9 ответов в этой теме

[d_maI]

После смены настроек агента для группы Everyone (а именно интерфейс-оповещение об угрозах) и распространения на группу Everyone, произошла "ошибка открытого ключа агента". Теперь из 100 пользователей к серверу подключаются только 3. У всех остальных пользователей агенты выдают: "ошибка соединения с сервером". На самих агентах стоит запрет на изменение настроек, а в консоли управления сервером они показаны как неактивные, так что настройки на них поменять не представляется возможным!

Кто может сталкивался с подобным??? 

P.S. Сразу прикреплю лог агента

Прикрепленные файлы:

•  dwservice.log   3,82Мб   3 Скачано раз

[d_maI]

И в добавок вырезка из лога сервера

0171208.115335.88 tr0 [01926 01978] wrk:2  [Layer/Listener] Activation connection #26

20171208.115335.88 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.17.57:53980: snd <0 PROTOCOL 2 23 AGENT,INSTALL,MSNAPSHV,CRYPT,IPTRANSF,IEXREADY>

20171208.115335.88 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.17.57:53980: rcv <0 PROTOCOL 2 33 AGENT,CRYPT>

20171208.115335.88 tr3 [01926 01981] wrk:5  [Layer/Proto] tcp://192.168.17.57:53980/pc: Requested capabilities is AGENT,CRYPT

20171208.115335.88 tr3 [01926 01981] wrk:5  [Layer/Proto] tcp://192.168.17.57:53980/pc: Requested for "AGENT" client

20171208.115335.88 inf [01926 01981] wrk:5  tcp://192.168.17.57:53980/pc: Further protocol version 2.33

20171208.115335.88 tr3 [01926 01981] wrk:5  tcp://192.168.17.57:53980/pc: Will not use compressed channel (local settings)

20171208.115335.88 tr3 [01926 01981] wrk:5  [Layer/Client] tcp://192.168.17.57:53980/pc: Will use non-compressed channel

20171208.115335.88 tr3 [01926 01981] wrk:5  tcp://192.168.17.57:53980/pc: Will use crypted channel (mandatory)

20171208.115335.88 tr3 [01926 01981] wrk:5  [Layer/Client] tcp://192.168.17.57:53980/pc: Will use encrypted channel

20171208.115335.88 tr3 [01926 01981] wrk:5  [Layer/Proto] <unbound>: Swapped with client tcp://192.168.17.57:53980 for proto "AGENT"

20171208.115335.88 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.17.57:53980: snd <1 SIGNATURE 5e48485c ac795124 e90d04ad 0c93bf08 79375008 dd85c28b b572b449 e154dbbd ca755e8a 25ca5546 c39b2ea9 cecd28d2 0adc2f10 a453b794 599b9c23 82c990b6 738cf1cd 144e2a40 0cfc7709 28531cf8 cff16e05 a3177ff0 133217fa 339333ac>

20171208.115335.88 tr3 [01926 01982] net:1  [Layer/Transport] tcp://192.168.17.57:53980: new idle timeout set to 00:02:00

20171208.115335.88 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.17.57:53980: rcv <1 VIOLATION invalid%Sserver%Ssignature>

20171208.115335.88 ERR [01926 01978] wrk:2  [Layer/Common] tcp://192.168.17.57:53980: Client detected VIOLATION: invalid server signature

20171208.115335.88 tr0 [01926 01979] wrk:3  [Layer/Common] tcp://192.168.17.57:53980: Requested for disconnect

20171208.115335.88 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.17.57:53980: rcv <2 STOP>

20171208.115335.88 tr3 [01926 01978] wrk:2  [Layer/Transformation] tcp://192.168.17.57:53980(dead): all filter removed from incoming and outcoming streams

20171208.115335.88 tr0 [01926 01978] wrk:2  [Layer/Common] tcp://192.168.17.57:53980: disconnect occured

20171208.115336.50 tr0 [01926 01982] net:1  [Net2/Server] tcp://192.168.168.35:2193: new connection "tcp://192.168.15.129:49868" accepted

20171208.115336.50 tr0 [01926 01981] wrk:5  [Layer/Listener] Activation connection #26

20171208.115336.51 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.15.129:49868: snd <0 PROTOCOL 2 23 AGENT,INSTALL,MSNAPSHV,CRYPT,IPTRANSF,IEXREADY>

20171208.115336.51 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.15.129:49868: rcv <0 PROTOCOL 2 33 AGENT,CRYPT>

20171208.115336.51 tr3 [01926 01980] wrk:4  [Layer/Proto] tcp://192.168.15.129:49868/pc: Requested capabilities is AGENT,CRYPT

