2.0 GHz or faster processor is recommended for optimum performance.
Processor Type
x86 Processor: Pentium III-compatible processor or faster

x64 Processor: AMD Opteron, AMD Athlon 64, Intel Xeon with Intel EM64T
support, Intel Pentium IV with EM64T support
Additional information
Microsoft SQL Server Express has a 10 GB size limit of the each relational database and cannot be installed on a
Domain Controller. We do not recommend the use of Microsoft SQL Server Express in Enterprise environments or
large networks. If you use Microsoft SBS, we recommend that you install ESET Remote Administrator on a
different server or do not select the SQL Server Express component during installation (this requires you to use
your existing SQL or MySQL Server to run the ERA database).
If you intend to use the dedicated database user account that will have access to the ERA database only, you must
create a user account with specific privileges before installation. For more information, see Dedicated database
user account. Additionally, you will need to create an empty database that will be used by ESET Remote
Administrator.
See also instructions how to install configure MySQL for Windows and MySQL for Linux to work properly with ESET
Remote Administrator. Note that MariaDB is not supported by ESET Remote Administrator.
ERA Server and ERA Proxy do not use an integrated backup. We strongly recommend that you back up your
database server to prevent data loss.
24
2.5 Supported versions of Apache Tomcat

Apache Tomcat 6.x and later (both 32-bit and 64-bit) is supported. Apache Tomcat is a mandatory component
required to run ERA Web Console.
ESET Remote Administrator does not support alpha/beta/RC versions of Apache Tomcat.
2.6 Supported Web browsers for ERA Web Console

The following Web browsers are supported in order to run ERA Web Console properly. JavaScript must be enabled.
Web browser
Version
Note
Mozilla Firefox
Microsoft Internet Explorer
Microsoft Edge
Google Chrome
Safari
Opera
20+
10+
25+
23+
6+
15+
We recommend that you keep Firefox up-to-date.

Compatibility View may not work correctly.
We recommend that you keep Chrome up-to-date.
2.7 Network
It is essential that both ERA Server and client computers managed by ERA have a working Internet connection so that
they can reach the ESET repository and activation servers. If you prefer not to have clients connect directly to the
Internet, you can use a proxy server (not the same as Apache HTTP Proxy or ERA Proxy) to facilitate communication
with your network and the Internet.
Computers managed by ERA should be connected to the same LAN and/or should be in the same Active Directory
domain as your ERA Server. The ERA Server must be visible by client computers. Additionally, client computers must
be able to communicate with your ERA Server to use remote deployment and the wake-up call feature.
Ports used
If your network uses a firewall, see our list of possible network communication ports used when ESET Remote
Administrator and its components are installed in your infrastructure.
2.7.1 Ports used

The charts below list all possible network communication ports used when ESET Remote Administrator and its
components are installed in your infrastructure. Other communication occurs via the native operating system
processes (for example NetBIOS over TCP/IP).
ERA Server:
Protocol
Port
Usage
Descriptions
TCP
2222
ERA Server listening
Communication between ERA Agents and ERA

Server
TCP
2223
ERA Server listening
Communication between ERA Web Console and

ERA Server, used for Assisted installation
ERA Web Console running on the Apache Tomcat web server:

Protocol
Port
Usage
Descriptions
TCP
443
Listening
HTTP SSL Web Console call
25
ERA Proxy:
Protocol
Port
Usage
Descriptions
TCP
2222
Listening
Communication between ERA Agents and ERA

Proxy
Apache HTTP Proxy:

Protocol
Port
Usage
Descriptions
TCP
3128
Listening
HTTP Proxy (update caching)
Protocol
Port
Usage
Descriptions
UDP
1237
Listening
Wake-up call for IPv4
UDP
1238
Listening
Wake-up call for IPv6
ERA Agent:
Mobile Device Connector:

Protocol
Port
Usage
Descriptions
TCP
9977
Internal communication between Mobile Device

Connector and ERA Agent
TCP
9978
Internal communication between Mobile Device

Connector and ERA Agent
TCP
9980
Listening
Mobile device enrollment
TCP
9981
Listening
Mobile device communication
TCP
5223
External communication with Apple Push

Notification services
TCP
2195
Sending notifications to Apple Push Notification

services
TCP
2196
Apple Push Notification feedback service
TCP
443
Fallback on Wi-Fi only, when devices can't reach

APNs on port 5223
ERA Agent - used for remote deployment of ERA Agent to a target computer with Windows OS:
Protocol
Port
Usage
Descriptions
TCP
139
Target port from the point of

view of ERA Server
Using the share ADMIN$
TCP
445

view of ERA Server
Direct access to shared resources using TCP/IP

during remote installation (an alternative to TCP
139)
UDP
137

view of ERA Server
Name resolution during remote install
UDP
138

view of ERA Server
Browse during remote install
The pre-defined ports 2222, 2223 can be changed if they are already in use by other applications.
NOTE: For the proper function of ESET Remote Administrator, none of the ports above can be used by other
applications.
26
NOTE: Make sure to configure any firewall(s) within your network to allow communication via the ports listed
above.
27
3. Installation process
For instructions to upgrade your existing ERA installation, go to Upgrade procedures.
ESET Remote Administrator installers are available in different formats to support different install methods. They
are available in the download section of the ESET website under Remote Administrator 6 (click to expand the
category). Here, you can download the following:
The ERA All-in-one installer package for Windows in a zipped form
An ISO image that contains all installers of ESET Remote Administrator (except ERA Virtual Appliances)
Virtual appliances (OVA files). Deployment of the ERA Virtual Appliance is recommended for users who want to
run ESET Remote Administrator in a virtualized environment or prefer hassle-free installation. See our complete
ERA Virtual Appliance deployment guide for step-by-step instructions.
Step-by-step installation instructions for Linux
Individual installers for each component - for Windows and Linux platform
Do not change the Computer name of your ERA Server machine after installation. See Change of IP address or
hostname on ERA Server for more information.
3.1 All-in-one installation on Windows

ESET Remote Administrator can be installed a few different ways, choose the type of installation that best suits your
needs and environment. The simplest method is to use the ESET Remote Administrator (ERA) All-in-one installer.
This method allows you to install ESET Remote Administrator and its components on a single machine.
Component installation allows for the installation of different components of ESET Remote Administrator on
different machines. This gives you more freedom to customize your installation - you can install each component on
any machine you want, provided that it meets system requirements.
You can install ERA using:
All-in-one package installation of ERA Server, Proxy, Apache HTTP Proxy or Mobile Device Connector
Stand-alone installers for ERA components (component installation)
Custom installation scenarios include:
Installation on Windows Small Business Server / Essentials
Installation with Custom certificates
Installation on a Failover Cluster
Many installation scenarios require you to install different ESET Remote Administrator components on different
machines to accommodate network architectures, meet performance requirements, or for other reasons. The
following installation packages are available for individual ESET Remote Administrator components:
Core components
ERA Server
ERA Web Console
ERA Agent (must be installed on client computers, optional on ERA Server)
Optional components
ERA Proxy
RD Sensor
28
Apache HTTP Proxy

Mirror Tool
For instructions to upgrade ESET Remote Administrator to the latest version (6.x) see our Knowledgebase article.
3.1.1 Install ERA Server

The ERA All-in-one installer is available for Windows operating systems only. This feature allows you to install all
ERA components using the ERA installation Wizard.
1. Double-click the installation package to run it, select Remote Administrator Server and click Next. If necessary,
you can adjust the language settings in the Language drop-down menu before proceeding.
2. After accepting the EULA, click Next. Select the applicable components to install and click Install.
MICROSOFT SQL SERVER EXPRESS:
If you already have other version of Microsoft SQL Server or MySQL installed, or you plan to connect to
different SQL Server, please deselect this component.
You will not be able to install Microsoft SQL Server Express on a Domain Controller. This is likely to happen if
you are using Windows SBS / Essentials. We recommend you install ESET Remote Administrator on a different
server or to use Microsoft SQL Server or MySQL Server to run the ERA database. More information.
IMPORTANTNOT ALL USERS SHOULD INSTALL APACHE HTTP PROXY:
Doing so will create and apply several proxy-based policies for clients automatically, which can affect your
ability to download updates. We recommend that you deselect the check box next to Apache HTTP Proxy. If
you are unsure whether this component is needed; you can install Apache HTTP Proxy later if you want.
What is Apache HTTP Proxy?
29
30
3. If errors are found during the prerequisites check, address them accordingly. Make sure your system meets all
prerequisites.
The following notification may be displayed if your system does not have enough disk space for ERA to install:
There is only 32 MB free on system disk
At least 5000 MB must be free on disk.
31
4. When the prerequisites check is complete and your environment meets all requirements, installation will begin.
5. Enter a valid License Key (included in the new purchase email you received from ESET) and click Next. If you are
using legacy license credentials (Username and Password), convert the credentials to a License Key.
Alternatively, you can choose to Activate later. If you choose Activate later, see the Activation chapter for further
instruction.
32
6. If you chose to have Microsoft SQL Server Express installed in step 2, a database connection check will be
performedskip to Web Console user & server connection. If you have an existing database server, you will be
prompted to enter your database connection details in the next step.
7. If you are using an existing SQL Server or MySQL, configure connection settings accordingly. Enter your Database
name, Hostname, Port number (you can find this information in Microsoft SQL Server Configuration Manager),
and Database account details (Username and Password) into the appropriate fields and then click Next. The
connection to the database will be verified. If you have an existing ERA database (from a previous ERA
installation) on your database server, this will be detected. You can choose to Use existing database and apply
upgrade or Remove existing database and install new version.
NOTE: There are two options when entering Database account information. You can use a dedicated database
user account that will have access only to the ERA database, alternatively an SA account (MS SQL) or root account
(MySQL). If you decide to use a dedicated user account, you need to have this account created with specific
privileges. For details, see Dedicated database user account. If you do not intend to use a dedicated user account,
enter administrator account (SA or root).
If you entered SA account or root account in the previous window, click Yes to continue using the SA/root account
as the database user for ESET Remote Administrator.
33
If you click No, you must select Create new user (if you have not already created one) or Use existing user (if you
have a dedicated database user account as mentioned here).
34
8. You will be prompted to enter a password for the Web Console Administrator account. This password is
important, as you will be using it to log into the ERA Web Console. Click Next.
9. You can leave the fields intact, or enter your corporate information to appear in the details of ERA Agent and ERA
Server certificates. If you choose to enter a password to the Authority password field, be sure to remember it.
Click Next.
10. The installation progress will be displayed.
35
36
11. When the installation is complete, an "ESET Remote Administrator Server installation was successful" message
will display in addition to your ERA Web Console URL address. Click the URL address to open the Web Console, or
click Finish.
If unsuccessful with installation:

Review installation log files of All-in-one installation package, the location of the logs directory is the same as you
run the All-in-one installer, for example:
C:\Users\Administrator\Downloads\x64\logs\
Please refer to the Troubleshooting section.
37
3.1.2 Install ERA Proxy

WARNING: Never install ERA Server and ERA Proxy on the same computer!
1. Make sure all prerequisites are met.
2. Double-click the installation package to run it, select Remote Administrator Proxy and click Next.
3. Select the components that you want to install. If you do not have a database server, you can install Microsoft SQL
Server Express, which is included in the installation package (not recommended for Enterprise and/or large
networks!). You can also install ESET RD Sensor from the installation package.
38
4. If you chose to have Microsoft SQL Server Express installed in step 2, a database connection check will be
performed - skip to Proxy configuration. If you have an existing database server, you will be prompted to enter
your database connection details in the next step.
Enter the following information to allow your database connection:
a. Database: MySQL Server/MS SQL Server/MS SQL Server via Windows Authentication
b. ODBC Driver: MySQL ODBC 5.1 Driver/MySQL ODBC 5.2 Unicode Driver/MySQL ODBC 5.3 Unicode Driver/SQL
Server/SQL Server Native Client 10.0/ODBC Driver 11 for SQL Server
c. Hostname: Hostname or the IP Address of the database server
d. The port used for connection with the Server
e. Database admin account Username/Password
39
If you entered SA account or root account in the previous window, click Yes to continue using the SA/root account
as the database user for ESET Remote Administrator.
If you click No, you must select Create new user (if you have not already created one) or Use existing user (if you
have a dedicated database user account as mentioned here).
40
This step will verify your connection to the database. If the connection is OK, you can proceed to the next step.
5. Configure the proxy connection to ESET Remote Administrator. Enter a Server host (hostname/IP address of the
Server) and Server port (2222).
6. Select a Peer Certificate exported from ERA Web Console and a password for this certificate. Optionally, add a
Certificate Authority. This is only required when unsigned certificates are used.
41
7. The ERA Agent will be installed in addition to ERA Proxy. Follow the steps on-screen to complete installation if
ERA Agent is not already installed.
42
3.1.3 Install ERA Mobile Device Connector (Standalone)

To install Mobile Device Connector as a standalone tool, on a different server than ERA Server is running, complete
following steps.
WARNING: Mobile Device Connector must be accessible from the Internet so that mobile devices can be
managed at all times regardless of their location.
NOTE: Take into account that mobile device communicates with Mobile Device Connector which inevitably
affects usage of mobile data. This applies especially to roaming.
Follow the steps below to install Mobile Device Connector on Windows:
1. Please read the prerequisites first and make sure all are met.
2. Start the installation package. Select Install Mobile Device Connector (Standalone) and click Next.
3. After accepting the EULA, click Next. Select the applicable components to install and click Install.
4. Click Browse, navigate to the location of your SSL certificate for communication via HTTPS, type in the password
for this certificate:
43
5. Specify MDM hostname: this is the public domain or public IP address of your MDM server as it is reachable by
mobile devices from the Internet.
IMPORTANT: MDM hostname must be entered in the same form as specified in your HTTPS Server certificate,
otherwise the iOS mobile device will refuse to install MDM Profile. For example, if there is an IP address specified
in the HTTPS certificate, type in this IP address into the MDM hostname field. In case FQDN is specified (e.g.
mdm.mycompany.com ) in the HTTPS certificate, enter this FQDN in MDM hostname field. Also, if there is a wild card *
used (e.g. *.mycompany.com) in HTTPS certificate, you can use mdm.mycompany.com in the MDM hostname field.
44
6. Installer needs to create new database which will be used by Mobile Device Connector, therefore provide
connection details:
Database: MySQL Server/MS SQL Server/MS SQL Server via Windows Authentication
ODBC Driver: MySQL ODBC 5.1 Driver/MySQL ODBC 5.2 Unicode Driver/MySQL ODBC 5.3 Unicode Driver/SQL
Database name: you can leave predefined name or change it if required
Hostname: hostname or the IP address of your database server
Port: used for connection to the database server
Database admin account Username/Password
NOTE: We recommend using the same database server you are using for ERA database, but it can be different
DB server if required. When you click the Next button, Mobile Device Connector installer will create its
database.
7. Specify user for newly created Mobile Device Connector database. You can Create new user or Use existing
database user. Type in the password for the database user.
8. Enter Server host (name or IP address of your ERA Server) and Server port (default port is 2222, if you are using
different port, then replace the default port with your custom port number).
9. Now you have two options how to continue with the installation:
o Server assisted installation - you will need to provide ERA Web Console administrator credentials (installer will
download required certificates automatically).
1. Enter Server host - name or IP address of your ERA Server and Web Console port (leave default port 2223
if you are not using custom port). Also, provide Web Console administrator account credentials Username/Password.
2. When asked to Accept Certificate, click Yes. Continue to step 9.
o Offline installation - you will need to provide Proxy certificate which can be exported from ESET Remote
Administrator. Alternatively, you can use your custom certificate.
1. Click Browse and navigate to the location with Peer certificate (this is the Proxy certificate you've
exported from ERA). Leave the Certificate password text field blank as this certificate does not require
password. Continue to step 9.
45
NOTE: In case you are using your custom certificates with ERA (instead of the default ones that were
automatically generated during ESET Remote Administrator installation), then use your custom certificates
accordingly.
10. Specify destination folder for Mobile Device Connector (we recommend using default), click Next, then Install.
11. After the installation is complete, check if the Mobile Device Connector is running correctly by opening https://
your-mdm-hostname:enrollment-port (for example https://mdm.company.com:9980) in your web browser or
from a mobile device. If the installation was successful, you will see following message:
12. You can now activate MDM from ERA Remote Administrator.
46
3.1.4 Uninstall components

To uninstall ERA components, run the ERA All-in-one installer that you used during ERA installation and select
Uninstall Remote Administrator components. You can also select Language from the drop-down menu before
proceeding.
NOTE: Before uninstalling Mobile device connector, please read MDM iOS licensing funcionality.
After accepting the EULA, click Next. Select the component(s) you want to uninstall and click Uninstall.
47
NOTE: A computer restart may be required to complete the removal of particular components.
48
3.1.5 Custom certificates with ERA

If you have your own PKI (public key infrastructure) within your environment and want ESET Remote Administrator
to use your custom certificates for communication between its components, the following steps will guide you
through the process of setting it all up.
NOTE: The example shown below was performed on a Windows Server 2012 R2. In case you are using different
version of Windows Server, some screens may slightly vary for you, buy the objective of the procedure remains the
same.
Required server roles:
Active Directory Certificate Services (AD CS).
Active Directory Domain Services.
1. Open Management Console and add Certificates Snap-ins:

Log on to the server as a member of the local Administrator group.
Run mmc.exe to open Management Console.
Click File in the top menu and select Add/Remove Snap-in (or press CTRL+M).
Select Certificates in the left pane and click Add button.
49
Select Computer Account and click Next.

Make sure Local Computer is selected (default) and click Finish.
Click OK.
2. Create Custom Certificate Request:
Double-click Certificates (Local Computer) to expand it.
Double-click Personal to expand it. Right-click Certificates and select All Tasks > Advanced Operations and choose
Create Custom Request...
50
Certificate Enrollment wizard window will open, click Next.

Select the Proceed without enrollment policy option and click Next to continue.
Choose (No Template) Legacy Key from the drop-down list and make sure that PKCS #10 Request format is
selected. Click Next.
51
Expand Details section by clicking the arrow pointing down, then click Properties button.
In the General tab, type in Friendly name for your certificate, you can also type Description (optional).
In the Subject tab, do the following:
In Subject name section, choose Common Name from the drop-down list under Type and enter era server into the
Value field, then click Add button. CN=era server will appear in the information box on the right. If you are creating
certificate request for ERA Agent or ERA Proxy, type era agent or era proxy to the value field of Common name.
52
NOTE: Common Name must contain one of these strings: "server", "agent" or "proxy", depending on which
Certificate Request you want to create.
In Alternative name section, choose DNS from the drop-down list under Type and enter * (asterisk) into the Value
field, then click Add button.
In the Extensions tab, expand Key usage section by clicking the arrow pointing down. Add the following from the
Available options: Digital signature, Key agreement, Key encipherment. Deselect Make these key usages critical
option using the checkbox.
53
In the Private Key tab, do the following:

Expand Cryptographic Service Provider section by clicking the arrow pointing down. You will see a list of all
cryptographic service providers (CSP). Make sure that only Microsoft RSA SChannel Cryptographic Provider
(Encryption) is selected.
54
NOTE: Deselect all other CSPs (except the Microsoft RSA SChannel Cryptographic Provider (Encryption) which
must be selected).
Expand Key Options section. In the Key size menu, select a value of at least 2048. Select Make private key
exportable.
Expand Key Type section, select Exchange option. Click Apply, and check your settings.
Click OK button. Certificate information will be displayed, and click then Next button to continue. Click on Browse
button to select the location where the certificate signing request (CSR) will be saved. Type the file name and make
sure the Base 64 is selected.
55
Click Finish button, your CSR now has been generated.

3. Import Custom Certificate Request and Issue Custom Certificate from Pending Requests.
Open Server Manager, click Tools > Certification Authority.
In the Certification Authority (Local) tree, select Your Server (usually FQDN) > Properties > Policy Module tab,
click Properties... button. Make sure you have Set the certificate request status to pending. The administrator
must explicitly issue the certificate option selected. If not, use the radio button to select this option. Otherwise, it
will not work properly. In case you've changed this setting, restart Active Directory certificate services.
56
In the Certification Authority (Local) tree, select Your Server (usually FQDN) > All Tasks > Submit new request...
and navigate to previously generated CSR file in step 2.
Certificate will be added into Pending Requests. Select the CSR in the right navigation pane. In the Action menu,
select All Tasks > Issue.
4. Export Issued Custom Certificate to .tmp file.

Click Issued Certificates in the left pane. Right-click the certificate you want to export, click All Tasks > Export
Binary Data...
In the Export Binary Data dialog, choose Binary Certificate from the drop-down list and in Export options, click
Save binary data to a file and then click OK.
In the Save Binary Data dialog box, move to the file location where you want to save the certificate, and then click
Save.
5. Import created .tmp file.
Go to Certificate (Local Computer) > right-click Personal, select All Tasks > Import...
Click Next...
Locate previously saved .tmp binary file using Browse... and click Open. Select Place all certificates in the
following store > Personal. Click Next.
The certificate will be imported after you click Finish.
57
6. Export Certificate including private key to .pfx file.

