aaaaaa asked a question.
An existing connection was forcibly closed by the remote host.
We have server using Windows Server 2008R2 and it got error: " Download failure. An existing connection was forcibly closed by the remote host."
We've followed section in this link: https://community.flexera.com/s/FlexNet-Manager-Forum/FNMS-agent-installed-on-Windows-server-2003-and-2008-were-not/m-p/216723M13712 and tried to enable TLS 1.2 on both beacon and server but it didn't work.
Is there any other way to fix it?
Thank you.
 
 
 
 
@aaaaaa
There can be multiple causes of this situation, e.g. network blocking the traffic. Did you check that the agent is able to "reach" the beacon after the configuration change?
You may want to get Flexera Support involved in troubleshooting this situation if you need further guidance, so please feel free to open a support case.
Thanks,
Can I recommend downloading IISCrypto and running it on both the client machine with the agent, and the beacon.
In there you'll be able to see the settings for both, and turn them on and off.
The hashes and algorithms used in the certificate need to be enabled on the client machine.
Another possibility is that access to the revocation server is unavailable to the client machine. Open up the certificate on the beacon to work out what the revocation server is, then running a test-netconnection command on the client machine with the correct port (usually 80 for http) to check that.
If the client machine does not have access to the revocation server, get a firewall hole punched for it.
The last resort is in the agent registry keys turn off checkcertificaterevocation and checkservercertificate.
j
Hi Jasonlu
Below points must to ensure for proper communication of agent to beacon
Firewall Port must be allowed for beacon 443 or 80 based on your beacon configuration.
Beacon DL & RL URL must be working
If you are having legacy Windows OS like Win 2003 & 2008 then TLS1.0 & 1.2 must be enable enable in agent as well Beacon to communicate. Win 2k12 & above are already having required TLS.
Link How to check if TLS 1.2 is enabled?
https://support.site24x7.com/portal/en/kb/articles/how-to-check-if-tls-1-2-is-enabled
Even after doing these changes if still not working. please attach Agent logs along with IIS log in txt format to check further.
TLS entry seems incorrect created.
Durgeshsing, yeah that's why I use IISCrypto to set any of the registry entries. That way I'll know it is done right and I haven't made a mistake.
Your list misses out on the revocation URL, which I strongly recommend checking as well. I've had in the past this exact error where the cause was the revocation server was inaccessible. This is especially relevant for linux and unix machines, as quite often they are on networks that the Active Directory admins dont know about, and so the relevant ports have not been opened by default.
j
To make it I would suggest to Update your mgssetup.ini with below lines. It will be taken care during agent installation.
; Registry settings to be created under
; HKLM\Software\ManageSoft Corp\ManageSoft\Common
[Common]
desc0 = MGSSetupIniApplied
val0 = True
desc1 = NetworkSense
val1 = False
desc2 = CheckServerCertificate
val2 = False
desc3 = CheckCertificateRevocation
val3 = FalseDid this issue got resolved?