20171208.115336.51 tr3 [01926 01980] wrk:4  [Layer/Proto] tcp://192.168.15.129:49868/pc: Requested for "AGENT" client

20171208.115336.51 inf [01926 01980] wrk:4  tcp://192.168.15.129:49868/pc: Further protocol version 2.33

20171208.115336.51 tr3 [01926 01980] wrk:4  tcp://192.168.15.129:49868/pc: Will not use compressed channel (local settings)

20171208.115336.51 tr3 [01926 01980] wrk:4  [Layer/Client] tcp://192.168.15.129:49868/pc: Will use non-compressed channel

20171208.115336.51 tr3 [01926 01980] wrk:4  tcp://192.168.15.129:49868/pc: Will use crypted channel (mandatory)

20171208.115336.51 tr3 [01926 01980] wrk:4  [Layer/Client] tcp://192.168.15.129:49868/pc: Will use encrypted channel

20171208.115336.51 tr3 [01926 01980] wrk:4  [Layer/Proto] <unbound>: Swapped with client tcp://192.168.15.129:49868 for proto "AGENT"

20171208.115336.51 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.15.129:49868: snd <1 SIGNATURE 5e48485c ac795124 e90d04ad 0c93bf08 79375008 dd85c28b b572b449 e154dbbd ca755e8a 25ca5546 c39b2ea9 cecd28d2 0adc2f10 a453b794 599b9c23 82c990b6 738cf1cd 144e2a40 0cfc7709 28531cf8 cff16e05 a3177ff0 133217fa 339333ac>

20171208.115336.51 tr3 [01926 01983] net:2  [Layer/Transport] tcp://192.168.15.129:49868: new idle timeout set to 00:02:00

20171208.115336.51 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.15.129:49868: rcv <1 VIOLATION invalid%Sserver%Ssignature>

20171208.115336.51 ERR [01926 01981] wrk:5  [Layer/Common] tcp://192.168.15.129:49868: Client detected VIOLATION: invalid server signature

20171208.115336.51 tr0 [01926 01981] wrk:5  [Layer/Common] tcp://192.168.15.129:49868: Requested for disconnect

20171208.115336.51 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.15.129:49868(dead): rcv <2 STOP>

20171208.115336.51 tr3 [01926 01979] wrk:3  [Layer/Transformation] tcp://192.168.15.129:49868(dead): all filter removed from incoming and outcoming streams

20171208.115336.51 tr0 [01926 01979] wrk:3  [Layer/Common] tcp://192.168.15.129:49868: disconnect occured

20171208.115336.87 tr0 [01926 01982] net:1  [Net2/Server] tcp://192.168.168.35:2193: new connection "tcp://192.168.11.200:50797" accepted

20171208.115336.87 tr0 [01926 01980] wrk:4  [Layer/Listener] Activation connection #26

20171208.115336.87 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.11.200:50797: snd <0 PROTOCOL 2 23 AGENT,INSTALL,MSNAPSHV,CRYPT,IPTRANSF,IEXREADY>

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.11.200:50797: rcv <0 PROTOCOL 2 33 AGENT,CRYPT>

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/Proto] tcp://192.168.11.200:50797/pc: Requested capabilities is AGENT,CRYPT

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/Proto] tcp://192.168.11.200:50797/pc: Requested for "AGENT" client

20171208.115336.87 inf [01926 01979] wrk:3  tcp://192.168.11.200:50797/pc: Further protocol version 2.33

20171208.115336.87 tr3 [01926 01979] wrk:3  tcp://192.168.11.200:50797/pc: Will not use compressed channel (local settings)

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/Client] tcp://192.168.11.200:50797/pc: Will use non-compressed channel

20171208.115336.87 tr3 [01926 01979] wrk:3  tcp://192.168.11.200:50797/pc: Will use crypted channel (mandatory)

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/Client] tcp://192.168.11.200:50797/pc: Will use encrypted channel

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/Proto] <unbound>: Swapped with client tcp://192.168.11.200:50797 for proto "AGENT"

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.11.200:50797: snd <1 SIGNATURE 5e48485c ac795124 e90d04ad 0c93bf08 79375008 dd85c28b b572b449 e154dbbd ca755e8a 25ca5546 c39b2ea9 cecd28d2 0adc2f10 a453b794 599b9c23 82c990b6 738cf1cd 144e2a40 0cfc7709 28531cf8 cff16e05 a3177ff0 133217fa 339333ac>

20171208.115336.87 tr3 [01926 01982] net:1  [Layer/Transport] tcp://192.168.11.200:50797: new idle timeout set to 00:02:00

20171208.115336.87 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.11.200:50797: rcv <1 VIOLATION invalid%Sserver%Ssignature>