In the Certificates (Local Computer) expand Personal and click Certificates, select created certificate that you want
to export, on the Action menu, point to All Tasks > Export...
In the Certificate Export Wizard, click Yes, export the private key. (This option will appear only if the private key is
marked as exportable and you have access to the private key.)
Under Export File Format, select To include all certificates in the certification path, select the Include all
certificates in the certification path if possible check box and then click Next.
Password, type a password to encrypt the private key you are exporting. In Confirm password, type the same
password again, and then click Next.
58
File name, type a file name and path for the .pfx file that will store the exported certificate and private key. Click
Next, and then click Finish.
7. Once you have your custom .pfx certificate file created, you can configure ERA components to use it.
NOTE: The above example shows you how to create ERA Server certificate. Repeat the same steps for ERA Agent
and ERA Proxy certificates. ERA Proxy certificate can be used by ERA MDM.
Configure ERA Server to start using custom .pfx certificate.
59
To get ERA Agent or ERA Proxy/MDM to use custom .pfx certificate, run repair of the appropriate component.
Navigate to Start > Program and Features, right-click ESET Remote Administrator Agent and select Change. Click Next
button and run Repair. Click Next leaving Server host and Server port as they were. Click Browse button next to Peer
certificate and locate custom .pfx certifiacte file. Type in the certificate's password you've specified in step 6. Click
Next and complete the repair. ERA Agent is now using custom .pfx certificate.
3.1.6 Windows SBS / Essentials

Make sure that all Requirements are met, especially Supported Operating System.
NOTE: Some older Microsoft SBS versions include versions of Microsoft SQL Server Express not supported by ESET
Remote Administrator:
Microsoft SBS 2003 x86 SP2
Microsoft SBS 2003 x86 R2
Microsoft SBS 2008 x64 SP2
If you have any of the above versions of Windows Small Business Server and want to install the ERA database on
Microsoft SBS, you must use a newer version of Microsoft SQL Server Express.
o If you do not have Microsoft SQL Express installed on your SBS, follow the steps below.
o If you do have Microsoft SQL Express installed on your SBS but are not using it, uninstall it and follow the steps
below.
o If you are using the version of Microsoft SQL Server Express that came with SBS, migrate your database to a
version of SQL Express compatible with ERA Server. To do so, back up your databases, uninstall your previous
installation of Microsoft SQL Server Express and follow the steps below to install a compatible version of
Microsoft SQL Server Express and restore databases if required.
1. Download the ERA Installer package in a zipped form from the Download section of the ESET website under
Remote Administrator 6 (click + to expand the category).
60
2. Unzip the installer file you downloaded in step one, open the installers folder and double-click Microsoft SQL
Express installer. In our example we use SQLEXPR_2014_x86_ENU:
o The Installation Center will launch, click New installation or add features to an existing installation to start the
Installation Wizard.
NOTE: In step 8 of the installation process set the Authentication mode to Mixed mode (SQL Server
authentication and Windows authentication).
NOTE: To install ERA Server on SBS, you must allow TCP/IP connections to the SQL Server.
3. Install ESET Remote Administrator by running Setup.exe:
61
4. Select the components you want to install, make sure to deselect Microsoft SQL Server Express and click Install.
3.2 Component installation on Windows

Many installation scenarios require you to install different ESET Remote Administrator components on different
machines to accommodate network architectures, meet performance requirements, or for other reasons. The
following installation packages are available for individual ESET Remote Administrator components:
Core components
ERA Server
ERA Web Console
ERA Agent (must be installed on client computers, optional on ERA Server)
Optional components
ERA Proxy
RD Sensor
Apache HTTP Proxy
Mirror Tool
For instructions to upgrade ESET Remote Administrator to the latest version (6.x) see our Knowledgebase article.
If you want to run installation in your local language, you need to start MSI installer of particular ERA component via
command line.
Below is an example of how to run the installation in the Slovak language:
62
To select the language you want to run the installer in, specify the corresponding TRANSFORMS parameter according
to this table:
Language
English (United States)
Arabic (Egypt)
Chinese Simplified
Chinese Traditional
Croatian (Croatia)
Czech (Czech Republic)
French (France)
French (Canada)
German (Germany)
Italian (Italy)
Japanese
Korean (Korea)
Polish (Poland)
Portuguese (Brazil)
Russian (Russia)
Spanish (Chile)
Spanish (Spain)
Slovak (Slovakia)
Code
en-US
ar-EG
zh-CN
zh-TW
hr-HR
cs-CZ
fr-FR
fr-FC
de-DE
it-IT
ja-JP
ko-KR
pl-PL
pt-BR
ru-RU
es-CL
es-ES
sk-SK
63
3.2.1 Server installation

To install the ERA Server component on Windows, follow these steps:
1. Visit the ESET Remote Administrator 6 download section to download Standalone installers for ERA components.
3. Run the ERA Server installer and accept the EULA if you agree with it.
4. Leave the check box next to This is cluster installation empty and click Next. Is this a cluster installation?
If you are installing ERA Server on a Failover Cluster, select the check box next to This is cluster installation. Specify
the Custom application data path to point to the shared storage for the cluster. The data must be stored at one
location that is accessible by all nodes within the cluster.
5. Enter a valid ERA License Key or choose Activate Later.
6. Select a Service user account. This account will be used to run the ESET Remote Administrator Server Service. The
following options are available:
Network service account
User specified: DOMAIN/USERNAME
64
7. Connect to a Database. All data is stored here (ERA Web Console password, client computer logs, etc.):
Database name: you can leave the predefined name or change it if required
NOTE: ERA Server stores large data blobs in the database, therefore it is necessary to configure MySQL to
accept large packets for ERA to run properly.
This step will verify your connection to the database. If the connection is ok, you can proceed to the next step.
8. Select a user for ESET Remote Administrator that has access to the database. You can use an existing user, or
setup can create one for you.
9. Enter a password for Web Console access.
65
10. ESET Remote Administrator uses certificates for client-server communication. You can either select your own
certificates, or the Server can create new certificates for you.
11. Enter the information for all certificates and password for the Certification authority. Be sure to remember this
password.
12. A new server Peer certificate will be created, select a password for it as well.
13. In the next step, select a password for Agent and Proxy Peer certificates. Optionally, specify additional
information about the certificates (this is not mandatory). You can leave the Authority password field empty, but
if you enter the password, be sure to remember it.
14.Setup can perform an initial Static Group Synchronization task. Select the method (Do not synchronize, Sync with
Windows Network, Sync with Active Directory) and click Next.
15.Confirm or change the installation folder for the server and click Next.
16.Click Install to install the server.
NOTE: Once you have completed the installation of the ERA Server, you can also install ERA Agent on the same
machine (optional). This way you will be able to manage the server itself the same way as you would mange a client
computer.
3.2.1.1 Server prerequisites - Windows

The following prerequisites must be met to install ERA Server on Windows:
You must have a valid license.
Required ports must be open and availablesee the complete list of ports here.
Database server (Microsoft SQL Server or MySQL) installed and running, see database requirements for details. If
you do not have an existing database server, we recommend you to review the SQL Server configuration details in
to have SQL properly configured for use with ESET Remote Administrator.
Java Runtime Environment (JRE) must be installed (you can download it from http://java.com/en/download/),
always use the latest officially released version of Java.
66
Microsoft .NET Framework 3.5 must be installed, if you are running Windows Server 2008 or 2012 you can install it
using the Roles and Features Wizard (as shown below), if you are using Windows Server 2003, you can download
.NET 3.5 here: http://www.microsoft.com/en-us/download/details.aspx?id=21
3.2.2 Microsoft SQL Server requirements

One of the prerequisites for the installation is to have Microsoft SQL Server installed and configured. The following
requirements must be met:
Install Microsoft SQL Server 2008 R2 or later, alternatively you can install Microsoft SQL Server 2008 R2 Express or
later. Choose Mixed mode authentication during installation.
If you have Microsoft SQL Server already installed, set authentication to Mixed mode (SQL Server authentication
and Windows authentication). To do so, follow the instructions in this Knowledgease article.
Allow TCP/IP connections to the SQL Server. To do so, follow instructions in this Knowledgebase article from part
II. Allow TCP/IP connections to the SQL database.
NOTE: For configuring, managing, administering of Microsoft SQL Server (databases and users), download SQL
Server Management Studio (SSMS).
NOTE: If you choose to install Microsoft SQL Server Express during installation, you will not be able to install it on
a Domain Controller. This is likely to happen if you are using Microsoft SBS. If you use Microsoft SBS, we recommend
that you install ESET Remote Administrator on a different server or do not select the SQL Server Express component
during installation (this requires you to use your existing SQL Server or MySQL to run the ERA database). For
instructions to install ERA Server on a Domain Controller, see our Knowledgebase article.
67
3.2.3 MySQL Server installation and configuration

Installation
Download the MySQL Windows Installer from http://dev.mysql.com/downloads/installer/ and execute it.
During the installation setup select Custom > MySQL Server and ODBC Connector to install.
Configuration
Open the following file in a text editor:
C:\ProgramData\MySQL\MySQL Server 5.7\my.ini
Find and edit or append the following configuration into the [mysqld] section of the my.ini file:
max_allowed_packet=33M
For MySQL 5.6.20 and 5.6.21 (you can determine your MySQL version by using mysql -v):
o innodb_log_file_size needs to be set to at least 200 MB (for example innodb_log_file_size=200M)
For MySQL >= 5.6.22:
o innodb_log_file_size*innodb_log_files_in_group needs to be set to at least 200 MB (* denotes
multiplication, the product of the two parameters must be > 200 MB. The minimal value for
innodb_log_files_in_group is 2)
Save and close the file and enter the following command to restart the MySQL server and apply the configuration
(the process name depends on the version of MySQL, version 5.7 = MySQL57 etc.):
net stop mysql57
net start mysql57
Enter following command in Command Prompt to check whether the MySQL server is running:
sc query mysql57
68
3.2.4 Dedicated database user account

If you do not wish to use an SA account (MS SQL) or root account (MySQL), you can create a dedicated database user
account. This dedicated user account will be used to access the ERA database only. We recommend you create a
dedicated database user account within your database server before starting ESET Remote Administrator
installation. Also, you will need to create an empty database that will be accessed by ESET Remote Administrator
using this dedicated user account.
NOTE: There is a minimum set of privileges that must to be granted to a dedicated database user account.
MySQL user privileges:
ALTER, ALTER ROUTINE, CREATE, CREATE ROUTINE, CREATE TEMPORARY TABLES, CREATE VIEW, DELETE, DROP,
EXECUTE, INDEX, INSERT, LOCK TABLES, SELECT, UPDATE, TRIGGER - for more information about MySQL
privileges, see http://dev.mysql.com/doc/refman/5.7/en/grant.html
Microsoft SQL Server database-level roles:
An ERA database user must be a member of the db_owner database role. For more information about
Microsoft SQL Server database-level roles, see https://msdn.microsoft.com/en-us/library/ms189121%
28v=sql.100%29.aspx
3.2.5 Agent installation

This topic covers local ERA Agent installation locally on a client workstation.
NOTE: See the Administration guide or our Knowledgebase article for additional methods to install the ERA Agent
on clients.
To install the ERA Agent component locally on Windows, follow these steps:
2. Run the ERA Agent installer and accept the EULA if you agree with it.
If you are installing ERA Agent on a Failover Cluster, select the check box next to This is cluster installation.
Specify the Custom application data path to point to the shared storage of the cluster. The data must be stored
in one location that is accessible for all nodes within the cluster.
69
4. Enter the Server host (hostname or IP address of your ERA Server or ERA Proxy) and Server port (the default port
is 2222, if you are using a different port, replace the default port with your custom port number).
IMPORTANT: Make sure the Server host matches at least one the values (ideally be FQDN) defined in Host
field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid".
The only exception is in case there is a wild card (*) in Server certificate Host field, which means it will work with
any Server host.
5. Select one of the following installation options and follow the steps from the appropriate section below:
Server-assisted installation - You will need to provide ERA Web Console administrator credentials (installer will
download the required certificates automatically).
Offline installation - You will need to provide an Agent certificate, which can be exported from ESET Remote
3.2.5.1 Server-assisted Agent installation

To continue server-assisted Agent installation from the previous chapter:
Enter the hostname or IP address of your ERA Web Console (same as ERA Server) in the Server host field. Leave Web
Console port set to the default port 2223 if you are not using custom port. Also, enter your Web Console account
credentials in the Username and Password fields.
IMPORTANT: Make sure the Server host matches at least one the values (ideally be FQDN) defined in Host
field of the Server certificate. Otherwise you will get an error saying "Received server certificate is not valid".
The only exception is in case there is a wild card (*) in Server certificate Host field, which means it will work with
any Server host.
2. Click Yes when asked if you want to accept the certificate.
3. Choose Do not create computer or Choose custom static group. If you click Choose custom static group you will be
able to select from a list of existing Static groups in ERA. The computer will be added to the group you've
selected.
4. Specify a destination folder for the ERA Agent (we recommend that you use the default location), click Next and
then click Install.
70
3.2.5.2 Offline Agent installation

To continue offline Agent installation from the previous chapter:
1. Click Browse and navigate to the location of your Peer certificate (this is the Agent certificate you exported from
ERA). Leave the Certificate password text field blank as this certificate does not require a password. You do not
need to browse for a Certification authority - leave this field empty.
NOTE: If you are using a custom certificate with ERA (instead of the default ones that was automatically
generated during ESET Remote Administrator installation), use your custom certificates accordingly.
2. Click Next to install to the default folder or click Change to choose another (we recommend using the default
location).
3.2.5.3 Agent uninstallation and troubleshooting

The ERA Agent can be uninstalled several ways.
Remote uninstallation using ERA Web Console
1. Log in to ERA Web Console.
2. From the Computers pane, select a computer from which you want to remove the ERA Agent and click New task.
Alternatively, select multiple computers by selecting the corresponding check boxes and then click Tasks > New
task.
3. Type a Name for the task.
4. From the Task category drop-down menu select ESET Remote Administrator.
5. From the Task drop-down menu select Stop Managing (Uninstall ERA Agent).
6. Review the task Summary and click Finish.
NOTE: See also Client Task information in the Administrator guide.
Local uninstallation
1. Connect to the endpoint computer where you want to remove the ERA Agent (for example via RDP).
2. Navigate to Control Panel > Programs and Features and double-click ESET Remote Administrator Agent.
3. Click Next > Remove and follow the uninstallation instructions.
IMPORTANT: If you have set up a password using a policy for your ERA Agents, you will need to type the
password during uninstallation. Alternatively, disable the policy first before uninstalling ERA Agent.
Troubleshooting uninstallation of ERA Agent

See log files for ERA Agent.
Uninstallation of ERA Agent using ESET Uninstaller is not possible.
If you wish to uninstall ERA Agent using a non-standard way (such as removing files, removing the ERA Agent
service and registry entries) with presence of an ESET endpoint product on the same machine, it will not be
possible because of an enabled Self-Defense. You can read more about it in our Knowledgebase article.
71
3.2.6 Web Console installation

To install the ERA Web Console component on Windows, follow the steps below:
2. Make sure the following prerequisites are installed:
ERA Server.
Java - always use the latest officially released version of Java (ERA Web Console requires at least Java version 7,
but we strongly recommend that you use the latest version).
Apache Tomcat (a supported version). We recommend to install Apache Tomcat using Windows Service Installer
(.exe).
Web Console file (era.war) saved to your local hard drive.
3. Copy era.war to the Apache Tomcat web applications folder: Navigate to Start > Apache Tomcat > Tomcat
Program Directory and open the webapps folder (on most operating systems - C:\Program Files\Apache Software
Foundation\Tomcat 7.0\webapps\).
4. Allow a few minutes for the file to extract and install ERA Web Console.
5. Restart the Apache Tomcat service. Start > Apache Tomcat > Configure Tomcat. Click Stop, wait for 30 seconds and
then click Start.
6. Open ERA Web Console in your browser: http://localhost:8080/era/, a login screen will be displayed.
NOTE: HTTP port, by default 8080, is set during manual Apache Tomcat installation. You can also set up HTTPS
connection for Apache Tomcat.
3.2.7 Proxy installation

To install the ERA Proxy server component on Windows, follow these steps:
3. Run the ERA Proxy installer and accept the EULA if you agree with it.
If you are installing ERA Proxy on a Failover Cluster, select the check box next to This is cluster installation. If you are
installing on a Failover Cluster, specify the Custom application data path to point to the shared storage of the
cluster. The data must be stored at one location that is accessible by all nodes within the cluster.
5. Select a Service user account. This account will be used to run the ESET Remote Administrator Server Service. The
following options are available:
a. Network service account
b. Custom account: DOMAIN/USERNAME
6. Connect to a Database. All data is stored here, from the ERA Web Console password to client computer logs. You
will be required to enter the following information:
a. Database: MySQL Server/MS SQL Server/MS SQL Server via Windows Authentication
a. ODBC Driver: MySQL ODBC 5.1 Driver/MySQL ODBC 5.2 Unicode Driver/MySQL ODBC 5.3 Unicode Driver/SQL
c. Hostname: The hostname or IP address of your database server
d. The port used to connect to the Server
e. Database name: The hostname or IP address of your database server
f. Database Administrator account Username and Password
g. Your ERA Database username and password
72
This step will verify your connection to the database. If the connection is ok, you can proceed to the next step. An
error message will be displayed if a connection cannot be established.
7. Select a proxy communication port. By default port 2222 is used.
8. Configure the proxy connection to ESET Remote Administrator Server. Enter a Server host (hostname/IP address
of your ERA Server) and the Server port (2222).
IMPORTANT: Make sure the Server host matches at least one the values (ideally be FQDN) defined in Host field
of the Server certificate. Otherwise you will get an error saying 'Received server certificate is not valid'. The only
exception is in case there is a wild card (*) in Server certificate Host field, which means it will work with any Server
host.
9. Select a Peer certificate exported from ERA Web Console and a password for this certificate. Optionally, you can
add a Certificate Authority. This is only required for unsigned certificates.
10.Select a folder where the Proxy will be installed or leave the pre-defined folder selected.
11.Click Install. The Proxy will be installed on your computer.
NOTE: Server-assisted installation is not supported when installing ERA Proxy.
3.2.7.1 Proxy prerequisites

The following prerequisites must be met in order to install ERA Proxy server component on Windows:
WARNING: Never install ERA Server and ERA Proxy on the same computer!
ERA Server and the ERA Web Console installed (on a Server computer).
Proxy Certificate created and downloaded to your local drive.
Certificate Authority prepared on your local drive.
A valid license.
A database server already installed and configured. Make sure you met Microsoft SQL requirements.
An ODBC Driver for the connection to the database server (MySQL / MS SQL) installed on the computer.
ERA Agent must be installed on a local computer to fully support all program features.
ERA Proxy log file are available for troubleshotting.
3.2.8 RD Sensor installation

To install the RD Sensor component on Windows, follow these steps:
3. Double-click the RD Sensor installer file to begin installation.
4. Select the location where RD Sensor will be installed and click Next > Install.
3.2.8.1 RD Sensor prerequisites

The following prerequisites must be met in order to install the RD Sensor component on Windows:
WinPcap - use the latest WinPcap version (at least 4.1.0)
Network should be properly configured (appropriate ports open, incoming communication not being blocked by a
firewall, etc.)
ERA Server reachable
ERA Agent must be installed on the local computer to fully support all program features
Rogue Detection Sensor log file can be found here: C:\ProgramData\ESET\Rouge Detection Sensor\Logs\
73
3.2.9 Mobile Device Connector installation

To install the Mobile Device Connector component for ESET Remote Administrator Server, please complete
following steps.
WARNING: Mobile Device Connector must be accessible from the Internet so that mobile devices can be
managed at all times regardless of their location.
2. Please read the prerequisites first and make sure all are met.
3. Run the Mobile Device Connector installer and accept the EULA if you agree with it.
4. Click Browse, navigate to the location of your SSL certificate for communication via HTTPS, type in the password
for this certificate:
5. Specify MDM hostname: this is the public domain or public IP address of your MDM server as it is reachable by
mobile devices from the Internet.
IMPORTANT: MDM hostname must be entered in the same form as specified in your HTTPS Server certificate,
otherwise the iOS mobile device will refuse to install MDM Profile. For example, if there is an IP address specified
in the HTTPS certificate, type in this IP address into the MDM hostname field. In case FQDN is specified (e.g.
mdm.mycompany.com ) in the HTTPS certificate, enter this FQDN in MDM hostname field. Also, if there is a wildcard *
used (e.g. *.mycompany.com) in HTTPS certificate, you can use mdm.mycompany.com in the MDM hostname field.
6. Installer needs to create new database which will be used by Mobile Device Connector, therefore provide
connection details:
Database name: you can leave predefined name or change it if required
NOTE: We recommend using the same database server you are using for ERA database, but it can be different DB
server if required. When you click the Next button, Mobile Device Connector installer will create its database.
7. Specify user for newly created Mobile Device Connector database. You can Create new user or Use existing
database user. Type in the password for the database user.
8. Enter Server host (name or IP address of your ERA Server) and Server port (default port is 2222, if you are using
different port, then replace the default port with your custom port number).
9. Now you have two options how to continue with the installation:
o Server assisted installation - you will need to provide ERA Web Console administrator credentials (installer will
1. Enter Server host - name or IP address of your ERA Server and Web Console port (leave default port 2223
if you are not using custom port). Also, provide Web Console administrator account credentials Username/Password.
2. When asked to Accept Certificate, click Yes. Continue to step 9.
o Offline installation - you will need to provide Proxy certificate which can be exported from ESET Remote
1. Click Browse and navigate to the location with Peer certificate (this is the Proxy certificate you've
exported from ERA). Leave the Certificate password text field blank as this certificate does not require
password. Continue to step 9.
74
NOTE: In case you are using your custom certificates with ERA (instead of the default ones that were
automatically generated during ESET Remote Administrator installation), then use your custom certificates
accordingly.
10. Specify destination folder for Mobile Device Connector (we recommend using default), click Next, then Install.
11. After the installation is complete, check if the Mobile Device Connector is running correctly by opening https://
your-mdm-hostname:enrollment-port (for example https://mdm.company.com:9980) in your web browser or
from mobile device. If the installation was successful, you will see following message: MDM Server up and
running!
12. You can now activate MDM from ESET Remote Administrator.
3.2.9.1 Mobile Device Connector prerequisites

The following prerequisites must be met in order to install Mobile Device Connector on Windows:
Public IP address or public domain accessible from the Internet.
NOTE: If you need to change hostname of your MDM Server, you can do so in its configuration file. Keep in mid, if
you change hostname of your MDM Server, you might need to import new HTTPS Server certificate that includes this
new hostname in order for MDM to continue working correctly.
Ports open and available see the complete list of ports here. We recommend using default ports numbers 9981
and 9980, but these can also be changed in configuration file of your MDM Server if needed. Make sure that
mobile devices are able to connect via specified ports. Change your firewall and/or network settings (if
applicable) to make this possible. For more information about MDM architecture click here.
Firewall settings - if installing Mobile Device Connector on non-server OS such as Windows 7 (for evaluation
purpose only), make sure to allow communication ports by creating firewall rules for:
C:\Program Files\ESET\RemoteAdministrator\MDMCore\ERAMDMCore.exe, TCP port 9980
C:\Program Files\ESET\RemoteAdministrator\MDMCore\ERAMDMCore.exe, TCP port 9981
C:\Program Files\ESET\RemoteAdministrator\Server\ERAServer.exe, TCP port 2222
NOTE: Actual paths to .exe files may vary depending on where each of the ERA components is installed on
your client OS system.
A database server already installed and configured. Make sure you met Microsoft SQL or MySQL requirements.
RAM usage of MDM connector is optimized so there can be maximum of 48 "ESET Remote Administrator MDMCore
Module" processes running concurrently and if the user connects more devices, the processes will then
periodically change for each device that currently needs to use the resources.
75
Certificate requirements
IMPORTANT: You will need an SSL certificate in .pfx format for secure communication over HTTPS. We
recommend that you use the certificate provided by CA. Self-signed certificates are not recommended because not
all mobile devices let users to accept self-signed certificates. This isn't an issue with CA signed certificates, because
they are trusted and do not require acceptance by the user.
NOTE: You need to have certificate signed by CA, and corresponding private key, and utilize standard procedures,
to merge those (traditionally using OpenSSL) into one .pfx file:
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out httpsCredentials.pfx
This is a standard procedure for most servers which are using SSL certificates.
IMPORTANT: In the case of Offline installation, you will also need an Agent certificate exported from ESET
Remote Administrator. Alternatively, you can use your custom certificate with ERA.
3.2.9.2 Mobile Device Connector activation

After you have installed Mobile Device Connector, you need to activate it with ESET Endpoint Security for Android
license:
1. Add the ESET Endpoint Security for Android license to ERA License Management following steps described here.
2. Activate Mobile Device Connector using Product Activation Client Tasks, procedure is the same as when activating
any ESET security product on a client computer, where in this case Mobile Device Connector is client computer.
76
3.2.9.3 MDM iOS licensing funcionality

Since ESET does not offer an application on the Apple App Store, Mobile Device Connector component currently
stores all licensing details for iOS devices.
Licenses are per-device and can be activated using a Product Activation Task (same as Android).
Devices which are not activated or devices with expired licenses will display a red protection status and the "License
not activated" message. These devices will refuse to handle tasks, set policies and deliver non-critical logs.
During uninstallation of MDM, if Keep Database is selected, licenses taken will not be deactivated. These licenses
can be reused if MDM is reinstalled on this database, removed via ESET Remote Administrator or deactivated using
ESET License Administrator. When moving to another MDM server, you will need to perform the Product Activation
Task again.
3.2.9.4 Import HTTPS certificate chain for MDM

There is a requirement to provide entire certificate chain for MDM HTTPS Server. This is required mainly where 3rd
party Certification Authority signed certificate is used to establish trust between the device and mobile browser.
Entire certificate chain must be present in pkcs12 container ( pfx file) set as HTTPS Server certificate. Certificate
chain also must be imported into Intermediate Certification Authorities store on local computer.
Run mmc.exe to open Management Console.
Select File > Add/Remove Snap-in or (CTRL+M).
Under Available snap-ins select Certificates and click Add.

