Overview
In this guide, we will share the steps to reset a KerioControl appliance’s configuration settings to be able to connect to GFI App Manager.
This procedure should be applied when clicking “Register in AppManager” from KerioControl WebUI leads to GFI AppManager’s dashboard, instead of the “registration wizard”, or the “Register in AppManager” button has disappeared, or in situations where Kerio Control cannot be added to GFI AppManager.
Prerequisites
Before proceeding with reinstalling the agent, please verify that the GFIAgent service is running, as per the guidelines in the article: Resolving Connectivity Issues Between GFI AppManager and KerioControl.
Also, please make sure that the DNS server used resolves the *.* .gfi.com domains. The easiest way to do this is to add 8.8.8.8 as the first DNS server to all the Internet Interfaces used.
Check that Firewall has full access to the Internet with the traffic rules. The easiest way to ensure that's the case add a new temporary traffic on top of all the other rules with the Source: Firewall, Destination: Internet Interfaces, Services: Any, Traffic Inspector: None.
Preferred method (via SSH)
To reset the GFI Agent’s connection configuration, follow the below steps:
-
Access Kerio Control's Shell Using SSH
Note: It has been noted in some cases that the agent installation fails due to read-only filesystem. Therefore, it is advisable to run themount -o rw,remount
command before proceeding with the next steps. - Navigate to the below location and backup the winroute.cfg file:
cd /opt/kerio/winroute/ cp winroute.cfg /tmp/
- Run the below commands one by one, leveraging the tinydbclient utility bundled in Kerio Control
/opt/kerio/winroute/tinydbclient "update AppManager set ApplianceId=''" /opt/kerio/winroute/tinydbclient "update AppManager set RegistrationUrl=''" /opt/kerio/winroute/tinydbclient "update AppManager set Name=''" /opt/kerio/winroute/tinydbclient "update AppManager set Password=''"
- Once done, run the below commands one by one to reinstall the GFIAgent on the appliance:
/etc/boxinit.d/70gfiagent stop
/usr/local/gfiagent/GFIAgentInstaller kerio-control /var/winroute https://appmanager.gfi.com/1.2.latest/linux-amd64/
ps -ef | grep "GFIAgent"
After performing the above steps, the next attempt to register the appliance in AppManager should be successful.
Alternate method (via Console)
In the scenario that the first method does not work, you can follow the below steps that require console access:
-
From the appliance local network access the console by pressing Alt+F2
Beware - if you are on the console not from the local network (but from VPN or external SSH, for example), running this command may break your connectivity to the console!
- Stop agent (/etc/boxinit.d/70gfiagent stop) and winroute (/etc/boxinit.d/60winroute stop)
- mount -o rw,remount /
- Remove the content in /var/gfiagent/appliances/* (rm -r /var/gfiagent/appliances/*)
- Empty "ApplianceId", "Name", "Password" and “RegistrationUrl” variables in "AppManager" table in /var/winroute/winroute.cfg
- Execute (for prod): /usr/local/gfiagent/GFIAgentInstaller kerio-control /var/winroute https://appmanager.gfi.com/1.2.latest/linux-amd64/
- Start agent (/etc/boxinit.d/70gfiagent start) and winroute (/etc/boxinit.d/60winroute start)
- Run the below command to verify that the GFIAgent service is running:
ps -ef | grep "GFIAgent"
After performing the above steps, the next attempt to register the appliance in AppManager should be successful.
Fallback method
If the issue is initially adding the appliance to AppManager and the above methods don't help no matter what you try, this can indicate an environmental issue. In such a case, you can try installing the appliance on a new machine and loading the backup settings. You should then be able to add the appliance to AppManager without any problems.