20171208.115336.87 ERR [01926 01980] wrk:4  [Layer/Common] tcp://192.168.11.200:50797: Client detected VIOLATION: invalid server signature

20171208.115336.87 tr0 [01926 01980] wrk:4  [Layer/Common] tcp://192.168.11.200:50797: Requested for disconnect

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.11.200:50797(dead): rcv <2 STOP>

20171208.115336.87 tr3 [01926 01979] wrk:3  [Layer/Transformation] tcp://192.168.11.200:50797(dead): all filter removed from incoming and outcoming streams

20171208.115336.87 tr0 [01926 01979] wrk:3  [Layer/Common] tcp://192.168.11.200:50797: disconnect occured

20171208.115337.16 tr0 [01926 01983] net:2  [Net2/Server] tcp://192.168.168.35:2193: new connection "tcp://192.168.11.192:2146" accepted

20171208.115337.16 tr0 [01926 01981] wrk:5  [Layer/Listener] Activation connection #26

20171208.115337.16 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.11.192:2146: snd <0 PROTOCOL 2 23 AGENT,INSTALL,MSNAPSHV,CRYPT,IPTRANSF,IEXREADY>

20171208.115337.16 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.11.192:2146: rcv <0 PROTOCOL 2 33 AGENT,CRYPT>

20171208.115337.16 tr3 [01926 01979] wrk:3  [Layer/Proto] tcp://192.168.11.192:2146/pc: Requested capabilities is AGENT,CRYPT

20171208.115337.16 tr3 [01926 01979] wrk:3  [Layer/Proto] tcp://192.168.11.192:2146/pc: Requested for "AGENT" client

20171208.115337.16 inf [01926 01979] wrk:3  tcp://192.168.11.192:2146/pc: Further protocol version 2.33

20171208.115337.16 tr3 [01926 01979] wrk:3  tcp://192.168.11.192:2146/pc: Will not use compressed channel (local settings)

20171208.115337.16 tr3 [01926 01979] wrk:3  [Layer/Client] tcp://192.168.11.192:2146/pc: Will use non-compressed channel

20171208.115337.16 tr3 [01926 01979] wrk:3  tcp://192.168.11.192:2146/pc: Will use crypted channel (mandatory)

20171208.115337.16 tr3 [01926 01979] wrk:3  [Layer/Client] tcp://192.168.11.192:2146/pc: Will use encrypted channel

20171208.115337.16 tr3 [01926 01979] wrk:3  [Layer/Proto] <unbound>: Swapped with client tcp://192.168.11.192:2146 for proto "AGENT"

20171208.115337.16 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.11.192:2146: snd <1 SIGNATURE 5e48485c ac795124 e90d04ad 0c93bf08 79375008 dd85c28b b572b449 e154dbbd ca755e8a 25ca5546 c39b2ea9 cecd28d2 0adc2f10 a453b794 599b9c23 82c990b6 738cf1cd 144e2a40 0cfc7709 28531cf8 cff16e05 a3177ff0 133217fa 339333ac>

20171208.115337.16 tr3 [01926 01983] net:2  [Layer/Transport] tcp://192.168.11.192:2146: new idle timeout set to 00:02:00

20171208.115337.16 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.11.192:2146: rcv <1 VIOLATION invalid%Sserver%Ssignature>

20171208.115337.16 ERR [01926 01981] wrk:5  [Layer/Common] tcp://192.168.11.192:2146: Client detected VIOLATION: invalid server signature

20171208.115337.16 tr0 [01926 01981] wrk:5  [Layer/Common] tcp://192.168.11.192:2146: Requested for disconnect

20171208.115337.16 tr3 [01926 01981] wrk:5  [Layer/Transformation] tcp://192.168.11.192:2146(dead): all filter removed from incoming and outcoming streams

20171208.115337.16 tr0 [01926 01981] wrk:5  [Layer/Common] tcp://192.168.11.192:2146: disconnect occured

20171208.115337.43 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.11.161:50691/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115337.43 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.11.161:50691/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115338.61 tr3 [01926 01977] wrk:1  [Layer/Common] tcp://192.168.15.120:50827/st: Ping restart requested with sending

20171208.115338.61 tr3 [01926 01977] wrk:1  [Layer/TextProto] tcp://192.168.15.120:50827: snd <169 PING 6364832001861309541>

20171208.115338.62 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.15.120:50827: rcv <189 PONG 6364832001861309541 6364832001877887780>

20171208.115338.62 tr3 [01926 01978] wrk:2  tcp://192.168.15.120:50827/st: Pong round trip time is 8ms