Select Computer Account for the certificates to manage, click Next.
77
Select Local Computer and press Finish.

Click OK to return to the Management Console.
Select Intermediate Certification Authorities, in context menu select All Tasks > Import.
Select MDM HTTPs certificate file and Import.

Restart the ESET Remote Administrator Mobile
Device Connector
service.
NOTE: If this is not performed, MDM HTTPS Server will send only Server certificate, not the entire chain
(intermediate CAs).
78
3.2.10 Apache HTTP Proxy installation and cache

To install Apache HTTP Proxy on Windows, follow these steps:
IMPORTANT: If you already have Apache HTTP Proxy installed on Windows and want to upgrade it to the most
recent version, proceed to Upgrading Apache HTTP Proxy.
2. Open ApacheHttp.zip and extract the files to C:\Program Files\Apache HTTP Proxy
NOTE: If you want to install Apache HTTP Proxy on a different hard drive, C:\Program Files\ must be replaced
with the corresponding path in the instructions below and in the httpd.conf file located in the Apache HTTP Proxy
\bin directory. For example, if you extract the content of ApacheHttp.zip to D:\Apache Http Proxy, then C:
\Program Files\ must be replaced with D:\Apache Http Proxy.
3. Open an administrative command prompt and CD to C:\Program Files\Apache HTTP Proxy\bin
4. Execute the following command:
httpd.exe -k install -n ApacheHttpProxy
5. Using a text editor such as Notepad, open the httpd.conf file and add the following lines at the bottom of the file:
ServerRoot "C:\Program Files\Apache HTTP Proxy"
DocumentRoot "C:\Program Files\Apache HTTP Proxy\htdocs"
<Directory "C:\Program Files\Apache HTTP Proxy\htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
CacheRoot "C:\Program Files\Apache HTTP Proxy\cache"
NOTE: If you wish the cache directory to be located somewhere else, for example on another disk drive, such
as D:\Apache HTTP Proxy\cache, then in the last line of the code above change "C:\Program Files\Apache
HTTP Proxy\cache" to "D:\Apache HTTP Proxy\cache" .
6. Start the Apache HTTP Proxy service using the following command:
sc start ApacheHttpProxy
7. You can verify that the Apache HTTP Proxy service is running in the services.msc snap-in (look for
ApacheHttpProxy). By default, the service is configured to start automatically.
Follow the steps below to configure a username and password for Apache HTTP Proxy (recommended):
1. Stop the ApacheHttpProxy service by opening an elevated command prompt and executing the following
command:
sc stop ApacheHttpProxy
2. Verify the presence of the following modules in C:\Program Files\Apache HTTP Proxy\conf\httpd.conf:
LoadModule
LoadModule
LoadModule
LoadModule
authn_core_module modules\mod_authn_core.dll
authn_file_module modules\mod_authn_file.dll
authz_groupfile_module modules\mod_authz_groupfile.dll
auth_basic_module modules\mod_auth_basic.dll
3. Add the following lines to C:\Program Files\Apache HTTP Proxy\conf\httpd.conf under <Proxy
*> :
AuthType Basic
AuthName "Password Required"
AuthUserFile password.file
AuthGroupFile group.file
Require group usergroup
79
4. Use the htpasswd command to create a file named password.file in the folder Apache HTTP Proxy\bin\ (you will
be prompted for password):
htpasswd.exe -c ..\password.file username
5. Manually create the file group.file in the folder Apache HTTP Proxy\ with the following content:
usergroup:username
6. Start the ApacheHttpProxy service by executing the following command in an elevated command prompt:
7. Test the connection to HTTP Proxy by accessing the following URL in your browser:
http://localhost:3128/index.html
NOTE: Once you have successfully completed installation of Apache HTTP Proxy, you have the option to allow
ESET communication only (blocking all other traffic - default) or allow all traffic. Perform the necessary configuration
changes as described here:
Forwarding for ESET communication only
Proxy chaining (all traffic)
The following command will display a list of content which is currently cached:
C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe -a -p "C:\ProgramData\Apache HTTP Proxy\cache"
Use the htcacheclean tool to clean up the disk cache. The recommended command (setting cache size to 10 GB and
cached files limit to ~2000) is shown here:
"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -n -t^
-p"C:\ProgramData\Apache HTTP Proxy\cache" -l10000M -L12000
To schedule cache clean up every hour run:

schtasks /Create /F /RU "SYSTEM" /SC HOURLY /TN ESETApacheHttpProxyCleanTask^
/TR "\"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe\"^
-n -t -p \"C:\ProgramData\Apache HTTP Proxy\cache\" -l10000M -L12000"
If you choose to allow all traffic, the recommended commands are:

"C:\Program Files\Apache HTTP Proxy\bin\htcacheclean.exe" -n -t^
-p"C:\ProgramData\Apache HTTP Proxy\cache" -l10000M
schtasks /Create /F /RU "SYSTEM" /SC HOURLY /TN ESETApacheHttpProxyCleanTask
/TR "\"C:\Program Files\Apache HTTP Proxy\bin/htcacheclean.exe\"^
-n -t -p \"C:\ProgramData\Apache HTTP Proxy\cache\" -l10000M"
NOTE: The ^ character right after end of line in the commands above is essential, if it is not included the
command will not execute correctly.
For more information, visit our Knowledgebase article or the Apache Authentication and Authorization
documentation.
3.2.11 Mirror tool

The mirror tool is necessary for offline virus signature database updates. If your client computers do not have an
Internet connection and need virus database updates, you can use the Mirror tool to download update files from
ESET update servers and store them locally.
NOTE: The mirror tool downloads virus database definitions only, it does not download PCUs (Program
Component Updates). To update your ESET security product on offline client computers, we recommend that you
upgrade the product using the Software Install client task in ERA. Alternatively, you can upgrade products
individually.
80
Prerequisites
The target folder must be available for sharing, Samba/Windows or HTTP/FTP service, depending on how you
want to have the updates accessible.
You must have a valid Offline license file that includes the Username and Password. When generating a license
file, be sure to select the mark the check box next to Include Username and Password. Also, you must enter a
License filename.
Visual C++ Redistributables for Visual Studio 2010 must be installed on the system.
There is no installation step, the tool consists of two files:
o Windows:
MirrorTool.exe
and updater.dll
o Linux:
MirrorTool
and updater.so
Usage
81
To see Mirror tool help, run MirrorTool
--help
to view all available commands for the tool:
The parameter --updateServer is optional. When you use it, you must specify the full URL of the update server.
The parameter --offlineLicenseFilename is mandatory. You must specify a path to your offline license file (as
mentioned above).
To create a mirror, run the MirrorTool with at least the minimal required parameters. Here is an example:
o Windows:
MirrorTool.exe --mirrorType regular --intermediateUpdateDirectory
c:\temp\mirrorTemp --offlineLicenseFilename c:\temp\offline.lf --outputDirectory c:\temp\mirror
o Linux:
sudo ./MirrorTool --mirrorType regular --intermediateUpdateDirectory /tmp/mirrorTool/mirrorTemp
--offlineLicenseFilename /tmp/mirrorTool/offline.lf --outputDirectory /tmp/mirrorTool/mirror
Mirror tool and Update settings

To automate the distribution of virus database updates, you can create a schedule to run the Mirror tool. To do so,
open your Web Console and navigate to Client Tasks > Operating System > Run Command. Select Command line to
run (including a path to the MirrorTool.exe) and a reasonable trigger (such as CRON for every hour 0 0 * * * ? *).
Alternatively, you can use the Windows Task Scheduler or Cron in Linux.
To configure updates on a client computer(s), create a new policy and configure Update server to point to your
mirror address or shared folder.
82
3.2.12 Failover Cluster

Below are the high-level steps required to install ESET Remote Administrator in a Failover Cluster environment.
1. Create a Failover Cluster with a shared disk:
a. Instructions to create a failover cluster in Windows Server 2012
b. Instructions to create a failover cluster in Windows Server 2008
2. In the Create Cluster Wizard enter the desired hostname (make up one) and IP address.
3. Get the shared disk of the cluster online on node1 and install ERA Server using the standalone installer on it.
Make sure that This is a cluster installation is selected during installation and select the shared disk as application
data storage. Make up a hostname and enter it for the Server certificate of ERA Server next to the pre-filled
hostnames. Remember this hostname and use it in step no. 6 when creating the ERA Server Role in the Cluster
Manager.
4. Stop ERA Server on node1, bring the shared disk of the cluster online on node2 and install ERA Server using the
standalone installer on it. Make sure that This is a cluster installation is selected during installation. Choose the
shared disk as application data storage. Keep database connection and certificate information intact, they were
configured during installation of ERA Server on node1.
5. Configure your firewall to allow incoming connections on all ports used by ERA Server.
6. In the cluster configuration manager create and start a Role (Configure Role > Select Role > Generic service ...) for
the ERA Server service . Select the ESET Remote Administrator Server service from the list of available services. It
is very important to use the same hostname for the Role as was used in step 3 concerning the Server certificate.
7. Install ERA Agent on all cluster nodes using the standalone installer. In the Agent configuration and Connection to
Remote Administrator screens use the hostname you used in step no. 6. If prompted, make sure This is a cluster
installation is not selected, and store Agent data on the local node (not on the cluster disk).
NOTE: The term Role is available in Windows server 2012 only. In Windows server 2008 Services and
applications is used instead.
8. ERA database and web server (Apache Tomcat) are not supported on a cluster, therefore they have to be installed
on a non-clustered disk or a different machine.
Web Console can be easily installed on a separate computer and properly configured to connect to ERA Server
cluster Role. After Web Console is installed, locate its configuration file at:
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps\era\WEB-INF\classes\sk\eset\era
\g2webconsole\server\modules\config\EraWebServerConfig.properties
open the file via Notepad or any other simple text editor. In the line server_address=localhost replace localhost
with the IP address or hostname of the ERA Server cluster Role.
83
3.3 Component installation on Linux

In most installation scenarios, you need to install different ESET Remote Administrator components on different
machines to accommodate different network architectures, meet performance requirements, or for other reasons.
For step-by-step ERA Server installation, follow the instructions included in this section.
To upgrade ESET Remote Administrator for Linux to the latest version (6.x) see the Component upgrade task chapter
or our Knowledgebase article.
Note that in builds later than Fedora version 22 the yum command is replaced by the
Fedora version 22 or later, use dnf instead of yum.
dnf
command. If you use
Core components
ERA Server
ERA Web Console
ERA Agent
a Database server
Optional components
ERA Proxy
RD Sensor
Apache HTTP Proxy
Mirror Tool
3.3.1 Step-by-step ERA Server installation on Linux

In this installation scenario we will simulate step-by-step installation of ERA Server and ERA Web Console. You
must be able to use the sudo command or install under root privileges to complete the installation.
Before installation, verify that the database server is present in your network and make sure you have access to it
on your local/remote server. If no database server is installed, install and configure a new one. We will simulate
installation using MySQL.
Notes:
ERA Linux components (Agent, Server, Web Console) are standalone installations. You can find these installation
files in the ESET Remote Administrator 6 Standalone Installers category available on the ESET website.
To install ERA Server on SUSE Linux Enterprise Server (SLES), follow the instructions from our Knowledgebase
article.
1. Install required packages for ERA Server.

2. Navigate to the folder where you downloaded ERA Server and make the installation package executable:
chmod +x Server-Linux-x86_64.sh
3. Configure the connection to MySQL server, as shown in the MySQL configuration topic.
4. Verify the configuration of the MySQL ODBC driver as shown in the ODBC configuration topic.
5. Customize the installation parameters and execute the ERA Server installation. See Server installation - Linux for
more information.
6. Install the required java and tomcat packages for ERA Web Console as shown in the ERA Web Console
prerequisites topic.
7. Deploy and test the ERA Web console, as shown in the ERA Web Console installation topic.
84
8. Install ERA Agent on the server machine.

Note: If you experience problems with HTTPS connection to ERA Web Console, see our article on HTTPS/SSL
connection set up.
3.3.2 MySQL installation and configuration

Installation
If you have already installed and configured MySQL, proceed to Configuration.
MariaDB is a default database in many Linux environments, however, it is not supported by <%
ESET_REMOTE_ADMINISTRATOR%>! Please make sure to install MySQL for <%ESET_REMOTE_ADMINISTRATOR%> to
work properly.
Installation of MySQL will differ depending on the Linux distribution and version used:
Debian and Ubuntu distributions
Use the following command to install MySQL:
sudo apt-get install mysql-server
Advanced installation: https://dev.mysql.com/doc/refman/5.7/en/linux-installation-apt-repo.html

CentOS, Red Hat and Fedora distributions
sudo yum install mysql-server
Advanced installation: https://dev.mysql.com/doc/refman/5.7/en/linux-installation-yum-repo.html

OpenSUSE distribution
sudo zypper install mysql-community-server
Manual installation
Download and install MySQL Community Server edition from:
http://dev.mysql.com/downloads/
Configuration
Run the following command to open the my.cnf (my.ini for Windows installation) file in a text editor:
sudo nano /etc/mysql/my.cnf
(if the file is not present, try /etc/my.cnf)

Append the following configuration to the [mysqld] section of the my.cnf file:
max_allowed_packet=33M
For MySQL 5.6.20 and 5.6.21 (you can determine your MySQL version by using mysql -v):
o innodb_log_file_size needs to be set to at least 200 MB (for example innodb_log_file_size=200M)
For MySQL >= 5.6.22:
o innodb_log_file_size*innodb_log_files_in_group needs to be set to at least 200 MB (* denotes
multiplication, the product of the two parameters must be > 200 MB. The minimal value for
innodb_log_files_in_group is 2)
Save and close the file and enter the following command to restart the MySQL server and apply the configuration (in
some cases, the service name is mysqld):
sudo service mysql restart
Run the following command to set up MySQL including privileges and password (this is optional and may not work
for some Linux distributions):
85
/usr/bin/mysql_secure_installation
Enter the following command to check whether the MySQL server is running:
sudo netstat -tap | grep mysql
If the MySQL server is running, the following line will be displayed. Note that the process identifier - PID (7668 in
the example below) will be different:
tcp
0 localhost:mysql
*:*
LISTEN
7668/mysqld
3.3.3 ODBC installation and configuration

Installation
To install the MySQL ODBC (Open Database Connectivity) driver, run the following command from a terminal
prompt:
sudo apt-get install libmyodbc libodbc1
CentOS, Red Hat and Fedora distributions
sudo yum install mysql-connector-odbc
sudo zypper install myodbc-unixbox
Configuration
Run the following command to open the odbcinst.ini file in a text editor:
sudo nano /etc/odbcinst.ini
Copy the following configuration into the odbcinst.ini file (make sure the paths to Driver and Setup are correct),
then save and close the file:
[MySQL]
Description = ODBC for MySQL
Driver = /usr/lib/x86_64-linux-gnu/odbc/libmyodbc.so
Setup = /usr/lib/x86_64-linux-gnu/odbc/libodbcmyS.so
FileUsage = 1
If you are using a 32-bit Ubuntu version, use Driver and Setup keys and change the path to:
/usr/lib/i386-linux-gnu/odbc/
The Driver may be in a different location for some distributions. You can find the file using the following command:
sudo find /usr -iname "*libmyodbc*"
ERA products require the MySQL driver to support multi-threading. This is the default for newer unixODBC package
versions (2.3.0 or newer). Older versions require explicit threading configuration. If you have an older version
(command odbcinst --version will show you your version), add the following parameter to the odbcinst.ini file:
Threading = 0
Update the configuration files that control ODBC access to database servers on the current host by running the
following command:
sudo odbcinst -i -d -f /etc/odbcinst.ini
86
3.3.4 Server installation - Linux

Installation of the ERA Server component on Linux is performed using a command in the Terminal. You can prepare
an installation script and then execute it using sudo. Make sure all prerequisites are met before you begin
installation.
Note: To install ERA Server on SUSE Linux Enterprise Server (SLES), follow the instructions from our
Knowledgebase article.
Example of an installation script
(New l i nes a re s pl i t by "\" for copyi ng the whol e comma nd to Termi na l )
sudo ./Server-Linux-x86_64.sh \
--skip-license \
--db-driver=MySQL \
--db-hostname=127.0.0.1 \
--db-port=3306 \
--db-admin-username=root \
--db-admin-password=Admin123 \
--server-root-password=Admin123 \
--db-user-username=root \
--db-user-password=Admin123 \
--cert-hostname="10.1.179.46;Ubuntu64-bb;Ubuntu64-bb.BB.LOCAL"
The ERA Server and the eraserver service will be installed in the following location:
/opt/eset/RemoteAdministrator/Server
You can modify the following attributes:
Attribute
Description
--uninstall
Uninstalls the product
--keep-database
Database will not be removed during uninstallation
--locale
The locale identifier (LCID) of installed server (default value is

en_US ). See supported languages for possible options.
Note: You can set a language for each ERA Web Console session.
Installation will not ask user for license agreement confirmation
--skip-license
Required
Yes
Skip generation of certificates (please use together with the -server-cert-path parameter)
ESET license key. This can be set later.
Global unique identifier of the product. If this is not set, it will

be generated.
ESET Remote Administrator (ERA) server port (default value is
2222 )
ESET Remote Administrator console port (default value is 2223)
Yes
--db-hostname
Password for Web Console login of the user "Administrator",

must be at least 8 characters long
The yype of database that will be used (possible values: MySQL
Server , Microsoft SQL Server )
ODBC driver used for connecting to database (command
odbcinst -q -d gives a list of available drivers, use one of this
drivers for example: --db-driver="MySQL")
Computer name or IP address of the database server
--db-port
Port of the database server (default value is 3306)
Yes
--skip-cert
--license-key
--product-guid
--server-port
--console-port
--server-root-password
--db-type
--db-driver
Yes
Yes
87
Attribute
Description
--db-name
Name of ERA Server database (default value is era_db)
--db-admin-username
Database administrator username (used by installation for

creating and modifying database). This parameter can be
omitted if there is a previously created database user defined
by --db-user-username and --db-user-password
Database administrator password This parameter can be omitted
if there is a previously created database user defined by --dbuser-username and --db-user-password
Database ERA Server user username (used by ERA Server for
connecting to database); should be no longer than 16 characters
Database ERA Server user password
Yes
Yes
--server-cert-password
Contains all the possible names and/or the IP of the computer

that ERA Server will be installed on. This will need to match with
the server name specified in the Agent certificate that tries to
connect to the server.
Path to server peer certificate (use this option if you specified -skip-cert as well)
Password of server peer certificate
--agent-cert-password
Password of Agent peer certificate
--cert-auth-password
Certificate Authority password
--cert-auth-path
Path to the Server's Certificate Authority file
--cert-auth-common-name
Certification authority common name (use "")
--cert-organizational-unit
--cert-organization
--cert-locality
--cert-state
--cert-country
--cert-validity
--ad-server
Certificate validity in days or years (specify in argument --certvalidity-unit )

Unit for certificate validity, possible values are 'Years' or
'Days' (default value is Years)
Active Directory server
--ad-user-name
Name of the user who has rights to search the AD network
--ad-user-password
Active Directory user password
--ad-cdn-include
Active Directory tree path, which will be synchronized for; use

empty brackets "" to synchronize a whole tree
--db-admin-password
--db-user-username
--db-user-password
--cert-hostname
--server-cert-path
--cert-validity-unit
Installer log
The installer log may be useful for troubleshooting and can be found in Log files.
88
Required
-
Yes
Yes
Yes
After installation, verify that the ERA Server service is running using the command shown below:
service eraserver status
3.3.4.1 Server prerequisites - Linux

The following prerequisites must be met to install ERA Server on Linux:
You must have a valid license.
A database server must be installed and configured with a root account. A user account does not have to be
created prior to the installation, the installer can create the account.
NOTE: ERA Server stores large data blobs in the database, therefore it is necessary to configure MySQL to accept
large packet size for ERA to run properly.
ODBC Driver - ODBC Driver is used to establish connection with the database server (MySQL / MS SQL).
Configure the server installation file set as an executable. To do so, use the following terminal command:
chmod +x Server-Linux-x86_64.sh
The minimum supported version of openSSL is openssl-1.0.1e-30 (the command openssl

version)
version
shows current
Xvfb - Required for proper report printing (Generate Report) on Linux Server systems without a graphical
interface.
Cifs-utils - Required for proper Agent deployment to a Windows OS.
Qt4 WebKit libraries - Used for printing reports to PDF and PS format (must be version 4.8, not 5). All other Qt4
dependencies will be installed automatically. In the case of CentOS, there may be no package in the official
repositories. You can install it from a third-party repository (for example EPEL repositories) or compile it yourself
on a target machine.
Kinit + klist - Used for Kerberos authentication during the AD synchronization task and login with a domain user.
Also a proper Kerberos configuration is required (/etc/krb5.conf).
Wbinfo + ntlm auth - Used for authentication with the domain accounts + NTLM authentication with SMTP server
(sending emails).
Ldapsearch - Used in AD synchronization task.
Snmptrap - Used to send SNMP traps. Optional if this functionality wont be used. SNMP also requires
configuration.
89
SELinux devel package - Used during product installation to build SELinux policy modules. This is only required on
systems with SELinux enabled (CentOS, Fedora, RHEL). SELinux may cause problems with other applications. For
ERA Server it is not necessary.
The table below contains the appropriate terminal commands for each package described above for both Debian
and Ubuntu distributions and Centos, Red Hat and Fedora distributions:
CentOS, Red Hat and Fedora

distributions
yum install mysql-connector-odbc
zypper install unixodbc

myodbc-unixbox
yum install xorg-x11-server-Xvfb
zypper install xorg-x11-server-extra
yum install cifs-utils
zypper install cifs-utils
See our Knowledgebase article.
zypper install libqtwebkit4
ODBC Driver
apt-get install unixodbc
libmyodbc
xvfb
apt-get install xvfb
cifs-utils
apt-get install cifs-utils
Qt4 WebKit libraries

apt-get install libqtwebkit4
kinit+klist - optional (it is necessary for Active Directory service)

apt-get install krb5-user
yum install krb5-workstation
zypper install krb5
yum install samba-winbind-clients
zypper install samba-winbind
wbinfo + ntlm_auth
apt-get install winbind
ldapsearch
apt-get install ldap-utils ldap-utils
yum install openldap-clients
libsasl2-modules-gssapi-mit
cyrus-sasl-gssapi cyrus-sasl-ldap
zypper install openldap2-client

cyrus-sasl-gssapi
cyrus-sasl-ldap-auxprop
snmptrap
apt-get install snmp
yum install net-snmp-utils net-snmpzypper install net-snmp
SELinux devel package (optional; SELinux may cause problems with other applications. For ERA Server it is not
necessary.)
apt-get install selinux-policy-dev
y um install policycoreutils-devel
zypper install selinux-policy-devel
samba
apt-get install samba
yum install samba

samba-winbind-clients
zypper install samba samba-client
3.3.5 Agent installation - Linux