20171208.115341.41 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.15.103:56002/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115341.41 tr3 [01926 01981] wrk:5  [Update] tcp://192.168.11.223:56554/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115341.41 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.15.103:56002/st: Product "10-drwgatedb" revision "20171208081022" is up-to-date

20171208.115341.41 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.15.103:56002/st: Product "10-drwspamdb" revision "20171207231020" is up-to-date

20171208.115341.41 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.15.103:56002/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115341.41 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.11.210:2093/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115341.41 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.11.191:54873/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115341.41 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.11.191:54873/st: Product "10-drwgatedb" revision "20171208081022" is up-to-date

20171208.115341.41 tr3 [01926 01979] wrk:3  [Update] tcp://192.168.15.121:2607/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115341.41 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.11.191:54873/st: Product "10-drwspamdb" revision "20171207231020" is up-to-date

20171208.115341.41 tr3 [01926 01979] wrk:3  [Update] tcp://192.168.15.121:2607/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115341.41 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.11.191:54873/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115341.41 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.11.210:2093/st: Product "10-drwgatedb" revision "20171208081022" is up-to-date

20171208.115341.41 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.11.210:2093/st: Product "10-drwspamdb" revision "20171207231020" is up-to-date

20171208.115341.41 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.11.210:2093/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115341.41 tr3 [01926 01981] wrk:5  [Update] tcp://192.168.11.223:56554/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115341.90 tr3 [01926 01979] wrk:3  [Update] tcp://192.168.11.230:65152/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115341.90 tr3 [01926 01979] wrk:3  [Update] tcp://192.168.11.230:65152/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115342.67 tr3 [01926 01979] wrk:3  [Layer/Common] tcp://192.168.15.125:50853/st: Ping restart requested with sending

20171208.115342.67 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.15.125:50853: snd <159 PING 6364832002267145652>

20171208.115342.67 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.15.125:50853: rcv <183 PONG 6364832002267145652 6364832004357837150>

20171208.115342.67 tr3 [01926 01980] wrk:4  tcp://192.168.15.125:50853/st: Pong round trip time is 2ms

20171208.115342.72 tr3 [01926 02053] wwr:2  [Script] Adding '/opt/drwcs/ds-modules/?;/opt/drwcs/ds-modules/?.ds' into path (composite)

20171208.115342.72 tr3 [01926 02053] wwr:2  [Script] Adding '/opt/drwcs/webmin/esuite/?;/opt/drwcs/webmin/esuite/?.ds;/opt/drwcs/webmin/?;/opt/drwcs/webmin/?.ds;/opt/drwcs/webmin/esuite/network/?;/opt/drwcs/webmin/esuite/network/?.ds' into path (absolute)

20171208.115342.72 tr3 [01926 02053] wwr:2  [Script] Adding '/opt/drwcs/lib/libdrw?.so' into cpath (composite)

20171208.115342.74 tr1 [01926 02053] wwr:2  Dr.Web Documents Generation Module Version 10.01.0.201705110 (REL-1000, Linux/x64)

20171208.115342.74 tr3 [01926 02053] wwr:2  [Docgen] Registering lua functions

20171208.115342.78 tr0 [01926 02053] wwr:2  [WEBMIN] tcp://192.168.11.232:58306: 00.660 seconds, OK: POST/200 1769 http://192.168.168.35:9080/esuite/network/index.ds?xml=getXmlHTTP/1.1

20171208.115344.06 tr3 [01926 02053] wwr:2  [Script] Adding '/opt/drwcs/ds-modules/?;/opt/drwcs/ds-modules/?.ds' into path (composite)

20171208.115344.06 tr3 [01926 02053] wwr:2  [Script] Adding '/opt/drwcs/webmin/esuite/?;/opt/drwcs/webmin/esuite/?.ds;/opt/drwcs/webmin/?;/opt/drwcs/webmin/?.ds;/opt/drwcs/webmin/esuite/network/?;/opt/drwcs/webmin/esuite/network/?.ds' into path (absolute)

20171208.115344.06 tr3 [01926 02053] wwr:2  [Script] Adding '/opt/drwcs/lib/libdrw?.so' into cpath (composite)

20171208.115344.09 tr1 [01926 02053] wwr:2  Dr.Web Documents Generation Module Version 10.01.0.201705110 (REL-1000, Linux/x64)

20171208.115344.09 tr3 [01926 02053] wwr:2  [Docgen] Registering lua functions

20171208.115344.13 tr0 [01926 02053] wwr:2  [WEBMIN] tcp://192.168.11.191:50626: 00.750 seconds, OK: POST/200 1768 http://192.168.168.35:9080/esuite/network/index.ds?xml=getXmlHTTP/1.1

20171208.115345.15 tr3 [01926 01978] wrk:2  [Update] tcp://192.168.17.58:3053/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115345.15 tr3 [01926 01978] wrk:2  [Update] tcp://192.168.17.58:3053/st: Product "10-drwgatedb" revision "20171208081022" is up-to-date

20171208.115345.15 tr3 [01926 01978] wrk:2  [Update] tcp://192.168.17.58:3053/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115346.06 tr0 [01926 01982] net:1  [Net2/Server] tcp://192.168.168.35:2193: new connection "tcp://192.168.15.117:63120" accepted

20171208.115346.06 tr0 [01926 01980] wrk:4  [Layer/Listener] Activation connection #26

20171208.115346.06 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.15.117:63120: snd <0 PROTOCOL 2 23 AGENT,INSTALL,MSNAPSHV,CRYPT,IPTRANSF,IEXREADY>

20171208.115346.06 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.15.117:63120: rcv <0 PROTOCOL 2 33 AGENT,CRYPT>

20171208.115346.06 tr3 [01926 01979] wrk:3  [Layer/Proto] tcp://192.168.15.117:63120/pc: Requested capabilities is AGENT,CRYPT

20171208.115346.06 tr3 [01926 01979] wrk:3  [Layer/Proto] tcp://192.168.15.117:63120/pc: Requested for "AGENT" client

20171208.115346.06 inf [01926 01979] wrk:3  tcp://192.168.15.117:63120/pc: Further protocol version 2.33

20171208.115346.06 tr3 [01926 01979] wrk:3  tcp://192.168.15.117:63120/pc: Will not use compressed channel (local settings)

20171208.115346.06 tr3 [01926 01979] wrk:3  [Layer/Client] tcp://192.168.15.117:63120/pc: Will use non-compressed channel

20171208.115346.06 tr3 [01926 01979] wrk:3  tcp://192.168.15.117:63120/pc: Will use crypted channel (mandatory)

20171208.115346.06 tr3 [01926 01979] wrk:3  [Layer/Client] tcp://192.168.15.117:63120/pc: Will use encrypted channel

20171208.115346.06 tr3 [01926 01979] wrk:3  [Layer/Proto] <unbound>: Swapped with client tcp://192.168.15.117:63120 for proto "AGENT"

20171208.115346.06 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.15.117:63120: snd <1 SIGNATURE dc286d5f bad325e0 8cc6ab8b 551b1161 0a0e7356 9f5a2540 a396b3e6 ae94b0f5 5f5c528f 66aa3265 490f7de4 0b1f5f25 33f6d037 10611f1a 1267da4b 4098d2bd 97ac1d16 2f5c2bf1 482ddde6 84dc210c 0207973c 71f7ddc7 9bc9d6b1 10e90071>

20171208.115346.06 tr3 [01926 01982] net:1  [Layer/Transport] tcp://192.168.15.117:63120: new idle timeout set to 00:02:00

20171208.115346.06 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.15.117:63120: rcv <1 VIOLATION invalid%Sserver%Ssignature>

20171208.115346.06 ERR [01926 01980] wrk:4  [Layer/Common] tcp://192.168.15.117:63120: Client detected VIOLATION: invalid server signature

20171208.115346.06 tr0 [01926 01980] wrk:4  [Layer/Common] tcp://192.168.15.117:63120: Requested for disconnect

20171208.115346.06 tr3 [01926 01978] wrk:2  [Layer/Transformation] tcp://192.168.15.117:63120(dead): all filter removed from incoming and outcoming streams

20171208.115346.06 tr0 [01926 01978] wrk:2  [Layer/Common] tcp://192.168.15.117:63120: disconnect occured

20171208.115346.45 tr0 [01926 01983] net:2  [Net2/Server] tcp://192.168.168.35:2193: new connection "tcp://192.168.11.205:58779" accepted

20171208.115346.45 tr0 [01926 01979] wrk:3  [Layer/Listener] Activation connection #26

20171208.115346.45 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.11.205:58779: snd <0 PROTOCOL 2 23 AGENT,INSTALL,MSNAPSHV,CRYPT,IPTRANSF,IEXREADY>

20171208.115346.45 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.11.205:58779: rcv <0 PROTOCOL 2 33 AGENT,CRYPT>

20171208.115346.45 tr3 [01926 01978] wrk:2  [Layer/Proto] tcp://192.168.11.205:58779/pc: Requested capabilities is AGENT,CRYPT

20171208.115346.45 tr3 [01926 01978] wrk:2  [Layer/Proto] tcp://192.168.11.205:58779/pc: Requested for "AGENT" client

20171208.115346.45 inf [01926 01978] wrk:2  tcp://192.168.11.205:58779/pc: Further protocol version 2.33