Installation of the ERA Agent component on Linux is performed using a command in the Terminal. Make sure all
prerequisites are met. Connection to the ERA Server is resolved using the parameters --hostname and --port (port is
not used when an SRV record is provided). Possible connection formats are:
Hostname and port
IPv4 address and port
IPv6 address and port
Service record (SRV record) - to configure the DNS resource record in Linux, the computer must be in a domain
with a working DNS server. See DNS resource record.
90
The SRV record must start with the prefix "_NAME._tcp" where 'NAME' represents custom naming (for example,
'era').
./Agent-Linux-x86_64.sh \
--skip-license \
--cert-path=/home/admin/Desktop/agent.pfx \
--cert-auth-path=/home/admin/Desktop/CA.der \
--cert-password=N3lluI4#2aCC \
--hostname=10.1.179.36 \
--port=2222
Attribute
Description
--skip-license
--cert-path
Local path to the Agent certificate file (more about certificate)
--cert-auth-path
Path to the Server's Certificate Authority file (more about authority)
--cert-password
Certificate Authority password. Must match the Agent's certificate password
--hostname
Hostname or IP address of ERA Server (ERA Proxy) to connect
--port
ERA Server or ERA Proxy port (default value is 2222)
Optional parameters
Attribute
Description
--product-guid
Product GUID (if not defined, it will be generated)
--cert-content
Base64 encoded content of PKCS12 encoded public key certificate plus private key
used to set up secure communication channels with Server and Agents. Use only
one of the --cert-path or --cert-content options.
--cert-auth-content
Base64 encoded content of DER encoded certificate authority private key

certificate used to verify remote peers (Proxy or Server). Use only one of the -cert-auth-path or --cert-auth-content options.
--webconsole-hostname
Hostname or IP address used by Web console to connect to the server (if left
empty, value will be copied from 'hostname')
--webconsole-port
Port used by Web Console to connect to the server (default value is 2223)
--webconsole-user
Username used by Web Console to connect to the server (default value is

Administrator )
--webconsole-password
Password used by Web Console to connect to the server
Connection and certificates

Connection to the ERA Server must be provided: --hostname, --port (port is not needed if service record is
provided, the default port value is 2222)
Provide this connection information for Server-assisted installation: --webconsole-port, --webconsole-user,
--
webconsole-password
Provide certificate information for Offline installation: --cert-path, --cert-password

Installation parameters --cert-path and --cert-auth-path require certification files ( .pfx and .der) which can
be exported from ERA Web Console. (Read how to export the .pfx file and the .der file)
Password type parameters
91
Password type parameters can be provided as environment variables, files, read from stdn or provided as plain text,
i.e.:
--password=env:SECRET_PASSWORD where SECRET_PASSWORD is an environment variable with password
--password=file:/opt/secret where first line of regular file /opt/secret contains your password
--password=stdin instructs the installer to read the password from standard input
--password="pass:PASSWORD" is equal to --password="PASSWORD" and is mandatory if the actual password is
"stdin" (standard input) or a string starting with "env:" , "file:" or "pass:"
Installer log
To see if the installation was successful, verify that the service is running by executing the following command:
sudo service eraagent status
3.3.5.1 Agent prerequisites - Linux

The following prerequisites must be met in order to install ERA Agent component on Linux:
The server computer must be reachable from the network and has ERA Server and ERA Web Console installed
A Certificate for the Agent must be present
A server Certification Authority public key file must be present
The Agent installation file must be set as an executable (run chmod +x on the file to set this)
Minimum supported version of openssl is openssl-1.0.1e-30
3.3.6 Web Console installation - Linux

Before installing the ERA Web Console component, make sure all prerequisites are met. Follow these steps to
install ERA Web Console:
1. Run the following commands to copy the era.war file to the Tomcat folder:
sudo cp era.war /var/lib/tomcat7/webapps/
CentOS, RedHat and Fedora distributions
sudo cp era.war /var/lib/tomcat/webapps/
sudo cp era.war /usr/share/tomcat/webapps/
Alternatively, you can extract the contents of era.war to /var/lib/tomcat/webapps/era/

2. Run the following command to restart the Tomcat service and deploy the .war file:
sudo service tomcat7 restart
sudo service tomcat restart
sudo service tomcat restart
Test the connection to ERA Web Console after installation. Open the following link in your browser on localhost (a
login screen should be displayed):
http://localhost:8080/era
or, if you access the server remotely, http://IP_ADDRES_OR_HOSTNAME:8080/era
NOTE: HTTP port, by default 8080, is set during manual Apache Tomcat installation. You can also set up HTTPS
connection for Apache Tomcat.
92
3.3.6.1 ERA Web Console prerequisites - Linux

The following prerequisites must be installed before you install the ERA Web Console component on Linux:
Java - always use the latest officially released version of Java (ERA Web Console requires at least Java version 7
(or openjdk), but we strongly recommend to use the latest version)
Apache Tomcat (a supported version)
Web Console file (era.war) saved to your local hard drive.
To install the Java and/or Apache Tomcat package(s), use the following terminal commands depending on your
Linux distribution(s):
sudo apt-get install openjdk-7-jdk tomcat7
sudo yum install java-1.8.0-openjdk tomcat
sudo zypper install java-1_8_0-openjdk tomcat
3.3.7 Proxy installation - Linux

2. Run an installation script to install the Proxy server. See an example of the installation script below.
Connection settings
A target must be specified with a:
Hostname
IPv4 address
IPv6 address
DNS resource record - The Linux computer must be in the domain - see the chapter DNS Resource record.
Port must be specified: use port 2222 for both Server and Proxy.
./Proxy-Linux-x86_64.sh \
--db-hostname=10.1.179.28 \
--db-name=era_6_db_proxy \
--db-admin-username=sa \
--db-admin-password=admin.1 \
--db-user-username=tester \
--db-user-password=Admin.1 \
--db-port=1433 \
--db-type="MS SQL Server" \
--db-driver=SQL \
--skip-license \
--hostname=10.1.179.30 \
--port=2222 \
--cert-path=/home/adminko/Desktop/proxy.pfx \
--cert-auth-path=/home/adminko/Desktop/CA-server.der \
--cert-password=root \
--server-root-password=jjf#jDjr
You can modify the following attributes:

Attribute
Description
--db-hostname
Computer name or IP address of the database server (default

value is localhost)
Name of the database to be used (default value is era_db or
era_proxy_db )
--db-name
Required
Yes
Yes
93
Attribute
Description
--db-admin-username
Database administrator username (used by installation for

creating and modifying database; default value is root)
Database administrator password
Database ERA Server user username (used by ERA Server for
connecting to database); should be no longer than 16 characters
Database ERA Server user password
Port of the database server (default value is 3306)
Type of database, which will be used (possible values: MySQL
Server , MS SQL Server ; default value is MySQL Server )
ODBC driver used for connecting to database (command
odbcinst -q -d gives a list of available drivers, use one of this
drivers for example: --db-driver="MySQL")
Hostname or IP address of the Server (default value is
localhost )
Server port (default value is 2222) or Proxy port (default value is
1236 )
Port which will be used by proxy (default value is 2222)
Product GUID (if not defined, it will be generated)
Local path to the Proxy certificate file
Base64 encoded content of PKCS12 encoded public key
certificate plus private key used to set up secure communication
channels with Server and Agents
Path to the Server's Certificate Authority file
Base64 encoded content of DER encoded certificate authority
private key certificate used to verify remote peers (Proxy or
Server)
Certificate Authority password. Must match the Agent's
certificate password (can be empty if password was not used in
peer certificate)
Database will not be removed during uninstallation
--db-admin-password
--db-user-username
--db-user-password
--db-port
--db-type
--db-driver
--skip-license
--hostname
--port
--proxy-port
--product-guid
--cert-path
--cert-content
--cert-auth-path
--cert-auth-content
--cert-password
--keep-database
Required
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes*
Yes*
Yes**
Yes**
Yes
* Use only one of the --cert-path or --cert-content options.

** Use only one of the --cert-auth-path or --cert-auth-content options.
To verify whether the installation was successful, use the following command to verify whether the service is
running:
sudo service eraproxy status
94
3.3.7.1 Proxy prerequisites - Linux

The following prerequisites must be met in order to install Proxy component on Linux:
ERA Server and the ERA Web Console installed (on a Server computer).
An ODBC Driver for the connection to the Database Server (MySQL / MS SQL) installed on the computer.
A Database Server already installed and configured.
Proxy Certificate Proxy Certificate created and downloaded to your local drive (When creating a new certificate,
select Proxy as the Product).
Certificate Authority prepared on your local drive.
A valid license.
ERA Agent must be installed on a local computer to fully support all program features.
Proxy installation file set as an executable. ( chmod +x Proxy-Linux-x86_64.sh)
Minimum supported version of openssl is openssl-1.0.1e-30
3.3.8 RD Sensor installation and prerequisites - Linux

To install the RD Sensor component on Linux, follow these steps:
1. Make sure the following prerequisites are met:
o The Network can be searched (ports are open, the firewall is not blocking incoming communication, etc. ).
o The Server computer can be reached.
o ERA Agent must be installed on the local computer to fully support all program features.
o The Terminal is open.
o RD Sensor installation file set as an executable:
chmod +x RDSensor-Linux-x86_64.sh
2. Use the following command to run the installation file as sudo:

sudo ./RDSensor-Linux-x86_64.sh
3. Read the End-User License Agreement. Use Space bar to proceed to the next page of the EULA.
You will be prompted to specify whether you accept the license. Press Y on your keyboard if you agree, otherwise
press N.
4. ESET Rogue Detection Sensor will start after installation is completed.
5. To see if installation was successful, verify that the service is running by executing the following command:
sudo service rdsensor status
6. The Rogue Detection Sensor log file can be found in Log files:
/var/log/eset/RogueDetectionSensor/trace.log
95
3.3.9 Mobile Device Connector installation - Linux

You can install Mobile Device Connector on a different server than the one on which your ERA Server is running. For
example if you want to make Mobile Device Connector accessible from the internet so that the user's mobile
devices can be managed at all times.
Installation of the ERA Server component on Linux is performed using a command in the Terminal. Make sure all
prerequisites are met. You can prepare an installation script and then execute it using sudo.
There are many optional installation parameters, but some of them are required.
Your ERA Peer Certificate is required for installation. There are two methods to get the ERA peer certificate:
Server assisted installation - you will need to provide ERA Web Console administrator credentials (installer will
Offline installation - you will need to provide a Peer Certificate (the Proxy certificate exported from ESET Remote
Administrator). Alternatively, you can use your custom certificate.
Installation command parameters that must be provided:
HTTPS (Proxy) certificate:
--https-cert-path=
--https-cert-password=
Peer Certificate:
For a Server assisted installation at least include:
--webconsole-password=
For an Offline installation include:

--cert-path=
--cert-password=
(password is not needed for the default Agent Certificate created during initial ERA Server
installation)
Connection to ERA Server (name or IP address):
--hostname=
For a MySQL database include:

--db-type="MySQL Server"
--db-driver=
--db-admin-username=
--db-admin-password=
--db-user-password=
For a MSSQL database include:

--db-type="Microsoft SQL Server"
--db-driver=
--db-admin-username=
--db-admin-password=
--db-user-password=

sudo ./MDMCore-Linux-x86_64-0.0.0.0.sh \
--https-cert-path="./proxycert.pfx" \
--https-cert-password="123456789" \
--port=2222 \
--db-type="MySQL" \
--db-driver="MySQL" \
--db-admin-username="root" \
--db-admin-password=123456789 \
--db-user-password=123456789 \
--db-hostname="127.0.0.1" \
--webconsole-password=123456789 \
--hostname=username.LOCAL \
--mdm-hostname=username.LOCAL
96
For a complete list of available parameters (print help message), use:

--help
Installer log
After installation is complete, check to see if the Mobile Device Connector is running correctly by opening https://
your-mdm-hostname:enrollment-port (for example https://eramdm:9980) in your web browser. If the installation
was successful, you will see following message:
You can also use this URL to check the availability of the Mobile Device Connector server from the internet (if
configured in such a way) by visiting it from a mobile device. If you are unable to reach the page, check your firewall
and the configuration of your network infrastructure.
3.3.9.1 Mobile Device Connector prerequisites - Linux

The following prerequisites must be met in order to install Mobile Device Connector on Linux:
A Database Server already installed and configured with a root account (a user account doesn't have to be created
prior to installation, the installer can create the account).
An ODBC Driver for the connection to the database server (MySQL / MS SQL) installed on the computer.
apt-get install unixodbc libmyodbc (Debi a n, Ubuntu di s tri buti ons )
yum install mysql-connector-odbc (CentOS, Red-Ha t, Fedora di s tri buti ons )
zypper install unixodbc myodbc-unixbox (OpenSUSE di s tri buti ons )
NOTE: You should use unixODBC_23 package (not the default unixODBC) in order for the ERA Server to connect to
the MySQL database without any issues. This is especially true for SUSE Linux.
o MDMCore installation file set as an executable.
chmod +x MDMCore-Linux-x86_64.sh
o After installation, verify that MDMCore service is running.

service mdmcore status
o The minimum supported version of openSSL is openssl-1.0.1e-30

NOTE: If your MDM database on MySQL is too large (thousands of devices) the default innodb_buffer_pool_size
value is too small. For more information database optimizing see: http://dev.mysql.com/doc/refman/5.6/en/
optimizing-innodb-diskio.html
IMPORTANT: You will need an SSL certificate in .pfx format for secure communication over HTTPS. We
recommend that you use a certificate provided by a Certificate Authority(CA). Self-signed certificates are not
recommended because not all mobile devices let users to accept self-signed certificates. This isn't an issue with CA
signed certificates, because they are trusted and do not require acceptance by the user.
97
NOTE: You need to have certificate signed by CA, and corresponding private key, and utilize standard procedures,
to merge those (traditionally using OpenSSL) into one .pfx file:
openssl pkcs12 -export -in certificate.cer -inkey privateKey.key -out httpsCredentials.pfx
This is a standard procedure for most servers which are using SSL certificates.
IMPORTANT: For Offline installation, you will also need a Peer certificate (the Agent certificate exported from
ESET Remote Administrator). Alternatively, you can use your custom certificate with ERA.
3.3.10 Apache HTTP Proxy installation - Linux

Choose the installation steps of Apache HTTP Proxy according to Linux distribution you use on the server:
Generic Linux installation information of Apache HTTP Proxy
1. Install Apache HTTP Server (at least version 2.4.10).
2. Ensure the following modules are loaded:
access_compat, auth_basic, authn_core, authn_file, authz_core, authz_groupfile,
authz_host, proxy, proxy_http, proxy_connect, cache, cache_disk
3. Add the caching configuration:

CacheEnable disk http://
CacheDirLevels 4
CacheDirLength 2
CacheDefaultExpire 3600
CacheMaxFileSize 200000000
CacheMaxExpire 604800
CacheQuickHandler Off
CacheRoot /var/cache/apache2/mod_cache_disk
4. If the directory /var/cache/apache2/mod_cache_disk does not exist, create it and assign Apache privileges
(r,w,x).
5. Add Proxy configuration:
ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
6. Enable the added caching proxy and configuration (if configuration is in the main Apache configuration file, you
can skip this step).
7. If required, change listening to your desired port (port 3128 is set by default).
8. Optional basic authentication:
o Add authentication configuration to the proxy directive:
AuthType Basic
AuthUserFile /etc/apache2/password.file
AuthGroupFile /etc/apache2/group.file
o Create a password file using htpasswd.exe
-c
o Manually create a file named group.file with usergroup:username

9. Restart the Apache HTTP Server.
Ubuntu Server 14.10 and other Debian-based Linux distributions installation of Apache HTTP Proxy
1. Install the latest version of Apache HTTP Server from apt repository:
98
sudo apt-get install apache2
2. Execute the following command to load required Apache modules:

sudo a2enmod access_compat auth_basic authn_core authn_file authz_core authz_groupfile
authz_host proxy proxy_http proxy_connect cache cache_disk
3. Edit the Apache caching configuration file:

sudo vim /etc/apache2/conf-available/caching.conf
and copy/paste the following configuration:

CacheEnable disk http://
CacheDirLevels 4
CacheDirLength 2
CacheDefaultExpire 3600
CacheMaxFileSize 200000000
CacheMaxExpire 604800
CacheQuickHandler Off
CacheRoot /var/cache/apache2/mod_cache_disk
4. This step should not be required, but if the caching directory is missing, run following commands:
sudo mkdir /var/cache/apache2/mod_cache_disk
sudo chown www-data /var/cache/apache2/mod_cache_disk
sudo chgrp www-data /var/cache/apache2/mod_cache_disk
5. Edit the Apache proxy configuration file:

sudo vim /etc/apache2/conf-available/proxy.conf
and copy/paste the following configuration:

ProxyRequests On
ProxyVia On
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
6. Enable the configuration files you have edited in the latest steps:
sudo a2enconf caching.conf proxy.conf
7. Switch the listening port of Apache HTTP Server to 3128. Edit the file /etc/apache2/ports.conf and replace Listen
80 with Listen 3128 .
8. Optional basic authentication:
sudo vim /etc/apache2/conf-available/proxy.conf
copy/paste authentication configuration before </Proxy>:

AuthType Basic
AuthUserFile /etc/apache2/password.file
AuthGroupFile /etc/apache2/group.file
install apache2-utils and create a new password file (for example username: user, group: usergroup):
sudo apt-get install apache2-utils
sudo htpasswd -c /etc/apache2/password.file user
create file with groups:

sudo vim /etc/apache2/group.file
and copy/paste the following line:

usergroup:user
9. Restart the Apache HTTP Server using the following command:

99
sudo service apache2 restart
Forwarding for ESET communication only

To allow forwarding ESET communication only, remove the following:
<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
also add the following:

<Proxy *>
Deny from all
</Proxy>
#*.eset.com:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s
Allow from all
</ProxyMatch>
#*.eset.eu:
Allow from all
</ProxyMatch>
#Antispam module (ESET Mail Security only):
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mails
Allow from all
</ProxyMatch>
#Services (activation)
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs
Allow from all
</ProxyMatch>
#ESET servers accessed directly via IP address:
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([
Allow from all
</ProxyMatch>
To allow forwarding all communication, add the following:

<Proxy *>
Order deny,allow
Deny from all
Allow from all
</Proxy>
also remove the following:

<Proxy *>
Deny from all
</Proxy>
#*.eset.com:
ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?([a-zA-Z0-9-]{0,63}\.)?[a-zA-Z0-9-]{0,63}\.[e,E][s,
Allow from all
</ProxyMatch>
#*.eset.eu:
Allow from all
</ProxyMatch>
100
#Antispam module (ESET Mail Security only):

<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(ds1-uk-rules-1.mailshell.net|ds1-uk-rules-2.mails
Allow from all
</ProxyMatch>
#Services (activation)
<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(edf-pcs.cloudapp.net|edf-pcs2.cloudapp.net|edfpcs
Allow from all
</ProxyMatch>
#ESET servers accessed directly via IP address:

<ProxyMatch ^([h,H][t,T][t,T][p,P][s,S]?://)?([^@/]*@)?(91.228.165.|91.228.166.|91.228.167.|38.90.226.)([
Allow from all
</ProxyMatch>
Proxy chaining (all traffic)

Add the following to the proxy configuration (password is working only on child proxy):
ProxyRemote * http://IP_ADDRESS:3128
3.3.11 Squid HTTP Proxy installation on Ubuntu Server 14.10

You can use Squid proxy instead of Apache on Ubuntu Server. To install and configure Squid on Ubuntu Server 14.10
(and similar Debian-based Linux distributions), follow the steps below:
1. Install the Squid3 package:
sudo apt-get install squid3
2. Edit the Squid configuration file /etc/squid3/squid.conf and replace:

#cache_dir ufs /var/spool/squid3 100 16 256
with:
cache_dir ufs /var/spool/squid3 5000 16 256
max-size=200000000
NOTE: 5000 is cache size in MB.