20171208.115346.45 tr3 [01926 01978] wrk:2  tcp://192.168.11.205:58779/pc: Will not use compressed channel (local settings)

20171208.115346.45 tr3 [01926 01978] wrk:2  [Layer/Client] tcp://192.168.11.205:58779/pc: Will use non-compressed channel

20171208.115346.45 tr3 [01926 01978] wrk:2  tcp://192.168.11.205:58779/pc: Will use crypted channel (mandatory)

20171208.115346.45 tr3 [01926 01978] wrk:2  [Layer/Client] tcp://192.168.11.205:58779/pc: Will use encrypted channel

20171208.115346.45 tr3 [01926 01978] wrk:2  [Layer/Proto] <unbound>: Swapped with client tcp://192.168.11.205:58779 for proto "AGENT"

20171208.115346.45 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.11.205:58779: snd <1 SIGNATURE dc286d5f bad325e0 8cc6ab8b 551b1161 0a0e7356 9f5a2540 a396b3e6 ae94b0f5 5f5c528f 66aa3265 490f7de4 0b1f5f25 33f6d037 10611f1a 1267da4b 4098d2bd 97ac1d16 2f5c2bf1 482ddde6 84dc210c 0207973c 71f7ddc7 9bc9d6b1 10e90071>

20171208.115346.45 tr3 [01926 01982] net:1  [Layer/Transport] tcp://192.168.11.205:58779: new idle timeout set to 00:02:00

20171208.115346.46 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.11.205:58779: rcv <1 VIOLATION invalid%Sserver%Ssignature>

20171208.115346.46 ERR [01926 01979] wrk:3  [Layer/Common] tcp://192.168.11.205:58779: Client detected VIOLATION: invalid server signature

20171208.115346.46 tr0 [01926 01979] wrk:3  [Layer/Common] tcp://192.168.11.205:58779: Requested for disconnect

20171208.115346.46 tr3 [01926 01979] wrk:3  [Layer/Transformation] tcp://192.168.11.205:58779(dead): all filter removed from incoming and outcoming streams

20171208.115346.46 tr0 [01926 01979] wrk:3  [Layer/Common] tcp://192.168.11.205:58779: disconnect occured

20171208.115346.94 tr3 [01926 01981] wrk:5  [Layer/Common] tcp://192.168.11.232:56014/st: Ping restart requested with sending

20171208.115346.94 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.11.232:56014: snd <186 PING 6364832002694549551>

20171208.115346.94 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.11.232:56014: rcv <217 PONG 6364832002694549551 6364832004786329540>

20171208.115346.94 tr3 [01926 01979] wrk:3  tcp://192.168.11.232:56014/st: Pong round trip time is 1ms

20171208.115346.94 tr3 [01926 01978] wrk:2  [Update] tcp://192.168.17.51:61399/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115346.94 tr3 [01926 01978] wrk:2  [Update] tcp://192.168.17.51:61399/st: Product "10-drwgatedb" revision "20171208081022" is up-to-date

20171208.115346.94 tr3 [01926 01978] wrk:2  [Update] tcp://192.168.17.51:61399/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115347.07 tr3 [01926 02052] wwr:1  [Script] Adding '/opt/drwcs/ds-modules/?;/opt/drwcs/ds-modules/?.ds' into path (composite)

20171208.115347.07 tr3 [01926 02052] wwr:1  [Script] Adding '/opt/drwcs/webmin/esuite/?;/opt/drwcs/webmin/esuite/?.ds;/opt/drwcs/webmin/?;/opt/drwcs/webmin/?.ds;/opt/drwcs/webmin/esuite/network/?;/opt/drwcs/webmin/esuite/network/?.ds' into path (absolute)

20171208.115347.07 tr3 [01926 02052] wwr:1  [Script] Adding '/opt/drwcs/lib/libdrw?.so' into cpath (composite)

20171208.115347.10 tr1 [01926 02052] wwr:1  Dr.Web Documents Generation Module Version 10.01.0.201705110 (REL-1000, Linux/x64)

20171208.115347.10 tr3 [01926 02052] wwr:1  [Docgen] Registering lua functions

20171208.115347.15 tr0 [01926 02052] wwr:1  [WEBMIN] tcp://192.168.11.191:50626: 00.810 seconds, OK: POST/200 1544 http://192.168.168.35:9080/esuite/network/index.ds?listGr=1&stid=607a44d5-d11d-b211-bf1b-f80bb94908a0HTTP/1.1

20171208.115347.49 tr3 [01926 01980] wrk:4  [Layer/Common] tcp://192.168.11.210:2093/st: Ping restart requested with sending

20171208.115347.49 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.11.210:2093: snd <185 PING 6364832002749355049>

20171208.115347.49 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.11.210:2093: rcv <209 PONG 6364832002749355049 6364832002827399830>

20171208.115347.49 tr3 [01926 01978] wrk:2  tcp://192.168.11.210:2093/st: Pong round trip time is 1ms

20171208.115347.85 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.15.115:64317/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115347.85 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.15.115:64317/st: Product "10-drwgatedb" revision "20171208081022" is up-to-date

20171208.115347.85 tr3 [01926 01977] wrk:1  [Update] tcp://192.168.15.115:64317/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115347.86 tr3 [01926 01981] wrk:5  [Layer/Common] tcp://192.168.17.58:3053/st: Ping restart requested with sending

20171208.115347.86 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.17.58:3053: snd <179 PING 6364832002786229206>

20171208.115347.86 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.17.58:3053: rcv <201 PONG 6364832002786229206 6364832002794242530>

20171208.115347.86 tr3 [01926 01978] wrk:2  tcp://192.168.17.58:3053/st: Pong round trip time is 1ms

20171208.115348.59 tr3 [01926 01981] wrk:5  [Layer/Common] tcp://192.168.15.127:49369/st: Ping restart requested with sending

20171208.115348.59 tr3 [01926 01981] wrk:5  [Layer/TextProto] tcp://192.168.15.127:49369: snd <177 PING 6364832002859087570>

20171208.115348.59 tr3 [01926 01977] wrk:1  [Layer/TextProto] tcp://192.168.15.127:49369: rcv <201 PONG 6364832002859087570 6364832002870937470>

20171208.115348.59 tr3 [01926 01977] wrk:1  tcp://192.168.15.127:49369/st: Pong round trip time is 1ms

20171208.115351.41 tr3 [01926 01979] wrk:3  [Update] tcp://192.168.11.81:53231/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115351.41 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.15.126:49436/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115351.41 tr3 [01926 01979] wrk:3  [Update] tcp://192.168.11.81:53231/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115351.41 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.15.126:49436/st: Product "10-drwgatedb" revision "20171208081022" is up-to-date

20171208.115351.41 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.15.126:49436/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115351.67 tr3 [01926 01978] wrk:2  [Layer/Common] tcp://192.168.11.161:50691/st: Ping restart requested with sending

20171208.115351.67 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.11.161:50691: snd <169 PING 6364832003167019849>

20171208.115351.67 tr3 [01926 01977] wrk:1  [Layer/TextProto] tcp://192.168.11.161:50691: rcv <189 PONG 6364832003167019849 6364832005260443820>

20171208.115351.67 tr3 [01926 01977] wrk:1  tcp://192.168.11.161:50691/st: Pong round trip time is 1ms

20171208.115351.97 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.15.101:51997/st: Product "10-drwbases" revision "20171208073755" is up-to-date

20171208.115351.97 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.15.101:51997/st: Product "10-drwgatedb" revision "20171208081022" is up-to-date

20171208.115351.97 tr3 [01926 01980] wrk:4  [Update] tcp://192.168.15.101:51997/st: Product "20-drwagent" revision "20171127130019" is up-to-date

20171208.115352.95 tr3 [01926 01980] wrk:4  [Layer/Common] tcp://192.168.17.51:61399/st: Ping restart requested with sending

20171208.115352.95 tr3 [01926 01980] wrk:4  [Layer/TextProto] tcp://192.168.17.51:61399: snd <185 PING 6364832003295935359>

20171208.115352.96 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.17.51:61399: rcv <207 PONG 6364832003295935359 6364832005388085340>

20171208.115352.96 tr3 [01926 01979] wrk:3  tcp://192.168.17.51:61399/st: Pong round trip time is 1ms

20171208.115353.18 tr0 [01926 01983] net:2  [Net2/Server] tcp://192.168.168.35:2193: new connection "tcp://192.168.15.184:50743" accepted

20171208.115353.18 tr0 [01926 01978] wrk:2  [Layer/Listener] Activation connection #26

20171208.115353.18 tr3 [01926 01978] wrk:2  [Layer/TextProto] tcp://192.168.15.184:50743: snd <0 PROTOCOL 2 23 AGENT,INSTALL,MSNAPSHV,CRYPT,IPTRANSF,IEXREADY>

20171208.115353.18 tr3 [01926 01977] wrk:1  [Layer/TextProto] tcp://192.168.15.184:50743: rcv <0 PROTOCOL 2 33 AGENT,CRYPT>

20171208.115353.18 tr3 [01926 01977] wrk:1  [Layer/Proto] tcp://192.168.15.184:50743/pc: Requested capabilities is AGENT,CRYPT