3. Stop the squid3 service.
sudo service squid3 stop
sudo squid3 z
4. Edit the Squid configuration file again and add http_access

all clients to access the proxy.
allow all
before http_access
deny all
to allow
5. Restart the squid3 service:

sudo service squid3 restart
3.3.12 Mirror tool

The mirror tool is necessary for offline virus signature database updates. If your client computers do not have an
Internet connection and need virus database updates, you can use the Mirror tool to download update files from
ESET update servers and store them locally.
NOTE: The mirror tool downloads virus database definitions only, it does not download PCUs (Program
Component Updates). To update your ESET security product on offline client computers, we recommend that you
upgrade the product using the Software Install client task in ERA. Alternatively, you can upgrade products
individually.
Prerequisites
101
The target folder must be available for sharing, Samba/Windows or HTTP/FTP service, depending on how you
want to have the updates accessible.
You must have a valid Offline license file that includes the Username and Password. When generating a license
file, be sure to select the mark the check box next to Include Username and Password. Also, you must enter a
License filename.
Visual C++ Redistributables for Visual Studio 2010 must be installed on the system.
There is no installation step, the tool consists of two files:
o Windows:
MirrorTool.exe
and updater.dll
o Linux:
MirrorTool
Usage
102
and updater.so
To see Mirror tool help, run MirrorTool
--help
to view all available commands for the tool:
The parameter --updateServer is optional. When you use it, you must specify the full URL of the update server.
The parameter --offlineLicenseFilename is mandatory. You must specify a path to your offline license file (as
mentioned above).
To create a mirror, run the MirrorTool with at least the minimal required parameters. Here is an example:
o Windows:
MirrorTool.exe --mirrorType regular --intermediateUpdateDirectory
c:\temp\mirrorTemp --offlineLicenseFilename c:\temp\offline.lf --outputDirectory c:\temp\mirror
o Linux:
sudo ./MirrorTool --mirrorType regular --intermediateUpdateDirectory /tmp/mirrorTool/mirrorTemp
--offlineLicenseFilename /tmp/mirrorTool/offline.lf --outputDirectory /tmp/mirrorTool/mirror
Mirror tool and Update settings

To automate the distribution of virus database updates, you can create a schedule to run the Mirror tool. To do so,
open your Web Console and navigate to Client Tasks > Operating System > Run Command. Select Command line to
run (including a path to the MirrorTool.exe) and a reasonable trigger (such as CRON for every hour 0 0 * * * ? *).
Alternatively, you can use the Windows Task Scheduler or Cron in Linux.
To configure updates on a client computer(s), create a new policy and configure Update server to point to your
mirror address or shared folder.
103
3.3.13 Failover Cluster - Linux

The following refers to ESET Remote Administrator installation and configuration on a Red Hat high-availability
cluster.
Linux Cluster Support
ESET Remote Administrator Server or ERA Proxy components can be installed on Red Hat Linux 6 cluster and higher.
Failover Cluster is only supported in active/passive mode with the cluster manager rgmanager.
Prerequisites
Active/passive cluster must be installed and configured. Only one node can be active at a time, other nodes must
be on standby. Load balancing is not supported.
Shared storage - iSCSI SAN, NFS and other solutions are supported (any technology or protocol which provides
block based or file based access to shared storage, and makes the shared devices appear like locally attached
devices to the operating system). Shared storage must be accessible from each active node in the cluster, and the
shared file system must be properly initialized (for example, using the EXT3 or EXT4 file system).
The following HA add-ons are required for system management:
o rgmanager
o Conga
rgmanager is the traditional Red Hat HA cluster stack. It is a mandatory component.
The Conga GUI is optional. The Failover Cluster can be managed without it, however we recommend that you
install it for best performance. In this guide we assume that it is installed.
Fencing must be properly configured in order to prevent data corruption. The cluster administrator must configure
fencing if it is not already configured.
If you do not already have a cluster running, you can use the following guide to set up a high-availability Failover
Cluster (active/passive) on Red Hat: Red Hat Enterprise Linux 6 Cluster Administration.
Scope
ESET Remote Administrator components that can be installed on a Red Hat Linux HA cluster:
ERA Server with ERA Agent
ERA Proxy with ERA Agent
NOTE: ERA Agent must be installed, otherwise the ERA cluster service will not run.
NOTE: Installation of the ERA Database or ERA Web Console on a cluster is not supported.
The following installation example is for a 2-node cluster. However, you can install ESET Remote Administrator on a
multi-node cluster using this example as a reference only. The cluster nodes in this example are named node1 and
node2.
Installation steps
1. Install ERA Server or ERA Proxy on node1.
o Please note that the hostname in the Server or Proxy certificate must contain the external IP (or hostname) of
the clusters interface (not local IP or hostname of the node).
2. Stop and disable the ERA Server (or ERA Proxy) Linux services using the following commands:
service eraserver stop
chkconfig eraserver off
3. Mount shared storage to node1. In this example, the shared storage is mounted to /usr/share/erag2cluster.
104
4. In /usr/share/erag2cluster, create the following directories:

/usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/log/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/opt/eset/RemoteAdministrator/Server
5. Move recursively the following directories to the destinations shown below (source > destination):
Move folder:
Move to:
/etc/opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator
/opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/opt/eset/RemoteAdministrator
/var/log/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/log/eset/RemoteAdministrator
/var/opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/opt/eset/RemoteAdministrator
6. Create symbolic links (this may require to create new folders manually):
ln
ln
ln
ln
-s
-s
-s
-s
/usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator/Server /etc/opt/eset/RemoteAdministrator/S
/usr/share/erag2cluster/opt/eset/RemoteAdministrator/Server /opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/log/eset/RemoteAdministrator/Server /var/log/eset/RemoteAdministrator/S
/usr/share/erag2cluster/var/opt/eset/RemoteAdministrator/Server /var/opt/eset/RemoteAdministrator/S
7. Copy the eracluster_server ( eracluster_proxy) script found in the setup director of ERA Server or ERA Proxy to /
usr/share/cluster. The scripts do not use the .sh extension in the setup directory.
cp /opt/eset/RemoteAdministrator/Server/setup/eracluster_server /usr/share/cluster/eracluster_server.sh
8. Unmount the shared storage from node1

9. Mount the shared storage to the same directory on node2 as you mounted to on node1 (/usr/share/erag2cluster).
10. On node2, create the following symbolic links:
ln
ln
ln
ln
-s
-s
-s
-s
/usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator/Server /etc/opt/eset/RemoteAdministrator/S
/usr/share/erag2cluster/opt/eset/RemoteAdministrator/Server /opt/eset/RemoteAdministrator/Server
/usr/share/erag2cluster/var/log/eset/RemoteAdministrator/Server /var/log/eset/RemoteAdministrator/S
/usr/share/erag2cluster/var/opt/eset/RemoteAdministrator/Server /var/opt/eset/RemoteAdministrator/S
11. Copy the eracluster_server or ( eracluster_proxy) script found in the setup director of ERA Server or ERA Proxy
to /usr/share/cluster. The scripts do not use the .sh extension in the setup directory.
cp /opt/eset/RemoteAdministrator/Server/setup/eracluster_server /usr/share/cluster/eracluster_server.sh
The next steps are performed in Conga Cluster Administration GUI:

12. Create a Service Group, for example EraService.
The ESET Remote Administrator cluster service requires three resources: IP address, file system and script.
13. Create the necessary service resources.
Add an IP address (external cluster address where Agents will connect), file system and Script resources.
The file system resource should point to the shared storage.
The mount point of the file system resource should be set to /usr/share/erag2cluster.
The Full Path to Script File parameter of the Script resource should be set to /usr/share/cluster/
eracluster_server (or /usr/share/cluster/eracluster_proxy).
14. Add the above resources to the EraService group.
After the Server cluster is successfully set up, install ERA Agent on both nodes on the local disk (not on the shared
cluster disk). When using the --hostname= command, you must specify the external IP address or hostname of the
cluster's interface (not localhost!).
105
3.3.14 How to uninstall or reinstall a component - Linux

If you want to reinstall or upgrade to a more recent version, run the installation script again.
To uninstall a component (in this case ERA Server), run the installer with the --uninstall parameter, as shown below:
sudo ./Server-Linux-x86_64.sh --uninstall --keep-database
If you want to uninstall other component, use appropriate package name in the command. For example ERA Agent:
sudo ./Agent-Linux-x86_64.sh --uninstall
IMPORTANT: Configuration and database files will be removed during uninstallation. To preserve database files,
create a SQL dump of the database or use the --keep-database parameter.
After uninstalling, verify whether
the service eraserver is deleted.
the folder /etc/opt/eset/RemoteAdministrator/Server/ is deleted.
NOTE: We recommend that you create a database dump backup before performing uninstallation in case you
need to restore your data.
3.4 Component installation on Mac OS X

In most installation scenarios, you need to install different ESET Remote Administrator components on different
machines to accommodate different network architectures, meet performance requirements, or for other reasons.
NOTE: OS X is supported as a client only. The ERA Agent and ESET products for OS X can be installed on OS X
however ERA Server cannot be installed on OS X.
3.4.1 Agent installation - Mac OS X

These steps apply when performing a local installation of the Agent.
1. Make sure all prerequisites are met:
ERA Server and the ERA Web Console are installed (on a Server computer).
An Agent certificate is created and prepared on your local drive.
A Certification Authority is prepared on your local drive. (Only needed for unsigned certificates)
NOTE: Should you experience problems when deploying ERA Agent remotely (the Server task Agent
deployment ends with a Failed status) please refer to Agent deployment troubleshooting.
2. Get the installation file (standalone agent installer .dmg). You can get it:
o from the ESET download site
o from your system administrator
3. Double click the .dmg file and then start the installation by double clicking the .pkg file .
4. Proceed through the installation and when asked enter the Server connection data: Server host (hostname or IP
address of the ERA Server) and the Server port (by default 2222).
5. Select a Peer certificate and a password for this certificate. Optionally, you can add a Certification authority.
6. Review the install location and click Install. The Agent will be installed on your computer.
7. The ERA Agent log file can be found here:
/Library/Application Support/com.eset.remoteadministrator.agent/Logs/
/Users/%user%/Library/Logs/EraAgentInstaller.log
106
3.5 Database
ESET Remote Administrator uses a database to store client data. The following sections detail the installation,
backup, upgrade and migration of the ERA Server/ERA Proxy database:
Review database compatibility and system requirements for ERA Server.
If you do not have a database configured for use with ERA Server, Microsoft SQL Server Express is included with
the installer.
If you use Microsoft Small Business Server (SBS) or Essentials, we recommended that you make sure all
requirements are met and that you are using a supported Operating System. When all requirements are met,
follow the installation instructions for Windows SBS / Essentials to install ERA on these operating systems.
If you have Microsoft SQL Server installed in your system, review the requirements below to make sure your
version of Microsoft SQL Server is supported by ESET Remote Administrator. If your version of Microsoft SQL
Server is not supported, upgrade to a compatible version of SQL Server.
One of the prerequisites for the installation is to have Microsoft SQL Server installed and configured. The following
requirements must be met:
Install Microsoft SQL Server 2008 R2 or later, alternatively you can install Microsoft SQL Server 2008 R2 Express or
later. Choose Mixed mode authentication during installation.
If you have Microsoft SQL Server already installed, set authentication to Mixed mode (SQL Server authentication
and Windows authentication). To do so, follow the instructions in this Knowledgease article.
Allow TCP/IP connections to the SQL Server. To do so, follow instructions in this Knowledgebase article from part
II. Allow TCP/IP connections to the SQL database.
NOTE: For configuring, managing, administering of Microsoft SQL Server (databases and users), download SQL
Server Management Studio (SSMS).
NOTE: If you choose to install Microsoft SQL Server Express during installation, you will not be able to install it on
a Domain Controller. This is likely to happen if you are using Microsoft SBS. If you use Microsoft SBS, we recommend
that you install ESET Remote Administrator on a different server or do not select the SQL Server Express component
during installation (this requires you to use your existing SQL Server or MySQL to run the ERA database). For
instructions to install ERA Server on a Domain Controller, see our Knowledgebase article.
3.5.1 Database Server Backup

All ESET Remote Administrator information and settings are stored in the database. We recommend that you back
up your database regularly to prevent loss of data. Refer to the appropriate section below for your database:
o MySQL
o MS SQL
The backup can also be used later when migrating ESET Remote Administrator to a new server.
If you want to restore the database backup, follow the instructions for your database below:
o MySQL
o MS SQL
107
3.5.2 Database Server Upgrade

Follow the instructions below to upgrade an existing Microsoft SQL Server instance to a newer version for use with
ERA Server or ERA Proxy database:
1. Stop all running ERA Server or ERA Proxy services connecting to the database server that you will be upgrading.
Additionally, stop any other applications that might be connecting to your Microsoft SQL Server instance.
2. Back up all relevant databases safely before proceeding.
3. Perform the database server upgrade following the database vendor's instructions.
4. Start all ERA Server and or ERA Proxy services and check their trace logs to verify the database connection is
working correctly.
See the following web pages for more information specific to your database:
Upgrade SQL Server https://msdn.microsoft.com/en-us/library/bb677622.aspx (you can click Other Versions for
instructions to upgrade to a specific SQL Server version)
Upgrade MySQL Server (to version 5.6) http://dev.mysql.com/doc/refman/5.6/en/upgrading.html
3.5.3 ERA Database Migration

Click the appropriate link below for instructions to migrate ERA Server or ERA Proxy database between different SQL
Server instances (this also applies when migrating to a different SQL Server version or when migrating to a SQL
Server hosted on a different machine):
Migration process for SQL Server
Migration process for MySQL Server
This migration process is the same for Microsof SQL Server and Microsoft SQL Server Express.
3.5.3.1 Migration process for SQL Server

This migration process is the same for Microsof SQL Server and Microsoft SQL Server Express.
For additional information, see the following Microsoft Knowledge Base article: https://msdn.microsoft.com/en-us/
library/ms189624.aspx.
Prerequisites:
o Source and target SQL Server instances must be installed. They may be hosted on different machines.
o The target SQL Server instance must have at least the same version as the source instance. Downgrade is not
supported!
o SQL Server Management Studio must be installed. If the SQL Server instances are on different machines, it must
be present on both.
Migration:
1. Stop the ERA Server or ERA Proxy Service.
2. Log into the source SQL Server instance via SQL Server Management Studio.
3. Create a full database backup of the database to be migrated. We recommend that you specify a new backup set
name. Otherwise if the backup set has already been used, the new backup will be appended to it, which will
result in an unnecessarily large backup file.
4. Take the source database offline, select Tasks > Take Offline.
108
5. Copy the backup (.bak) file that you created in step 3 to a location that is accessible from the target SQL Server
instance. You may need to edit access rights for the database backup file.
6. Bring the source database online again but do not start ERA Server yet!
7. Log into the target SQL Server instance with SQL Server Management Studio.
8. Restore your database on the target SQL Server instance.
9. Type a name for your new database into the To database field. You can use the same name as your old database if
your prefer.
10. Select From device under Specify the source and location of backup sets to restore and then click .
109
11. Click Add, navigate to your backup file and then open it.
12. Select the most recent possible backup to restore (the backup set may contain multiple backups).
13. Click the Options page of the restore wizard. Optionally, select Overwrite existing database and ensure that the
restore locations for the database ( .mdf) and for the log ( .ldf) are correct. Leaving the default values unchanged
will use the paths from your source SQL server, so please check these values.
o If you are unsure where the DB files are stored on the target SQL Server instance, right-click an existing
database, select properties and click the Files tab. The directory where the database is stored is displayed in
the Path column of the table shown below.
110
14. Click OK in the restore wizard window.

15. Ensure that the new database server has SQL Server Authentication enabled. Right-click the server and click
Properties. Navigate to Security and verify that SQL Server and Windows Authentication mode is selected.
111
16. Create a new SQL Server login (for ERA Server/Proxy) in the target SQL Server with SQL Server authentication and
map the login to a user in the restored database.
o Do not enforce password expiration!
o Recommended characters for usernames:
Small ASCII letters, numbers and character underscore "_"
o Recommended characters for passwords:
ASCII characters ONLY, including big and small ASCII letters, numbers, spaces, special characters
o Do not use non-ASCII characters, curly braces {} or @
o Please note that if you do not follow the character recommendations above, you may have database
connectivity problems or you will need to escape the special characters in the later steps during database
connection string modification. Character escaping rules are not included in this document.
112
17. Map the login to a user in the target database. In the user mappings tab, ensure that the database user has the
roles: db_datareader, db_datawriter, db_owner.
113
18. To enable the latest database server features, change the restored database Compatibility level to the newest.
Right-click the new database and open the database Properties.
114
NOTE: SQL Server Management Studio is unable to define compatibility levels later than that of the version in
use. For example SQL Server Management Studio 2008 is unable to set compatibility level for SQL Server 2014.
19. Make sure the TCP/IP connection protocol is enabled for SQLEXPRESS and the TCP/IP port is set to 1433. You can
do so by opening Sql Server Configuration Manager, navigate to SQL Server Network Configuration > Protocols for
SQLEXPRESS. Right-click TCP/IP and select Enabled. Then double-click TCP/IP, switch to Protocols tab, scroll down
to IPAll and into Port field type 1433. Click OK and restart the SQL Server service.
115
20.Find startupconfiguration.ini on the machine, where ERA Server/Proxy is installed.

o For Windows Vista and later:
% PROGRAMDATA %\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration
\startupconfiguration.ini
o For earlier Windows versions:
% ALLUSERSPROFILE %\ Application Data\ESET\RemoteAdministrator\Server\EraServerApplicationData
\Configuration\startupconfiguration.ini
o For Linux:
/etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
20. Change the database connection string in ERA Server/Proxy startupconfiguration.ini
o Set the address and port of the new database server.
o Set new ERA user name and password in the connection string.
The final result should look like:
DatabaseType=MSSQLOdbc
DatabaseConnectionString=Driver=SQL Server;Server=localhost,1433;Uid=era_user1;Pwd={SecretPassword123};Ch
21. Start the ERA Server/Proxy and verify that the ERA Server/Proxy service is running correctly.
116
3.5.3.2 Migration process for MySQL Server

Prerequisites
Source and target SQL Server instances must be installed. They may be hosted on different machines.
MySQL tools must be available on at least one of the computers ( mysqldump and mysql client).
Useful links
http://dev.mysql.com/doc/refman/5.6/en/copying-databases.html
http://dev.mysql.com/doc/refman/5.6/en/mysqldump.html
http://dev.mysql.com/doc/refman/5.6/en/mysql.html
Migration process
In the commands, configuration files or SQL statements below, please always replace:
SRCHOST with the address of the source database server
SRCROOTLOGIN with the source MySQL server root user login
SRCERADBNAME with the name of the source ERA database to back up
BACKUPFILE with the path to the file where the backup will be stored
TARGETHOST with the address of the target database server
TARGETROOTLOGIN with the target MySQL server root user login
TARGETERADBNAME with the name of the target ERA database (after migration)
TARGETERALOGIN with the login name for the new ERA database user on the target MySQL server
TARGETERAPASSWD with the password of the new ERA database user on the target MySQL server
It is not necessary to execute the SQL statements below via the command line. If there is GUI tool available, you can
use an application you already know.
1. Stop the ERA Server/Proxy services.
2. Create a full database backup of the source ERA database (the database you plan to migrate):
mysqldump --host SRCHOST --disable-keys --extended-insert --routines -u SRCROOTLOGIN -p SRCERADBNAME > BA
3. Prepare an empty database on the target MySQL server:
mysql --host TARGETHOST -u TARGETROOTLOGIN -p "--execute=CREATE DATABASE TARGETERADBNAME /*!40100 DEFAULT
NOTE: Use the apostrophe character ' instead of " quotation marks on Linux systems.
4. Restore the database on the target MySQL server to the previously prepared empty database:
mysql --host TARGETHOST -u TARGETROOTLOGIN -p TARGETERADBNAME < BACKUPFILE
5. Create an ERA database user on the target MySQL server:
mysql --host TARGETHOST -u TARGETROOTLOGIN -p "--execute=CREATE USER TARGETERALOGIN@'%' IDENTIFIED BY 'TA
Recommended characters for TARGETERALOGIN:

Small ASCII letters, numbers and underscore "_"
Recommended characters for TARGETERAPASSWD:
ASCII characters only, including large and small ASCII letters, numbers, spaces and special characters
Do not use non-ASCII characters, curly braces {} or @
Please note that if you do not follow the character recommendations above, you may have database connectivity
problems or you will need to escape the special characters in the later steps during database connection string
modification. Character escaping rules are not included in this document.
117
6. Grant proper access rights for the ERA database user on the target MySQL server:
mysql --host TARGETHOST -u TARGETROOTLOGIN -p "--execute=GRANT ALL ON TARGETERADBNAME.* TO TARGETERALOGIN
NOTE: Use the apostrophe character ' instead of " quotation marks on Linux systems.
7. Find startupconfiguration.ini on the machine where ERA Server/Proxy is installed.
o For Windows Vista and later:
% PROGRAMDATA %\ESET\RemoteAdministrator\Server\EraServerApplicationData\Configuration
\startupconfiguration.ini
o For earlier Windows versions:
% ALLUSERSPROFILE %\ Application Data\ESET\RemoteAdministrator\Server\EraServerApplicationData
\Configuration\startupconfiguration.ini
o For Linux:
/etc/opt/eset/RemoteAdministrator/Server/StartupConfiguration.ini
8. Change the database connection string in ERA Server/Proxy
startupconfiguration.ini
o Set the address and port of the new database server

o Set the user name and password
o The final result should look like:
DatabaseType=MySqlOdbc
DatabaseConnectionString=Driver=MySQL ODBC 5.3 Unicode Driver;Server=TARGETHOST;Port=3306;User=TARGETERAL
Password={TARGETERAPASSWD};CharSet=utf8;Database=TARGETERADBNAME;
9. Start the ERA Server/Proxy and verify that the ERA Server/Proxy service is running correctly.
3.6 ISO image

An ISO image file is one of the formats you can download (All-in-one Installers category) ESET Remote Administrator
installers in. The ISO image contains the following:
ERA Installer package
Separate installers for each component
The ISO image is useful when you want to keep all ESET Remote Administrator installers in one place. It also
eliminates the need to download the installers from the ESET website every time you need to run the installation.
The ISO image is also useful to have when you want to install ESET Remote Administrator on a virtual machine.
118
3.7 DNS Service Record

To set up a DNS Resource Record:
1. On your DNS Server (DNS server on your Domain controller), navigate to Control Panel > Administrative Tools.
2. Select the DNS value.
3. In the DNS Manager, select _tcp from the tree and create a new Service location (SRV) record.
4. Enter the service name in the Service field according to DNS standard rules, type an underline symbol ( _ ) in
front of the service name (use your own service name, for example _era).
5. Enter the tcp protocol in the Protocol field in the following format: _tcp.
6. Enter the port 2222 in the Port number field.
7. Enter the ERA Server fully qualified domain name (FQDN) in the Host offering this service field.
8. Click OK > Done to save the record. The record will be displayed in the list.
To verify the DNS record:
1. Log into any computer in your domain and open a command prompt (cmd.exe).
2. Type nslookup into the command prompt and press Enter.
3. Type set querytype=srv and press Enter.
4. Type _era._tcp.domain.name and press Enter. The service location is displayed correctly.
NOTE
Don't forget to change the "Host offering this service:" value to the FQDN of your new server when you install
ESET Remote Administrator Server on a different machine.
119
4. Upgrade, migration and reinstallation procedures

This section describes different ways to upgrade, migrate and reinstall your ESET Remote Administrator Server and
other ERA components.
1. Upgrade from previous ERA generation
How to upgrade/migrate from an older generation of ESET Remote Administrator 5 to ESET Remote Administrator 6
with the Migration tool.
2. Upgrade from older ERA 6 version to the latest ERA 6 version
How to upgrade components of your ESET Remote Administrator infrastructure.
NOTE: To look up what version of each ERA component you are running, verify what your ESET Remote
Administrator Server version is. Go to the About page in the ERA Web Console, and then the following
Knowledgebase article for a list of all ERA component versions per ERA Server.
3. Migrate or reinstall ERA 6 from one server to another
How to migrate from one server to another or reinstall an ERA Server.
NOTE: If you plan to migrate from one ERA Server to a new server machine, you must export/back up all
Certificate Authorities as well as the ERA Server Certificate. Otherwise, none of the ERA components will be able to
communicate with your new ERA Server.
4. Other procedures
How to change an IP address or hostname on an ERA Server.
4.1 Component upgrade task

In this chapter:
Recommendations
List of upgraded components
Before upgrading
The Remote Administrator Component Upgrade task procedure
Troubleshooting
Recommendations:
We recommend using the Components Upgrade task available in ERA Web Console to upgrade your ERA
infrastructure. The following example shows you how to set up the Remote Administrator Component Upgrade task
to upgrade from the ERA version 6.1.x or 6.2.x to ERA version 6.3.x.
IMPORTANT: You must back up all certificates (Certificate Authority, Server Certificate, Proxy and Agent
Certificate) to perform this operation. To backup your certificates, do the following:
Export your Certification Authority Certificates from an old ERA Server to a .der file and save to external storage.
Export your Peer Certificates (for ERA Agent, ERA Server, ERA Proxy) and private key .pfx file from an old ERA
Server and save to external storage.
When running this task, we highly recommend that you select group All as a target to ensure that the entire ERA
infrastructure is upgraded.
120
List of upgraded components:

ERA Server
ERA Agent (task will update all computers in the network with ERA Agents installed if they are selected as targets
for the task)
ERA Proxy
ERA Web Console (only applies when installed using the ERA All-in-one installer or ERA Virtual Appliance and any
Linux distribution [provided in the installation folder: /var/lib/tomcat8/webapps/, /var/lib/tomcat7/webapps/
, /var/lib/tomcat6/webapps/, /var/lib/tomcat/webapps/ ])
ERA Mobile Device Connector (from version 6.2.11.0 to ERA version 6.3.x)
The following components must be upgraded manually:
Apache Tomcat (we strongly recommend that you keep Apache Tomcat up-to-date, see Upgrading Apache
Tomcat)
Apache HTTP Proxy (can be achieved using All-in-one installer, see Upgrading Apache HTTP Proxy)
ERA Rogue Detection Sensor
Before upgrading:
If the component upgrade fails on a machine running an ERA Server or Web Console, you may not be able to log
into the Web Console remotely. We strongly recommend that you configure physical access to the server machine
before performing this upgrade. If you cannot arrange for physical access to the machine, make sure you can log
onto it with administrative privileges using a remote desktop. We also recommend that you back up your ERA Server
and Mobile Device Connector databases before performing this operation. To backup your Virtual Appliance, create
a snapshot or clone your virtual machine.
Upgrading from ERA version 6.1.x?
If you are upgrading from ERA version 6.1 and use an ERA Proxy, client machines connecting via ERA Proxy will
not automatically receive the upgraded ERA Agent. We recommend that you use Agent Live Installers and
distribute them via GPO or SCCM. If you have ERA 6.2, clients will upgrade normally even when connecting via
ERA Proxy.
ERA Server instance is installed on a failover cluster?
If your ERA Server instance is installed on a failover cluster, you must upgrade the ERA Server component on
each cluster node manually. After upgrading the ERA Server, run the Component Upgrade task to upgrade the
rest of your infrastructure (for example, ERA Agents on client computers).
ERA Agent installed on Linux clients running with systemd in your infrastructure?
If you have the ERA Agent installed on Linux clients running with systemd in your infrastructure (distributions
with SysV init scripts or upstart are unaffected), run the script below prior to running a Components Upgrade
task. This is only necessary for version 6.1.450.0 or earlier.
121
#!/bin/sh -e
systemd_service=eraagent.service
systemd_service_path="/etc/systemd/system/$systemd_service"
if ! grep "^KillMode=" "$systemd_service_path" > /dev/null
then
echo "Applying 'KillMode' change to '$systemd_service_path'"
sed -i 's/\[Service\]/[Service]\nKillMode=process/' "$systemd_service_path"
else
echo "'KillMode' already set. No changes applied."
exit 0
fi
systemctl daemon-reload
if systemctl is active $systemd_service > /dev/null
then
echo "Restarting instance of '$systemd_service'"
systemctl restart $systemd_service
fi
Important instructions before upgrading Apache HTTP Proxy on Microsoft Windows

If you are using Apache HTTP Proxy and have custom settings in your httpd.conf file (such as your username and
password), backup your original httpd.conf file (located in C:\Program Files\Apache HTTP Proxy\conf\). If you are
not using custom settings, back up of the httpd.conf file is not necessary. Upgrade to the newer version of Apache
HTTP Proxy by any of the methods referenced in Upgrading Apache HTTP Proxy.
WARNING: After you have successfully upgraded Apache HTTP Proxy on Windows and you have had custom
settings in your original httpd.conf file (such as username and password), copy the settings from the backup
httpd.conf file and insert only the custom settings to the new httpd.conf file. Do not use your original httpd.conf
file with the new upgraded version of Apache HTTP Proxy, it will not work correctly. Copy only your custom settings
from it and use the new httpd.conf file. Alternatively, you can customize your new httpd.conf file manually, the
settings are described in Apache HTTP Proxy installation - Windows.
Important instructions before upgrading Apache HTTP Proxy on Virtual Appliance
If you are using Apache HTTP Proxy and have custom settings in your httpd.conf file (such as your username and
password), backup your original httpd.conf file (located in /opt/apache/conf/) and then run the Remote
Administrator Component Upgrade task to upgrade Apache HTTP Proxy. If you are not using custom settings, it is
no necessary to create a backup of httpd.conf.
After the Components Upgrade task has completed successfully, run the following command using the Run
Command Client task which will update the httpd.conf file (it is required for upgraded version of Apache HTTP
Proxy to run correctly):
wget http://help.eset.com/era_install/63/apache/httpd.conf -O /tmp/httpd.conf\
-o /tmp/wgeterror.log && cp /tmp/httpd.conf /opt/apache/conf/httpd.conf
122
Alternatively, you can run the same command directly from within the ERA Virtual Appliance's console. Another
option is to replace the Apache HTTP Proxy configuration file httpd.conf manually.
WARNING: If you have custom settings in your original httpd.conf file (such as your username and
password), copy the settings from the backup httpd.conf file and add only the custom settings to the new
httpd.conf file. Do not use your original httpd.conf file with the new upgraded version of Apache HTTP Proxy,
it will not work correctly. Copy only your custom settings from it and use the new httpd.conf file. Alternatively,
you can customize your new httpd.conf file manually, the settings are described in Apache HTTP Proxy
installation - Linux.
The Remote Administrator Components Upgrade task procedure:

1. Click Admin > Client Tasks and navigate to All Tasks > ESET Remote Administrator > Remote Administrator
Components Upgrade.
2. Click New to set up your new task.
123
Basic
3. Enter a task Name and Description.
4. In the Task drop-down menu, select Remote Administrator Components Upgrade.
124
Target
5. Mark the check boxes next to all targets receiving this task (individual computers or whole groups). Click Add
targets to display all Static and Dynamic Groups and their corresponding members. Select Static Group > All to run
the update on your full infrastructure.
Trigger
6. In the Trigger Type drop-down menu.
IMPORTANT: For version 6.2.x and higher, select Schedule Once and type Schedule Once At with Random
Delay Interval set to 12 hours.
125
IMPORTANT: For version 6.1.x select CRON Expression. In the CRON Expression box, enter a CRON expression
for the date when you want to fire the task.
For example, R R R 15 5 ? 2015 will run the task randomly once on May 15.
7.
IMPORTANT: Invoke ASAP if an event is missed: Use this option carefully. If you are using multiple virtualized
clients this can cause all clients to upgrade at the same time, resulting in high loads on your virtual infrastructure.
8. We recommend that you select the check box next to Use Local Time. This refers to the local time of the client(s),
not the server. Click Finish when you are finished.
Settings
126
9. Mark the check box next to I agree with application End User License Agreement, if you agree. For more
information, see License Management or EULA.
10.Click <Choose Server>, select a product and then click OK.

NOTE: The list of products and versions will vary, the following is only an example.
127
Summary
11.Review the summary of configured settings and click Finish. The task is now created and will be sent to clients.
Troubleshooting:
Verify whether you can access the ERA repository from an upgraded computer.
Re-running the Remote Administrator Components Upgrade task will not work if there is at least one component
already upgraded to a newer version.
If there is no clear reason for the failure, you can upgrade components manually. See our instructions for
Windows or Linux.
On Linux machines utilizing systemd as a service manager, this task might not finish successfully. Linux
distributions with SysV init scripts or upstart are unaffected.
See general troubleshooting information for more suggestions to resolve upgrade issues.
128
4.1.1 Product installation using component upgrade

There are two ways to perform a component-based installation of ESET business products version 6.x and deploy
them from ESET Remote Administrator.
NOTE: Only ESET Endpoint Security supports component-based installation, ESET Endpoint Antivirus does not.
Select components to install using the ADDLOCAL property. See also Advanced installation of ESET Endpoint
Security.
1. Using Software Install task
Choose a package from the repository or Add path to the msi file, for example:
file://\\Win2012-server\share\ees_nt64_enu.msi (correct permissions need to be set - no authentication)
add ADDLOCAL=<list> to installation parameters
ADDLOCAL=WebAndEmail,ProtocolFiltering,WebAccessProtection,EmailClientProtection,Antispam,
WebControl,UpdateMirror,DocumentProtection,DeviceControl
(all components without NAP and Firewall)

See also Software Install task instructions in the Administrator guide.
2. Using Run Command tasks
For example:
msiexec.exe /i \\Win2012-server\share\ees_nt64_enu.msi /qn
ADDLOCAL=WebAndEmail,ProtocolFiltering,WebAccessProtection,EmailClientProtection,Antispam,
WebControl,UpdateMirror,DocumentProtection,DeviceControl /lvx*
C:/install.log
See also Run Command task instruction in the Administrator guide.
4.2 Migration from previous ERA version

If you want to upgrade/migrate from an older generation of ESET Remote Administrator 5 to ESET Remote
Administrator 6, you can use our Migration Tool which can make the upgrade process easier. The Migration Tool is a
standalone application in form of a wizard that provides straightforward migration of ERA 4.x / 5.x data into an
intermediate database which allows for the data to be imported into ERA 6.x.
IMPORTANT: Migration Tool version must match ESET Remote Administrator version you're going to migrate to.
To find out what version of Migration Tool you need see this Knowledgebase article.
Download appropriate version of ESET Remote Administrator Migration Tool.
Run Migration Tool locally on your old ERA 4.x / 5.x sever. It is not possible to run Migration Tool from a remote
machine.
Configuration of your old ERA server is not being migrated.
Parametric groups are not migrated.
You can migrate policies with Migration Tool 6.2.x and newer. However, there are some specifics to policy
migration:
Only policies from upper ERA server are migrated.
Only policy definitions are migrated, policy relations are not being migrated.
You will need to assign migrated policies to appropriate groups manually after the migration.
Hierarchy of policies is omitted. In case there is an override flag in your old ERA, this flag is converted to a
force in ERA 6 policy for that same setting.
129
If there are settings for multiple products in a single policy in old ERA, an individual policy for each product
will be created in ERA 6.
NOTE: After the migration, we recommend you to check items (Computers, Static Groups, Policies, etc.) to make
sure these are in place and that the result of migration meets the expectations. In case there are some
discrepancies, an intervention is needed, such as creating policies manually.
NOTE: If an error occurs during the migration process, it is written in migration.log file located in the same folder
as Migration Tool. If you have read-only access to this folder, then a log window will open instead. Same thing
happens should there be not enough disk space, that means the log file is not created and you will only see results
in the log window.
NOTE: To resolve a problem with missing MSVCP100.dll or MSVCR100.dll files, install the latest Microsoft Visual C+
+ 2010 Redistributable Package. You can use the following link Microsoft Visual C++ 2010 Redistributable Package
(x86).
The following are migration scenarios which should guide you through the migration process itself:
Migration scenario 1 - Migration to ERA 6.x running on a different computer than ERA 4.x / 5.x.
Migration scenario 2 - Migration to ESET Remote Administrator 6.x running on the same computer as ERA 4.x / 5.x.
Migration scenario 3 - Migration to ERA 6.x where endpoints connect to old ERA 4.x / 5.x until the ERA Agent is
deployed by ERA 6.x.
130
4.2.1 Migration scenario 1

This scenario covers migration to ERA 6.x running on a different computer than ERA 4.x / 5.x. For more details and
instructions, see Knowledgebase article for illustrated step-by-step instructions to complete installation using the
All-in-one installer.
1. The first step in the migration process is to have ERA 6.x installed and running on another computer.
2. Start the ESET Remote Administrator Migration tool on the ERA 4.x / 5.x machine and select Export to save the
data from the old ERA to an intermediate database file.
3. Migration wizard is able to transfer specific data only. Select the data you want to transfer and click Next.
After you have selected a folder in which to save the temporary database, the wizard will display the status of
archival of the ERA 4.x / 5.x database.
All data is exported to an intermediate database.
4. When data is finished exporting, there are two options you can choose from:
One option is to Finish the export, Copy the temporary database file to a server that is running ESET Remote
Administrator 6.x, and import the data using the ERA Migration tool on that server.
A second option is to click Import now and import the data directly to ESET Remote Administrator 6.x over the
network. Specify the connection and logon details of the new ERA Server.
NOTE: Static groups synchronized from Active Directory are ignored and will not be exported.
If server settings wont allow for importation of specific data, the ESET Remote Administrator Migration tool
will let you choose whether you want to change settings in ERA 6.x for specific components.
131
Each of the components is then imported. An import (migration) log is available for each component. After
the import is complete, the Migration tool will display the results of the import process.
If you chose to migrate users, their passwords were reset and replaced with randomly generated passwords.
These passwords can be exported in the .CSV format.
The migration tool wizard also generates a script that can be used to preconfigure ERA Agents on client
machines. This script is a small executable .bat file distributable to client computers.
We recommend that you review migrated settings and data to make sure that importation was successful.
After checking, use this script to deploy the ERA Agent on a small group of computers to check if they are
connecting to the server correctly.
After the successful connection of the test group, you can deploy the Agent to the remaining computers
(either manually or using an AD synchronization task).
NOTE: If any of the migration steps fail you should roll back changes for ERA 6.x, setup the computers to connect
to ERA 4.x / 5.x, recover the backup data from ERA 4.x / 5.x and contact ESET customer care.
132

This scenario covers migration to ESET Remote Administrator 6.x running on the same computer as ERA 4.x / 5.x. All
ERA data should be backed up (using the ESET Maintenance tool) and ERA services in the operating system should be
stopped before the migration of any data.
Watch our Knowledgebase instructional video, or visit our Knowledgebase article for illustrated step-by-step
instructions to complete installation using the All-in-one installer.
Download the ESET Remote Administrator migration tool and then follow the steps below.
NOTE: If you receive a system error, ensure that you have installed the required Microsoft Redistributable
Package.
1. After running the ESET Remote Administrator Migration tool on the ERA 4.x / 5.x machine, the administrator
selects the Export option to save the data from ERA 4.x / 5.x to an intermediate database file. Migration wizard is
able to transfer specific data only:
NOTE: It is not possible to transfer parametric groups and tasks from ERA 4.x / 5.x, because of the new design
and functions of dynamic groups in ERA 6.x.
133
2. After selecting a save folder for the temporary database, the wizard will display the status of archival of the ERA
4.x / 5.x database.
3. All data is exported to an intermediate database.

After the successful data export and before ERA 6.x deployment, ERA 4.x / 5.x must be uninstalled. We
recommend to restart the machine prior to continue with installation of ERA 6.x.
134
When new ERA 6.x is installed, exported database can be imported using the Migration tool. Administrator is
prompted to enter the IP address of the machine (the one that was displayed concerning ERA Console in the
Installation successful screen, but without protocol ":8443") into the Host field, the administrator password
configured during installation and to select the saved database file.
135

This scenario covers a migration to ERA 6.x where endpoints connect to old ERA 4.x / 5.x until the ERA Agent is
deployed by ERA 6.x. This scenario is useful if you wish to see how ERA 6.x would look like with your data from ERA
4.x / 5.x, but still have endpoints connecting to your ERA 4.x / 5.x.
NOTE: This scenario is for highly skilled users only. We do not recommend this type of migration unless there is
no other option.
1. After running the ESET Remote Administrator Migration tool on the ERA 4.x / 5.x machine, the administrator
selects the Export option to save the data from ERA 4.x / 5.x to an intermediate database file. Migration wizard is
able to transfer specific data only:
NOTE: It is not possible to transfer parametric groups and tasks from ERA 4.x / 5.x, because of the new design
and functions of dynamic groups in ERA 6.x.
136
2. After selecting a save folder for the temporary database, the wizard will display the status of archival of the ERA
4.x / 5.x database.
3. All data is exported to an intermediate database.

4. If ERA 6 will be installed on the same computer as 4.x / 5.x, you must change your old ERA ports and rename the
server service ( sc config ERA_SERVER DisplayName= ESET Remote Administrator g1).
137
5. ESET Remote Administrator 4.x / 5.x should be started again following the export of your data.
6. Install ESET Remote Administrator 6 and import the intermediate database using the Migration tool. You will be
prompted to enter the IP address of the machine (the one that was displayed for ERA Console in the Installation
successful screen, but without the protocol ":8443") in the Host field, the administrator password configured
during installation and to select the saved database file.
The consequence of this type of migration is that there wont be any logs exported between the process of backing
up the ERA 4.x / 5.x database and deploying the Agent on a client computer. However that data will still be present
on your old copy of ERA 4.x / 5.x.
4.3 Migration from one server to another

There are four ways to migrate ESET Remote Administrator from one server to another (these scenarios can be used
when reinstalling your ERA Server):
Clean Installation - same IP address - The new installation does not use the previous database from the old ERA
Server and keeps the original IP address.
Clean Installation - different IP address - The new installation does not use the previous database from the old
ERA Server and has a different IP address.
Migrated Database - same IP address - Database migration can only be performed between two similar database
types (from MySQL to MySQL or from MSSQL to MSSQL) and similar alike versions of ERA.
Migrated Database - different IP address - Database migration can only be done performed between two like
database types (from MySQL to MySQL or from MSSQL to MSSQL) and two like versions of ERA.
NOTE: Migration from one server to another server is supported for versions 6.2 and later.
NOTE: When adding new client computers, use a new Certification Authority to sign the Agent certificates. This is
done because an imported CA cannot be used to sign new peer certificates, it can only authenticate ERA Agents of
client computers that were migrated.
138
4.3.1 Clean Installation - same IP address

The objective of this procedure is to install an entirely new instance of ERA Server that does not use the previous
database, but retains records for client computers. This new ERA Server will have the the same IP address as your
previous server, but will not use the database from the old ERA server.
On your current (old) ERA Server:
1. Export all certificates from current ERA Server and save onto your external storage.
o Export all Certification Authority Certificates from your ERA Server and save each CA certificate as a .der file.
o Export all Peer Certificates (Server certificate, Agent certificate, Proxy certificate, MDM certificate, etc.) from
your ERA Server to a .pfx file. Exported .pfx will have private key included as well.
2. Stop the ERA Server service.
3. Turn off your ERA Server machine (optional).
IMPORTANT: Do not uninstall/decomission your old ERA Server yet.
On your new ERA Server:
IMPORTANT: Make sure the network configuration on your new ERA Server (IP address, FQDN, Computer name,
DNS SRV record) matches that of your old ERA Server.
1. Install ERA Server using the All-in-one package installer (Windows) or choose another installation method
(Windows manual installation, Linux or Virtual Appliance).
2. Connect to ERA Web Console.
3. Import all CAs that you have exported from your old ERA Server. To do so, follow the instructions for importing a
public key.
4. Change the ERA Server certificate in your Server settings to use the Server certificate from your old ERA Server
(exported in step 1.).
5. Import all required ESET licenses to ERA.
6. Restart the ERA Server service, see our Knowledgebase article for details.
139
Client computers should now connect to your new ERA Server using their original ERA Agent certificate, which is
being authenticated by the imported CA from the old ERA Server. If clients are not connecting, see Problems after
upgrade/migration of ERA Server.
Old ERA Server uninstallation:

Once you have everything running correctly on your new ERA Server, carefully decommission your old ERA Server
using our step-by-step instructions.
4.3.2 Clean Installation - different IP address

The objective of this procedure is to install an entirely new instance of ERA Server that does not use the previous
database, but retains records for client computers. The new ERA Server will have a different IP address/Hostname,
but will not use the database from the old ERA server.
1. Generate a new ERA Server certificate (with connection information for the new ERA Server). Leave the default
value (an asterisk) in the Host field to allow for distribution of this certificate with no association to a specific DNS
name or IP address.
3. Create a policy to define a new ERA Server IP address and assign it to all computers. Wait for the policy to be
distributed to all client computers (computers will stop reporting in as they receive the new server information).
5. Turn off the current ERA Server machine (optional).
(Windows manual installation, Linux or Virtual Appliance).
3. Import all CAs that you have exported from your old ERA Server. To do so, follow the instructions for importing a
public key.
4. Change your ERA Server certificate in Server settings to use the previous Server certificate from your old ERA
Server (exported in step 1.). Do not stop the ERA Server service until step 6.
5. Import all required ESET licenses to ERA.
140
4.3.3 Migrated Database - same IP address

The objective of this procedure is to install an entirely new instance of ERA Server and keep your existing ERA
database, including existing client computers. The new ERA Server will have the same IP address as the old ERA
Server, and the database of the old ERA server will be imported to the new server machine prior to installation.
IMPORTANT: Migrating databases is only supported between identical database types (from MySQL to MySQL or
from MSSQL to MSSQL).
IMPORTANT: When migrating a database, you must migrate between instances of the same ESET Remote
Administrator version. For example when you have ERA 6.3.12.0, you can only migrate to ERA version 6.3.12.0. See
our Knowledgebase article for instructions to determine the versions of your ERA components. After completing
database migration, you can perform an upgrade, if necessary, to get the latest version of ESET Remote
Administrator.

3. Export/Backup the ERA Database.

IMPORTANT: Make sure the network configuration on your new ERA Server (IP address, FQDN, Computer name,
DNS SRV record) matches that of your old ERA Server.
1. Install/Launch a supported ERA database.
2. Import/Restore the ERA database from your old ERA Server.
(Windows manual installation, Linux or Virtual Appliance). Specify your database connection settings during
installation of ERA Server.
5. Import all CAs exported from your old ERA Server. To do so, follow the instructions for importing a public key.

141
4.3.4 Migrated Database - different IP address

The objective of this procedure is to install an entirely new instance of ERA Server and keep your existing ERA
database, including existing client computers. The new ERA Server will have a different IP address from the old ERA
Server, and the database of the old ERA server will be imported to the new server machine prior to installation.
IMPORTANT: Migrating databases is only supported between identical database types (from MySQL to MySQL or
from MSSQL to MSSQL).
IMPORTANT: When migrating a database, you must migrate between instances of the same ESET Remote
Administrator version. For example when you have ERA 6.3.12.0, you can only migrate to ERA version 6.3.12.0. See
our Knowledgebase article for instructions to determine the versions of your ERA components. After completing
database migration, you can perform an upgrade, if necessary, to get the latest version of ESET Remote
Administrator.

1. Generate a new ERA Server certificate (with connection information for the new ERA Server). Leave the default
value (an asterisk) in the Host field to allow for distribution of this certificate with no association to a specific DNS
name or IP address.
3. Create a policy to define a new ERA Server IP address and assign it to all computers. Wait for the policy to be
distributed to all client computers (computers will stop reporting in as they receive the new server information).
5. Export/Backup the ERA Database.

1. Install/Launch a supported ERA database.
2. Import/Restore the ERA database from your old ERA Server.
(Windows manual installation, Linux or Virtual Appliance). Specify your database connection settings during
installation of ERA Server.
5. Import all CAs exported from your old ERA Server. To do so, follow the instructions for importing a public key.
6. Change your ERA Server certificate in Server settings to use the previous Server certificate from your old ERA
Server (exported in step 1.). Do not stop the ERA Server service until step 7.
142

4.3.5 Uninstallation of the old ERA Server

There are a few options when decommissioning your old ERA Server:
IMPORTANT: Make sure your new ERA server is running and client computers are connecting to your new ERA
correctly.
1. Format the disk on the old server. This is the easiest way to remove ERA.
2. In case you want to keep the OS and reuse it, you can uninstall your old installation of ERA, but before doing so:
Plan an operating system restart of your server after uninstallation
Make sure other ERA components have been uninstalled (including ERA Agent, Rouge Detection Sensor etc.)
Do not uninstall your database unless there are no other software dependent on your database
4.4 Upgrade ERA installed in Failover Cluster in Windows

If you have ERA Server installed in a Failover Cluster environment in Windows and wish to upgrade the installation,
proceed with the corresponding steps.
NOTE: The term Role is available in Windows server 2012 only. In Windows server 2008 Services and applications
is used instead.
Upgrade from 6.3 to latest version
1. Stop the ERA Server cluster Role in the Cluster Manager. Make sure the ESET Remote Administrator Server service
is stopped on all cluster nodes.
2. Get the cluster shared disk online on node1 and upgrade ERA Server manually by executing the latest .msi
installer as in case of a component installation. After the installation (upgrade) is finished, make sure the ESET
Remote Administrator Server service is stopped.
3. Get the cluster shared disk online on node2 and upgrade ERA Server the same way as in step no. 2.
4. Once ERA Server is updated on all cluster nodes, start the ERA Server Role in the Cluster Manager.
5. Upgrade ERA Agent manually by executing the latest .msi installer on all cluster nodes.
6. In ERA Console check if Agent and Server versions for all nodes report the latest version to which you upgraded
to.
143
Manual for upgrade from version 6.1 or 6.2 to version 6.3

Please note that for older ERA versions the ERA Agent service was running always only on the active node in the
failover cluster. Starting with ERA 6.3, the ERA Agent service is running on all nodes all the time. This way all nodes
can be monitored by ERA all the time.
Please be aware, that the change described above will cause that during upgrade new computer will be created at
least for one of the cluster nodes. If you do not need event history for them, do not forget to manually remove the
old computer(s) via ERA Console.
1. Stop the ERA Server cluster Role in the Cluster Manager. Make sure the ESET Remote Administrator Server and
service is stopped on all cluster nodes.
2. If the ERA Agent service was set as a dependency or resource for the ERA Server Role, remove the ERA Agent
resource/service completely from the Cluster manager.
3. Get the cluster shared disk online on node1 and upgrade ERA Server manually by executing the latest .msi
installer as in case of a component installation. After the installation (upgrade) is finished, make sure the ESET
Remote Administrator Server service is stopped.
4. Get the cluster shared disk online on node2 and upgrade ERA Server the same way as in step no. 3.
5. Get the cluster shared disk online on node1 and uninstall the old version of ERA Agent (6.1 or 6.2).
6. Get the cluster shared disk online on node2 and uninstall the old version of ERA Agent (6.1 or 6.2).
7. Start the ERA Server cluster Role in the Cluster Manager.
8. Install ERA Agent on all cluster nodes using the standalone installer. In the Agent configuration and Connection to
Remote Administrator screens use the hostname of ERA Server cluster Role. If prompted, make sure the option
of This is a cluster installation is not selected, and store Agent data on the local node (not on the cluster disk).
9. In ERA Console check if Agent and Server versions for all nodes report the latest version you upgraded to.
4.5 Upgrading Apache HTTP Proxy

Apache HTTP Proxy is a service that can be used in combination with ESET Remote Administrator 6 and later to
distribute updates to client computers and installation packages to the ERA Agent.
If you installed Apache HTTP Proxy earlier on Windows and wish to upgrade it to the most recent version, then you
have two ways to accomplish the upgrade, either manually or via the All-in-one installer.
4.5.1 Windows instructions (All-in-one installer)

If the ERA All-in-one installer is stored on your local drive, you can use this method to quickly upgrade Apache HTTP
proxy to the latest version. If you do not have the installer present, the manual upgrade of Apache HTTP Proxy is
quicker.
1. Back up the following files:
C:\Program Files\Apache HTTP Proxy\conf\httpd.conf
C:\Program Files\Apache HTTP Proxy\bin\password.file
C:\Program Files\Apache HTTP Proxy\bin\group.file
2. Stop the ApacheHttpProxy service by opening an admnistrative command prompt and executing the following
command:
3. Launch the All-in-one installer by double-clicking the setup.exe file.

4. Select Install/Upgrade Apache HTTP Proxy and click Next.
144
After accepting the EULA, click Next. Follow the instructions on-screen to complete installation and then click Finish.
If you use a username/password to access your Apache HTTP Proxy (step no. 8 in the Apache HTTP Proxy installation
topic), replace the following block of code:
<Proxy *>
Deny from all
</Proxy>
with this one (found in the backup of httpd.conf you made in step 1):
<Proxy *>
AuthType Basic
Order deny,allow
Deny from all
Allow from all
</Proxy>
If you had other customizations made to your httpd.conf file in place in your previous installation of Apache
HTTP Proxy, you can copy over those modifications from the backed-up httpd.conf file to the new (upgraded)
httpd.conf file.
5. Save your changes and start the ApacheHttpProxy service by executing the following command in an elevated
command prompt:
145
6. Test the connection to Apache HTTP Proxy by accessing the following URL in your browser:
See the Apache HTTP Proxy log files if you need to troubleshoot an issue.
4.5.2 Windows instructions (manual)

To upgrade Apache HTTP Proxy to the most recent version, follow the steps below.
1. Back up the following files:
C:\Program Files\Apache HTTP Proxy\conf\httpd.conf
C:\Program Files\Apache HTTP Proxy\bin\password.file
C:\Program Files\Apache HTTP Proxy\bin\group.file
2. Stop the ApacheHttpProxy service by opening an admnistrative command prompt and executing the following
command:
3. Download the Apache HTTP Proxy installer file from ESET download site and extract its contents to C:\Program
Files\Apache HTTP Proxy\. Overwriting the existing files.
4. Navigate to C:\Program Files\Apache HTTP Proxy\conf, right-click httpd.conf, from the context menu and select
Open with > Notepad
5. Add the following code at the bottom of httpd.conf:
ServerRoot "C:\Program Files\Apache HTTP Proxy"
DocumentRoot "C:\Program Files\Apache HTTP Proxy\htdocs"
<Directory "C:\Program Files\Apache HTTP Proxy\htdocs">
Options Indexes FollowSymLinks
AllowOverride None
Require all granted
</Directory>
CacheRoot "C:\Program Files\Apache HTTP Proxy\cache"
6. If you set a username/password to access your Apache HTTP Proxy (step no. 8 in the Apache HTTP Proxy
installation topic), replace the following block of code:
<Proxy *>
Deny from all
</Proxy>
with this one (found in your backed-up httpd.conf file you backed up in step 1):
<Proxy *>
AuthType Basic
Order deny,allow
Deny from all
Allow from all
</Proxy>
If you had other customizations made to your httpd.conf file in place in your previous installation of Apache
HTTP Proxy, you can copy over those modifications from the backed-up httpd.conf file to the new (upgraded)
httpd.conf file.
7. Save your changes and start the ApacheHttpProxy service by executing the following command in an
administrative command prompt:
8. Test the connection to Apache HTTP Proxy by accessing the following URL in your browser:
146
See the Apache HTTP Proxy log files if you need to troubleshoot an issue.
4.6 Upgrading Apache Tomcat

If you are upgrading to a most recent version of ESET Remote Administrator, or if you have not upgraded Apache
Tomcat for a prolonged period of time, you should consider upgrading Apache Tomcat to the latest version. Keeping
public-facing services including Apache Tomcat and its dependencies up-to-date will decrease security risks to your
environment.
To upgrade Apache Tomcat, follow the instructions for your OS:
Windows instructions (manual) or Windows instructions (All-in-one)
Linux instructions
4.6.1 Windows instructions (All-in-one installer)

If the ERA All-in-one installer is stored on your local drive, you can use this method to quickly upgrade Apache
Tomcat to the latest version. If you do not have the installer present, you can download the Apache Tomcat installer
and upgrade manually.
Follow these instructions if you have All-in-one installer stored on your local drive:
WARNING: At the time of writing, Apache Tomcat only supports upgrades from version 7.x to 7.x from the ERA
All-in-one installer version 6.3.12 and earlier.
Before upgrading
1. Ensure that Java is updating correctly on your system. See instructions on the java website.
2. Check to see which version of Apache Tomcat is currently in use. If a newer version is available, perform an
upgrade:
a. Open a Run dialog, type services.msc and then click OK
b. Right-click the Apache Tomcat service, select Properties and observe the version number in the General tab
(for example 7.0.67).
3. Check our list of supported versions of Apache Tomcat to ensure that the new version is compatible with ESET
products.
How to upgrade
1. Stop the Apache Tomcat service and close Tomcat7w.exe:
a. Open a Run dialog, type services.msc, click OK.
b. Right-click the Apache Tomcat service and then click Stop.
c. Close Tomcat7w.exe in your system tray.
2. Back up the following files (in some cases the folder name is Tomcat 8.0):
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\server.xml
C:\Program Files\Apache Software Foundation\Tomcat 7.0\.keystore
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\tomcat-users.xml
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps/era/WEB-INF/classes/sk/eset/era/
g2webconsole/server/modules/config/EraWebServerConfig.properties
147
3. Download the latest supported version of the Apache Tomcat installer file apache-tomcat-[version].exe from
http://tomcat.apache.org.
4. Uninstall the current version of Apache Tomcat.
5. Delete the following folder if it is still present on your system:
C:\Program Files\Apache Software Foundation\Tomcat 7.0\
6. Navigate to the folder where you saved the All-in-one installer.
7. Copy apache-tomcat-[version].exe into the ./win32/installers or ./x64/installers directory. Delete the old Tomcat
installation file from this directory.
8. Open a Command Prompt, navigate to the All-in-one installer folder and run the following command:
Setup.exe --mode webconsole
9. Select ESET Remote Administrator Webconsole in the setup window, select your Language and click Next.
10. After accepting the EULA, click Next.
11. In the components window click Install.
12. Restore EraWebServerConfig.properties to its original location.
13. Connect to ERA Web Console and ensure that the program works correctly.
4.6.2 Windows instructions (manual)

Use this instructions to upgrade Apache Tomcat if you do not have the ESET All-in-one installer present:
Before upgrading
1. Ensure that Java is updating correctly on your system. See instructions on the java website.
2. Check to see which version of Apache Tomcat is currently in use. If a newer version is available, perform an
upgrade:
a. Open a Run dialog, type services.msc and then click OK
b. Right-click the Apache Tomcat service, select Properties and observe the version number in the General tab
(for example 7.0.67).
products.
How to upgrade
1. Stop the Apache Tomcat service and close Tomcat7w.exe:
a. Open a Run dialog, type services.msc, click OK.
b. Right-click the Apache Tomcat service and then click Stop.
c. Close Tomcat7w.exe in your system tray.
2. Back up the following files (in some cases the folder name is Tomcat 8.0):
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\server.xml
C:\Program Files\Apache Software Foundation\Tomcat 7.0\.keystore
C:\Program Files\Apache Software Foundation\Tomcat 7.0\conf\tomcat-users.xml
C:\Program Files\Apache Software Foundation\Tomcat 7.0\webapps/era/WEB-INF/classes/sk/eset/era/
g2webconsole/server/modules/config/EraWebServerConfig.properties
3. Download the latest supported version of the Apache Tomcat installer file apache-tomcat-[version].exe from
http://tomcat.apache.org.
4. Uninstall the current version of Apache Tomcat.
148
5. Delete the following folder if it is still present on your system:

C:\Program Files\Apache Software Foundation\Tomcat 7.0\
6. Install the newer version of Apache Tomcat that you downloaded.
7. When you are finished, deselect the check box next to Run Apache Tomcat.
8. Restore .keystore and server.xml to their original locations (applicable only when upgrading to same major
version of Apache Tomcat only, for example 7.x to 7.x or 8.x to 8.x!). Alternatively, you can set up an HTTPS
connection for Apache Tomcat for ERA Web Console manually according to our Knowledgebase instructions
(recommended).
9. Deploy ERA Web Console, see Web Console installation - Windows.
10. Restore EraWebServerConfig.properties to its original location.
11. Run Apache Tomcat and set a correct Java VM:
Click Start > All Programs > Apache Tomcat > Monitor Tomcat and in the General tab press Start.
Click the Java tab, select the check box next to Use default, and then click OK. View illustrated
Knowledgebase instructions.
12. Connect to ERA Web Console and ensure that the program works correctly.
Troubleshooting
If you are unsuccessful setting up an HTTPS connection for Apache Tomcat, you can skip this step and use an HTTP
connection temporarily.
If you are unable to upgrade Apache Tomcat, install your original version and apply the configuration from step 2.
4.6.3 Linux instructions

Before upgrading Apache Tomcat
1. Ensure that Java is updating correctly on your system.
Verify that the openjdk package has been updated (see below).
2. Check to see which version of Apache Tomcat is currently used. If a newer version is available, perform an
upgrade:
Execute the following command: cd
name is tomcat7 or tomcat8)
/usr/share/tomcat/bin && ./version.sh
(in some cases the folder
products.
How to upgrade
1. Stop the Apache Tomcat service:
Execute the following command: service
tomcat8 )
tomcat stop
(in some cases the service name is tomcat7 or
2. Upgrade Apache Tomcat and Java according to the Linux distribution used. Execute the following commands in
Terminal:
Debian and Ubuntu
distributions
sudo-apt-get update
sudo apt-get install openjdk-7-jdk tomcat7
149
CentOS, Red Hat and Fedora

distributions
yum update
yum install java-1.8.0-openjdk tomcat
OpenSUSE
zypper refresh
zypper install java-1_8_0-openjdk tomcat
IMPORTANT: After upgrading Apache Tomcat to a later major version (for example Apache Tomcat version 7.x to
8.x):
Deploy ERA Web Console again (see ERA Web Console installation - Linux) and reuse %TOMCAT_HOME%/
webapps/era/WEB-INF/classes/sk/eset/era/g2webconsole/server/modules/config/EraWebServerConfig.properties
to preserve any custom settings in ERA Web Console.
Set up an HTTPS connection for Apache Tomcat.
4.7 Change of IP address or hostname on ERA Server

To change an IP address or hostname on your ERA Server, follow these steps:
1. If your ERA Server certificate contains a specific IP address and/or hostname, create a new Server certificate and
include the new IP address or hostname you are switching to. However, if you have a wild card * in the host field
of the Server certificate, skip to step 2. If not, create new Server certificate adding the new IP address and host
name separated by a comma and include the previous IP address and hostname as well. Alternatively, you can
add a wild card * in the host field.
2. Sign the new Server certificate using your ERA Server Certification Authority.
3. Create a policy changing the client connections to the new IP address or hostname (preferably the IP address),
but include a second (alternative) connection to the old IP address or hostname to give the ERA Agent a chance to
connect to both servers. For more details, see Create policy for ERA Agents to connect to the new ERA Server.
4. Apply this policy to your client computers and allow the ERA Agents to replicate. Even though the policy will
redirect clients to your new server (which is not running), the ERA Agents will use the alternative Server
information to connect to the original IP address.
5. Set your new Server certificate in Server settings.
6. Restart the ERA Server service and change the IP address or hostname.
See our Knowledgebase article for illustrated instructions to change the ERA Server address.
4.8 Upgrade ERA installed in Failover Cluster in Linux

If you have ERA Server installed in a Failover Cluster environment in Linux and wish to upgrade the installation,
proceed with the steps below.
Manual upgrade from version 6.3 to latest version
1. Disable EraService in Conga (Cluster Administration GUI) under Service groups and ensure that ERA Agent and ERA
Server are stopped on both nodes.
2. Upgrade ERA Server on node1 by performing the following steps:
o Mount the shared storage to this node
o Upgrade ERA Server manually to latest version by executing the .sudo ./Server-Linux-x86_64.sh command in
a Terminal window
o Replace the old cluster script located at /usr/share/cluster/eracluster_server.sh with the new one found in /
opt/eset/RemoteAdministrator/Server/setup/eracluster_server. Keep the old file name.
o Stop the ERA Server service (stop eraserver) after the upgrade
o Disable ERA Server autostart by renaming the following 2 files:
mv /etc/init/eraserver.conf /etc/init/eraserver.conf.disabled
mv /etc/init/eraserver-xvfb.conf /etc/init/eraserver-xvfb.conf.disabled
o Unmount the shared storage from this node
150
3.
4.
5.
6.
Repeat these steps to upgrade ERA Server on node2.

Start EraService in Conga (Cluster Administration GUI) under Service groups.
Upgrade ERA Agent on all cluster nodes.
Check ERA Console to see if all nodes are connecting and show as the latest version.
Manual upgrade from version 6.1 or 6.2 to version 6.3
Please note that for older ERA versions the ERA Agent service was running always only on the active node in the
failover cluster. Starting with ERA 6.3, the ERA Agent service is running on all nodes all the time. This way all nodes
can be monitored by ERA all the time.
Please be aware, that the change described above will cause that during upgrade new computer will be created at
least for one of the cluster nodes. If you do not need event history for them, do not forget to manually remove the
old computer(s) via ERA Console.
1. Disable EraService in Conga (Cluster Administration GUI) under Service groups and ensure that ERA Agent and ERA
Server are stopped on both nodes.
2. Upgrade ERA Server on node1 by performing the following steps:
o Upgrade ERA Server manually to version 6.3 by executing .sudo ./Server-Linux-x86_64.sh command in a
Terminal window
o Replace the old cluster script located at /usr/share/cluster/eracluster_server.sh with the new one found in /
opt/eset/RemoteAdministrator/Server/setup/eracluster_server. Keep the old file name.
o Stop the ERA Server service (stop eraserver) after the upgrade
o Disable ERA Server autostart by renaming the following 2 files:
mv /etc/init/eraserver.conf /etc/init/eraserver.conf.disabled
mv /etc/init/eraserver-xvfb.conf /etc/init/eraserver-xvfb.conf.disabled
o Unmount the shared storage from node1
3. Upgrade ERA Server on node2 by performing the same steps as in previous point 2.
4. Remove old agent from node1 by ferforming the following steps:
o Uninstall old ERA Agent (use the installer script with --uninstall parameter)
o Check whether your system has the following symbolic links
/etc/opt/eset -> /usr/share/erag2cluster/etc/opt/eset
/opt/eset -> /usr/share/erag2cluster/opt/eset
/var/log/eset -> /usr/share/erag2cluster/var/log/eset
/var/opt/eset -> /usr/share/erag2cluster/var/opt/eset
Command to list symbolic links in directory /etc/opt/:
find /etc/opt/ -maxdepth 1 -type l -ls
o If those symbolic links exist, remove them using the commands below
unlink /etc/opt/eset
unlink /opt/eset
unlink /var/log/eset
unlink /var/opt/eset
o Create new symbolic links - for each of them corresponding folder needs to be created first. Use the
commands below:
mkdir -p /etc/opt/eset/RemoteAdministrator
ln -s /usr/share/erag2cluster/etc/opt/eset/RemoteAdministrator/Server /etc/opt/eset/RemoteAdministrat
mkdir -p /opt/eset/RemoteAdministrator
ln -s /usr/share/erag2cluster/opt/eset/RemoteAdministrator/Server /opt/eset/RemoteAdministrator/Serve
mkdir -p /var/log/eset/RemoteAdministrator
ln -s /usr/share/erag2cluster/var/log/eset/RemoteAdministrator/Server /var/log/eset/RemoteAdministrat
mkdir -p /var/opt/eset/RemoteAdministrator
ln -s /usr/share/erag2cluster/var/opt/eset/RemoteAdministrator/Server /var/opt/eset/RemoteAdministrat
151
5.
6.
7.
8.
152
o Unmount the shared storage from this node

Repeat these steps to remove the old ERA Agent from node2.
Start EraService in Conga (Cluster Administration GUI) under Service groups.
Install ERA Agent on both nodes on the local disk (not on the shared cluster disk). When using the --hostname=
command, you must specify the external IP address or hostname of the cluster's interface (not localhost!).
Check ERA Console to see if all nodes are connecting and show as the latest version.
5. Troubleshooting
Since ESET Remote Administrator is a complex product that uses several third-party tools and supports many OS
platforms, there is the potential that you will encounter issues that require troubleshooting.
ESET documentation includes several methods to troubleshoot ESET Remote Administrator, see Answers to
common installation issues to resolve some common issues with ESET Remote Administrator.
Unable to resolve your issue?
Each ERA component has a log file which can be configured to be more or less verbose. Review logs to identify
errors that might explain the issue you are having.
If you are unable to resolve your issue, you can visit the ESET Security Forum and consult the ESET community for
information about issues you may encounter.
When contacting ESET Customer Care, you may be asked by technical support to collect log files - to do so, use
ESET Log Collector or our Diagnostic Tool to collect the necessary logs. We strongly recommend that you include
logs when contacting support to speed up your customer care service request.
5.1 Answers to common installation issues

Expand the section for the error message you want to resolve:
ERA Server
The ERA Server service does not start:
Broken installation
This might be the result of missing registry keys, missing files or invalid file permissions.
The ESET All-in-one installer has its own log file. When installing a component manually, use the MSI Logging
method.
Listening port already used (mostly 2222 and 2223)
Use the appropriate Command for your OS:
Windows:
netstat -an | find "2222"
netstat -an | find "2223"
Linux:
netstat | grep 2222
netstat | grep 2223
Database not running / not reachable

MS SQL Server: verify that port 1433 is available on/to the database server or try to log in to SQL Server
Management Studio
MySQL: verify that port 3306 is available on/to the database server or try to log in to your database interface
(for example using the MySQL command-line interface or phpmyadmin)
Corrupted database
Multiple SQL errors will be shown in the ERA Server log file. We recommend that you restore your database
from a backup. If no backup is present, reinstall ESET Remote Administrator.
Insufficient system resources (RAM, disk space)
Review running processes and system performance:
153
Windows users: run and review information in Task Manager or Event Viewer
Linux users may run any of these commands:
df -h (to review disk space information)
cat /proc/meminfo (to review memory space information)
dmesg (to review your Linux system healh)
Error with ODBC connector during ERA Server installation
Error: (Error 65533) ODBC connector compatibility check failed.
Please install ODBC driver with support for multi-threading.
Reinstall an ODBC driver version that supports multi-threading or reconfigure odbcinst.ini as shown in the
ODBC configuration section.
Error with a database connection during ERA Server installation
Installation of ERA Server finishes with the following error message:
Error: It is not possible to store big blocks of data in the database.
Please reconfigure the database server first.
Error message from the install log:

Error: Execution test of long statement failed with exception:
CMysqlCodeTokenExecutor: CheckVariableInnodbLogFileSize:
Server variables innodb_log_file_size*innodb_log_files_in_group value 100663296 is too low.
Verify that the configuration of your database driver matches that shown as in the ODBC configuration section.
ERA Agent
The message "The database cannot be upgraded. Please remove the product first." is displayed during Agent
uninstallation
Repair ERA Agent:
1. Navigate to Control Panel > Programs and Features and double-click ESET Remote Administrator Agent.
2. Click Next > Repair and follow the instructions.
Are there any other ways how to uninstall ERA Agent?
All possible ways of uninstalling ERA Agent are described in Uninstallation seciton.
Error Code 1603 occurred during the Agent installation
This error can occur when the installer files are not located on the local disk. To fix this copy the installer files
to the local directory and run the installation again. If the files are already present, or the error persists, follow
our Knowledgebase instructions.
Web Console
How to resolve the following error messages in Web Console?
Login Failed, Connection has failed with state of 'Not connected'?
Check to see whether the ERA Server service and your database service are running. Additionally, ensure
that the connection is not broken. If they are not running, restart the services, refresh Web Console and
then try to log in again. Review the log files for your database service (MS SQL, MySQL) for more
information.
Login failed: Communication error
Verify that Apache Tomcat is running and working properly. Review the log files for Apache Tomcat.
154
See our Knowledgebase article for more information on this issue.