20171208.115353.18 tr3 [01926 01977] wrk:1  [Layer/Proto] tcp://192.168.15.184:50743/pc: Requested for "AGENT" client

20171208.115353.18 inf [01926 01977] wrk:1  tcp://192.168.15.184:50743/pc: Further protocol version 2.33

20171208.115353.18 tr3 [01926 01977] wrk:1  tcp://192.168.15.184:50743/pc: Will not use compressed channel (local settings)

20171208.115353.18 tr3 [01926 01977] wrk:1  [Layer/Client] tcp://192.168.15.184:50743/pc: Will use non-compressed channel

20171208.115353.18 tr3 [01926 01977] wrk:1  tcp://192.168.15.184:50743/pc: Will use crypted channel (mandatory)

20171208.115353.18 tr3 [01926 01977] wrk:1  [Layer/Client] tcp://192.168.15.184:50743/pc: Will use encrypted channel

20171208.115353.18 tr3 [01926 01977] wrk:1  [Layer/Proto] <unbound>: Swapped with client tcp://192.168.15.184:50743 for proto "AGENT"

20171208.115353.18 tr3 [01926 01977] wrk:1  [Layer/TextProto] tcp://192.168.15.184:50743: snd <1 SIGNATURE 01a9502a 83b34dbd 6e1b820b 9aa94c17 cbd0cf51 93d1b38e cc2c535a 31abb515 164a9cae ccbdc02b 458994be 404ea3cb 0947a100 cefc9c8b f80ec75d f2d82b17 70306239 694b459f 454a1de0 3043cd3c 135d6bd4 d4d330aa 753239e4 86557ae7>

20171208.115353.18 tr3 [01926 01982] net:1  [Layer/Transport] tcp://192.168.15.184:50743: new idle timeout set to 00:02:00

20171208.115353.19 tr3 [01926 01979] wrk:3  [Layer/TextProto] tcp://192.168.15.184:50743: rcv <1 VIOLATION invalid%Sserver%Ssignature>

20171208.115353.19 ERR [01926 01979] wrk:3  [Layer/Common] tcp://192.168.15.184:50743: Client detected VIOLATION: invalid server signature

20171208.115353.19 tr0 [01926 01979] wrk:3  [Layer/Common] tcp://192.168.15.184:50743: Requested for disconnect

20171208.115353.19 tr3 [01926 01981] wrk:5  [Layer/Transformation] tcp://192.168.15.184:50743(dead): all filter removed from incoming and outcoming streams

20171208.115353.19 tr0 [01926 01981] wrk:5  [Layer/Common] tcp://192.168.15.184:50743: disconnect occured

[Afalin]

Администрирование – SQL консоль.

select * from group_cfg where name='ServerPubKey';

select * from station_cfg where name='ServerPubKey';

Результаты обоих запросов интересны.

[d_maI]

1 файл первый запрос, второй - второй

Прикрепленные файлы:

•  sql_editor__08-12-2017.html   3,42К   5 Скачано раз
•  sql_editor__08-12-2017 (1).html   3,89К   6 Скачано раз

[Afalin]

С наскока и воспроизвести такое не удаётся…

Что касается устранения последствий – открытый ключ сервера с агентов был удалён, так что агенты стали неуправляемыми со стороны ЦУ. =( Лучше, чем на каждой станции выполнить что-то вида "C:\Program Files\DrWeb\dwservice.exe" -p "path/to/actual/drwcsd.pub", я предложить ничего не могу. Групповыми политиками эти станции управляются?

[d_maI]

Да управляются.

После ввода "C:\Program Files\DrWeb\dwservice.exe" -p "path/to/actual/drwcsd.pub"  все прокатило)))

Сообщение было изменено d_maI: 08 Декабрь 2017 - 15:06

[Afalin]

Путь нужно подставить свой. Взять открытый ключ с сервера (Администрирование - Ключи шифрования), залить на целевую машину (либо выложить на шару, на которую хватит прав), и указать получившийся путь.

[d_maI]

Да управляются.

После ввода "C:\Program Files\DrWeb\dwservice.exe" -p "path/to/actual/drwcsd.pub"  все прокатило)))

Только здесь есть пара нюансов:

вводить команду надо два раза с перерывом около минуты (после первого ввода агенты подхватывают ключ но потом гаснут, а после второго ввода все прокатывает). Единственное что в консоли администрирования после повторного ввода команды агенты могут не сразу менять статус на "активен".

 

drwcsd.pub я кидал в корень диска "С"

[d_maI]

тему можно закрывать)

[Afalin]

Кстати, я забыл. Надо в Everyone в настройках соединения агента этот же ключ добавить, раз он оказался удалён.