ESET Remote Administrator Web Console does not load
In cases where the ESET Remote Administrator Web Console (ERA Web Console) is not running or when the
login screen appears to be constantly loading, follow our Knowledgebase instructions.
How to set up HTTPS/SSL connection to Web Console?
Error message:
Using unencrypted connection! Please configure the webserver to use HTTPS
If you experience problems with the HTTPS connection to Web Console, see HTTPS/SSL connection set up.
Apache HTTP Proxy
Apache HTTP Proxy cache has its size in GigaBytes and it is still growing
If you have installed Apache HTTP Proxy using All-in-one installer, clean-ups are automatically enabled. If
clean-ups are not working correctly, perform a clean-up manually or schedule a clean-up task.
Updates of virus signature database are not working after Apache HTTP Proxy is installed
If client workstations are not able to update, see our Knowledgebase instructions to disable Apache HTTP Proxy
on endpoint workstations for a temporary period. After connection issues are resolved, consider enabling
Apache HTTP Proxy again.
Remote update of ERA Agent fails with error code 20008
If remote update of ERA Agent fails with the following message:
GetFile: Failed to process the HTTP request (error code 20008, url: 'http://repository.eset.com/v1//info.meta')
follow steps I - III in this article to troubleshoot the connection issue. In case the machine on which ERA Agent
is supposed to be updated is outside your corporate network, configure a policy for ERA Agent not to use a
proxy to connect to repository when outside the corporate network.
ESET Rogue Detector Sensor
Why is the following error message continuously logged in ESET Rogue Detector's trace.log?
Information: CPCAPDeviceSniffer [Thread 764]:
CPCAPDeviceSniffer on rpcap://\Device\NPF_{2BDB8A61-FFDA-42FC-A883-CDAF6D129C6B} throwed error:
Device open failed with error:Error opening adapter: The system cannot find the device specified. (20)
This is a problem with WinPcap. Stop the ESET Rogue Detector Sensor service, reinstall the latest version of
WinPcap (at least 4.1.0) and restart the ESET Rogue Detector Sensor service.
Linux
Missing libQtWebKit dependecy on CentOS Linux
If the following error is displayed:
Error: CReportPrinterModule [Thread 7f5f4c7b8700]:
ReportPrinter: ReportPrinterTool exited with:
/opt/eset/RemoteAdministrator/Server//ReportPrinterTool:
error while loading shared libraries: libQtWebKit.so.4:
cannot open shared object file: No such file or directory [code:127]
Follow the instructions in our Knowledgebase article.

ERA Server installation on CentOS 7 has failed
If the following error is displayed:
155
Error: DbCheckConnection: locale::facet::_S_create_c_locale name not valid
The issue is probably caused by environment/locale settings. Running the following command before the
server installer script should help:
export LC_ALL="en_US.UTF-8"
Microsoft SQL Server

Error code -2068052081 during Microsoft SQL Server installation?
Restart your computer and run setup again. If the issue persists, uninstall the SQL Server Native Client and run
installation again. If this does not resolve the issue, uninstall all Microsoft SQL Server products, restart your
computer, and then run installation again.
Error code -2067922943 during Microsoft SQL Server installation?
Verify that your system meets the database requirements for ERA.
5.2 Log files

Each ESET Remote Administrator component performs logging. ERA components write information about certain
events into log files. The location of log files varies depending on the component. The following is a list of log file
locations:
Windows
ERA Server
C:\ProgramData\ESET\RemoteAdministrator\Server
\EraServerApplicationData\Logs\
ERA Agent
C:\ProgramData\ESET\RemoteAdministrator\Agent
\EraAgentApplicationData\Logs\
ERA Web Console and Apache Tomcat
C:\Program Files\Apache Software Foundation\Tomcat 7.0\Logs

See also https://tomcat.apache.org/tomcat-7.0-doc/logging.html
C:\ProgramData\ESET\RemoteAdministrator\MDMCore\Logs\
ERA Proxy
C:\ProgramData\ESET\RemoteAdministrator\Proxy
\EraProxyApplicationData\Logs\
ERA Rogue Detection Sensor
C:\ProgramData\ESET\Rogue Detection Sensor\Logs\
Apache HTTP Proxy
C:\Program Files\Apache HTTP Proxy\logs\

C:\Program Files\Apache HTTP Proxy\logs\errorlog
on older Windows operating systems
C:\Documents and Settings\All Users\Application Data\ESET\...
NOTE: C:\ProgramData is hidden by default.
To display the folder...
1. Navigate to Start > Control Panel > Folder Options > View.
2. Select Show hidden files, folders and drives and click OK.
156
Linux
ERA Server
/var/log/eset/RemoteAdministrator/Server/
/var/log/eset/RemoteAdministrator/EraServerInstaller.log
ERA Agent
/var/log/eset/RemoteAdministrator/Agent/
/var/log/eset/RemoteAdministrator/EraAgentInstaller.log
/var/log/eset/RemoteAdministrator/MDMCore/
/var/log/eset/RemoteAdministrator/MDMCore/Proxy/
Apache HTTP Proxy
/var/log/httpd/
ERA Web Console and Apache Tomcat
/var/log/tomcat6/ or /var/log/tomcat7/ or /var/log/tomcat8/

See also https://tomcat.apache.org/tomcat-7.0-doc/logging.html
ERA Proxy
/var/log/eset/RemoteAdministrator/Proxy/
ERA RD Sensor
/var/log/eset/RogueDetectionSensor/
ERA Virtual Appliance

ERA VA configuration
/root/appliance-configuration-log.txt
ERA Server
/var/log/eset/RemoteAdministrator/EraServerInstaller.log
Apache HTTP Proxy
/var/log/httpd (newer versions of ERA Virtual Appliance)

/opt/apache/logs/ (older versions of ERA Virtual Appliance, 6.3.12 and
below)
OS X
/Library/Application Support/com.eset.remoteadministrator.agent/Logs/
/Users/%user%/Library/Logs/EraAgentInstaller.log
157
5.3 Diagnostic Tool

The diagnostic tool is a part of all ERA components. It is used to collect and pack logs that can be used by technical
support agents and developers to solve problems with product components.
Diagnostic Tool location
Windows
Folder C:\Program Files\ESET\RemoteAdministrator\<product>\ Diagnostic.exe.
Linux
In the following directory on the server: /opt/eset/RemoteAdministrator/<product>/ , there is a
Diagnostic<product> executable (one word, for example, DiagnosticServer, DiagnosticAgent)
Usage (Windows)
1. Run the tool using a Command Prompt.
2. Enter the location of log files to be stored (in our example "logs") and press Enter.
3. Enter the information you want to gather (in our example 1
information.
trace status 3 ). See
Actions below for more
4. When your ar finished, you can find the log files compressed in a .zip file in the "logs" directory in the
Diagnostic Tool location.
158
Actions
ActionEraLogs - A logs folder is created where all logs are saved. To specify certain logs only, use a space to
separate each log.
ActionGetDumps - A new folder is created. A process dump file is generally created in cases where a problem
was detected. When a serious problem is detected, a dump file is created by system. To check it manually, go to
the folder %temp% (in Windows) or folder /tmp/ (in Linux) and insert a dmp file.
NOTE: The component service (Agent, Proxy, Server, RD Sensor, FileServer) must be running.
ActionGeneralApplicationInformation - The GeneralApplicationInformation folder is created and inside it the
file GeneralApplicationInformation.txt. This file contains text information including the product name and
product version of the currently installed product.
ActionConfiguration - A configuration folder is created where file storage.lua is saved.
5.4 Problems after upgrade/migration of ERA Server

If you are unable to start the ESET Remote Administrator Server service because of a damaged installation and
unknown log file error messages, perform a repair operation using the steps shown below:
WARNING: We recommend that you perform a Database Server Backup before you begin the repair operation.
1. Navigate to Start > Control Panel > Program and Features and double-click ESET Remote Administrator Server.
2. Select Repair and click Next.
3. Reuse your existing database connection settings and click Next. Click Yes if you are prompted for
confirmation.
4. Select Use Administrator password already stored in the database and click Next.
5. Select Keep currently existing certificates and click Next.
159
6. Click Repair.
7. Connect to Web Console again and check if everything is OK.
Other troubleshooting scenarios:

ERA Server is not running but there is a database backup:
1. Restore your database backup.
2. Verify the new machine uses the same IP address or hostname as your previous installation to ensure Agents
will connect.
3. Repair ESET Remote Administrator Server and use the database you restored.
ERA Server is not running but you have the exported server certificate and Certification Authority from it:
1. Verify the new machine uses the same IP address or hostname as your previous installation to ensure Agents
will connect.
2. Repair ESET Remote Administrator Server using backup certificates (when repairing, select Load certificates
from file and follow the instructions).
ERA Server is not running and you do not have a database backup or ERA Server Certificate and Certification
authority:
1. Repair ESET Remote Administrator Server.
2. Repair ERA Agents using one of the following methods:
160
Agent live installer

Remote deployment (this will require you to disable the firewall on target machines)
Manual Agent component installer
5.5 MSI Logging

This is useful if you are not able to install an ERA component on Windows properly, for example ERA Agent:
msiexec /i C:\Users\Administrator\Downloads\Agent-1.0.373.0_x64.msi /L*v log.txt
161
6. First Steps
After you have successfully installed ESET Remote Administrator you can begin setting things up.
First, open ERA Web Console in your web browser and log in.
Getting to know ERA Web Console
Before you begin initial setup, we recommend that you get to know the ERA Web Console, as it is the interface
used to manage ESET security solutions. Our Post-Installation Tasks will guide you through recommended steps
for an optimal setup experience.
User account creation
During installation you create the default administrator account. We recommend that you save the
Administrator account and create a new account to manage clients and configure their permissions.
Adding client computers, servers and mobile devices on your network to ERA
During installation, you can choose to search your network for computers (clients). All clients found will be
listed in the Computers section when you start ESET Remote Administrator. If clients are not shown in the
Computers section, run a Static Group Synchronization task to search for computers and show them in groups.
Deploying an Agent
Once client computers are found, deploy the Agent to them. The Agent provides communication between ESET
Remote Administrator and clients.
Installing ESET product (including activation)
To keep your clients and network secure, use the Software Install task to install ESET products.
Creating/editing groups
We recommend that you sort clients into static or dynamic Groups based on various criteria. This makes
managing clients easier and helps you keep an overview of your network.
Creating a new policy
Policies allow you to push specific configurations to ESET products on your client computers. This allows you to
avoid configuring each client's ESET product manually. Once you have created a new policy with your custom
configuration, you can assign it to a group (either static or dynamic) to apply your custom settings to all the
computers in that group.
Assigning policy to a group
As explained above, in order for a policy to be applied it needs to be assigned to a group. Computers that belong
to the group will have the policy applied to them. The policy is applied every time an Agent connects to ERA
Server.
Setting up Notifications and creating Reports
To keep a better overview of what is going on with client computers in your environment, we recommend that
you use notifications and reports. For example, if you want to be notified that a certain event occurred or want
to see or download a report.
6.1 Opening the ERA Web Console

There are multiple ways to open the ERA Web Console:
On your local server (the machine hosting your Web Console) type this URL into the web browser:
https://localhost/era/
From any place with internet access to your web server, type the URL in following format:
https://yourservername/era/
Replace "yourservername" with the actual name or IP address of your web server.
162
To log into the ERA Virtual appliance, use following URL:

https://[IP address]:8443/
Replace "[IP address]" with the IP address of your ERA VM. If you do not remember the IP address, see step 9 of
Virtual appliance deployment instructions.
On your local server (the machine hosting your Web Console), click Start > All Programs > ESET > ESET Remote
Administrator > ESET Remote Administrator Webconsole - a login screen will open in your default web browser.
This does not apply to the ERA Virtual appliance.
NOTE: Since the Web Console uses secure protocol (HTTPS), you might get a message in your web browser
regarding a security certificate or untrusted connection (exact wording of the message depends on the browser you
are using). This is because your browser wants you to verify the identity of the site you are trying to access. Click
Continue to this website (Internet Explorer) or I Understand the Risks, click Add Exception... and then click Confirm
Security Exception (Firefox) to allow access to the ERA Web Console. This only applies when you're trying to access
the ESET Remote Administrator Web Console URL.
When web server (that runs ERA Web Console) is up, the following screen is displayed.
If this is your first login, please provide the credentials you entered during the Installation process. For more details
about this screen, see Web Console login screen.
NOTE: In the rare case that you do not see the login screen or when the login screen appears to be constantly
loading, restart the ESET Remote Administrator Server service. Once the ESET Remote Administrator Server service is
up and running again, restart the Apache Tomcat service. After this, the Web Console login screen will load
successfully.
163
7. ESET Remote Administrator API

The ESET Remote Administrator ServerApi ( ServerApi.dll) is an application programming interface; a set of
functions and tools for building custom software applications to meet your needs and specifics. Using the ServerApi,
your application can provide a custom interface, functionality and operations you would normally perform via ERA
Web Console, such as managing ESET Remote Administrator, generating and receiving reports, etc.
For more information and examples in C language and list of available JSON messages, please refer to the following
Online help:
http://help.eset.com/era/63/api/
164
8. FAQ
Why are we installing Java on a server? Doesnt this create a security risk? The majority of all security companies
and security frameworks recommend you uninstall Java from computers and especially from servers.
ERA Web Console requires Java to function. Java is an industry standard for web-based consoles, where all major
web consoles are using Java and Web Server (Apache Tomcat) for their operation. Java is necessary to support a
multi-platform web server.
Although ERA Web Console requires at least Java version 7, we strongly recommend you use the latest officially
released version of Java. It is possible to install Web Server on a dedicated machine, in case the security is a risk.
How do I determine which port the SQL Sever is using?

There are multiple ways to determine the port used by the SQL Server. You can get the most accurate result via the
SQL Server Configuration Manager. See the figure below for an example of where to locate this information in SQL
Configuration Manager:
After installing SQL Server Express (included in my ERA package) on my Windows Server 2012 it does not appear to
be listening on a standard SQL port. It is most likely listening to a port other than the default, port 1433.
How do I configure MySQL to accept large packet size?

See MySQL installation and configuration for Windows or Linux.
165
If I install SQL myself, how should I create a database for ERA?

You do not have to. A database is created by the Server.msi installer, not by the ERA Installer. The ERA Installer is
included to simplify steps for you, it installs the SQL Server and then database is created by the server.msi installer.
Why is my ERA installation failing during database setup? I have binary logging enabled in MySQL.
A: ERA v6.2 does not support MySQL databases with binary log enabled at all. Please disable binary log in MySQL
or use a newer version of ERA.
A: ERA v6.3 does not support STATEMENT based binary log format. Please use ROW or MIXED binary log formats.
For more information on MySQL binary logs, see https://dev.mysql.com/doc/refman/5.6/en/binary-log.html and
https://dev.mysql.com/doc/refman/5.6/en/replication-options-binary-log.html#sysvar_binlog_format
Can ERA Installer create a new database for me in an existing SQL Server installation, if I give it the proper SQL
Server connection details and credentials? It would be convenient if the installer supported different versions of
SQL Server (2008, 2014, etc.).
Database is created by Server.msi. So, yes, it can create an ERA database for you on individually installed SQL Server
instances. And yes, the supported versions of SQL Server are 2008, 2012, 2014.
If installing on an existing SQL Server, should the SQL Server use built-in Windows Authentication mode by default?
No, because Windows Authentication mode can be disabled on the SQL Server and the only way to log in is to use
SQL Server Authentication (entering a Username and Password). You must use the SQL Server Authentication or
Mixed Mode. When manually installing the SQL Server, we recommend you create a root password (root user is
named sa, which stands for security admin) and store it for later in a safe place. The root password may be needed
when upgrading the ERA Server.
Can I use MariaDB instead of MySQL?

MariaDB is a default database in many Linux environments, however, it is not supported by <%
ESET_REMOTE_ADMINISTRATOR%>! Please make sure to install MySQL for <%ESET_REMOTE_ADMINISTRATOR%> to
work properly.
I had to install Microsoft .NET Framework 3.5 as ERA Installer pointed me to (http://www.microsoft.com/en-us/
download/details.aspx?id=21), but that did not work on a fresh installation of Windows Server 2012 R2 with SP1.
This installer cannot be used on Windows Server 2012 because of the Windows Server 2012 security policy.
Microsoft .NET Framework must be installed via the Roles and Features Wizard.
Microsoft .NET 4.5 framework was already installed on my system. I had to use the Roles and Features Wizard to add
.NET 3.5. Why doesn't ESET Remote Administrator support .NET 4.5?
Because .NET 4.5 is not backwards compatible with .NET 3.5, which is a prerequisite of the SQL Server installer.
166
It is very difficult to tell whether the SQL Server installation is running. How can I tell what is happening if the
installation takes more than 10 minutes?
The SQL Server installation can, in rare cases, take up to 1 hour. Install times depend on system performance.
How do I reset the Administrator password for my Web Console (entered during set up)?
It is possible to reset the password by running the server installer and choosing Repair. Be aware the password may
be required to gain access to the ERA database if you did not use Windows Authentication during creation of the
database.
NOTE: Please be careful, some of the repair options can potentially remove stored data.
When importing a file containing a list of computers to add to ERA, what is the format required for the file?
See FAQs in the Administrator guide.
Can you use IIS instead of Apache? What about another HTTP server?
IIS is an HTTP server. The web console needs a Java servlet container (like Tomcat) to run, the HTTP server is not
sufficient. There have been solutions about how to change IIS into a Java servlet container, but in general, this is not
supported.
NOTE: We do not use Apache HTTP Server, we use Apache Tomcat, which is a different product.
Does ERA have a command-line interface?

Yes, we have the ESET Remote Administrator ServerApi.
Can you install ERA on a domain controller?

The ERA Server application can be installed on a domain controller, but there may be restrictions when installing MS
SQL on Windows Domain Controller.
Is there any way to use the wizard for installing on a domain controller?
You can use the wizard but you have to uncheck the installation of the SQL in the component selection window.
167
Will the ERA server installation detect if SQL is already installed on the system? What happens if it does? What
about MySQL?
ERA will check for SQL running on a system in case you are using the installation wizard and you have selected SQL
express to install. In the event there is already an SQL running on a system, the wizard will display a notification to
uninstall the existing SQL, and then run the installation again, or to install ERA without SQL Express. See database
requirements for ERA.
Where can I find ERA component mapping by release version of ERA?

See our Knowledgebase article: http://support.eset.com/kb3690/
How do I perform a component-based upgrade of ESET Remote Administrator 6.1.21, 6.1.28 or 6.2.11 to the latest
version?
Windows OS: http://support.eset.com/kb3668/
Linux OS: http://support.eset.com/kb3670/
How can I update a system without an Internet connection?

Using HTTP proxy installed on a machine that can connect to the ESET update servers (where update files are
cached) and pointing Endpoints to that HTTP proxy on a local network. If your server does not have an Internet
connection, you can enable the mirror feature of the Endpoint product on one machine, use a USB drive to deliver
update files to this computer and configure all other offline computers to use it as an update server.
How do I reinstall my ERA Server and connect it to an existing SQL server if the SQL server was set up automatically
by the initial ERA install?
If you are installing the new instance of the ERA Server using the same user account (for example, a domain
administrators account) under which you have installed the original ERA server, you can use MS SQL Server via
Windows Authentication.
How do I fix issues with Active Directory sync on Linux?

Verify your domain name is entered in all capital letters ( administrator@TEST.LOCAL instead of
administrator@test.local ).
Is there a way to use my own network resource (like SMB share) instead of the repository?
You can choose to provide the direct URL where a package is located. If you are using a file share, specify it in a
following format: file:// followed by the full network path to the file, for example:
file://\\eraserver\install\ees_nt64_ENU.msi
168
How do I reset or change my password?

Ideally, the administrator account should only be used to create accounts for individual admins. Once admin
accounts are created, the administrator password should be saved and the administrator account should not be
used. This practice allows for the administrator account to be used for password reset/account details only.
How to reset the password of a built-in ERA Administrator account:
1.
2.
3.
4.
5.
6.
7.
Open Programs and Features (run appwiz.cpl), locate ESET Remote Administrator Server and right-click.
Select Change from the context menu.
Choose Repair.
Specify database connection details.
Select Use existing database and apply upgrade.
Deselect Use password already Stored in database and enter a new password.
Log into the ERA Web Console with your new password.
NOTE: We strongly recommend you create additional accounts with specific access rights based on your desired
account competencies.
How do I change ERA Server and ERA Web Console ports?

It is necessary to change the port in your webserver configuration to allow webserver connections to the new port.
To do so, follow the steps below:
1. Shut down your webserver.
2. Modify the port in your webserver configuration.
a) Open the file webapps/era/WEB-INF/classes/sk/eset/era/g2webconsole/server/modules/config/
EraWebServerConfig.properties
b) Set the new port number (for example, server_port=44591)
3. Start the webserver again.
169
How do I migrate my ERA Server to a new system?

For details on how to perform a migration, see
Upgrade from previous ERA version
or our ESET Knowledgebase article: How do I upgrade ESET Remote Administrator 5 to version 6?
Can I upgrade from ERA v.5/v.4 to v.6 directly via All-in-one installer?
The direct upgrade is not supported, we recommend you use migration tool. For more details, please review
Upgrade from previous ERA version and our ESET Knowledgebase article: How do I upgrade ESET Remote
Administrator 5 to version 6?
I am receiving error messages or have problems with ESET Remote Administrator, what should I do?
See Troubleshooting FAQs.
170

Eset Era 63 Era Install Enu Guia de Instalacion Del Antivirus ESET Nod32 Endpoint

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Eset Era 63 Era Install Enu Guia de Instalacion Del Antivirus ESET Nod32 Endpoint

Uploaded by

Copyright:

Available Formats

ESET

ESET REMOTE ADMINISTRATOR 6

2016 by ESET, spol. s r.o.

2.2 Supported Desktop Provisioning

2.6 Supported Web browsers for ERA Web

4. Upgrade, migration and reinstallation

4.4 Upgrade ERA installed in Failover

4.7 Change of IP address or hostname on

1.2.2 Web Console

The benefits are:

1.2.5 Rogue Detection Sensor

1.2.6 Mobile Device Connector

1.2.7 Apache HTTP Proxy

1.3.1 Single Server (Small Business)

1.3.2 Remote Branches with Proxies

1.3.3 High Availability (Enterprise)

1.3.4 Practical deployment examples (Windows)

TEST CASE (100,000 CLIENTS)

1.4 Supported products and languages

ESET Endpoint Security for Windows

6.x & 5.x

6.x - License Key

ESET Endpoint Antivirus for Windows

6.x & 5.x

ESET Endpoint Security for OS X

6.x - License Key

Manageable via ESET Remote Administrator 6

ESET NOD32 Antivirus 4 Business Edition for Linux Desktop

1.5 Differences to version 5

Web Console (browser-based)

Console (Windows application)

Server, Web Console (web interface, Server and Console (Windows

Using Rogue Detection Sensor

Using Network Search Task

Possible remote deployment of ERA

Directly, live progress tracking

Remote installation methods

Remote push installation, live

Support for ESET business products

Redesigned policy editor, with

Rich reporting kit allows you to create

Separate report set for web-based

Apache HTTP Proxy acts as a

Mirror functionality allows you to

Windows, Linux, Mac and Virtual

MSSQL Express (default), MSSQL,

ODBC-connected MSAccess (default),

2.1 Supported Operating Systems

Windows Home Server 2003 SP2

Windows Server 2003 x86 SP2

Windows Server 2008 x64 R2 SP1

Windows Server 2012 x64

Microsoft SBS 2003 x86 SP2 **

Windows XP x86 SP3

Windows Vista x86 SP2

Windows 7 x86 SP1

Windows 8.1 x86

Ubuntu 12.04 LTS x86 Desktop

2.2 Supported Desktop Provisioning Environments

Persistent has a personalization layer that will capture

Non-persistent drops the personalization layer after each

At least 10 GB of free space

x86 Processor: 1.0 GHz