Highlighted
Active participant

Re: Register Flexera Service Gateway Authentication Failed

Jump to solution

Mike and I uninstalled FSG and reinstalled it on the App Portal server.  Then ran the RegistrerFlexeraServiceGateway.exe on our FNMS server (previously we were running it on the App Portal server).  It registered and is in App Portal on the Settings -> Flexera Integration page.  We see our App Portal and FNMS servers now.  Also we verified in the FSG Host it shows it is bound to both servers. 

We did an IIS Reset, restarted ESD again but still are unable to search for any products or publishers in Flexera Manager Suite Mapping.  It returns "No records found".   

I checked the TLS 1.2 settings for Client and Server settings are different between the App Portal and FNMS Servers.  

FNMS server has
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
DisabledByDefault  DWORD = 0
Enabled  DWORD = 1

Same settings for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

App Portal server has
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Server
DisabledByDefault  DWORD = 0
Enabled  DWORD = ffffffff

Same settings for HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client

Should they be the same and if so, which one is correct?

Thanks!

JoanM

Highlighted
Moderator Moderator
Moderator

Re: Register Flexera Service Gateway Authentication Failed

Jump to solution

@joan_mckinley 

Yeah, interesting question, even Microsoft's community isn't entirely clear on this as per https://techcommunity.microsoft.com/t5/office-365/tls-1-2-enabled-registry-value-quot-0xffffffff-quo...

I would go with 1, e.g. for FNMS Flexera has been specific as per https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/Transport-Layer-Security-TLS-1-1-amp...

If you still have got issues getting this resolved I would advice that you open a support case to get assistance in troubleshooting this issue further.

Thanks,

Highlighted
Occasional contributor

Re: Register Flexera Service Gateway Authentication Failed

Jump to solution

Hi Everyone,

Thanks for all you good suggestions.  We using the App Portal Service account as mentioned and had our DBA grant the db_reader to the FNMS Compliance DB  but still got the errors.  After trying all the suggestions we went back to using the alternate connection using a different service account and that worked.  

 

0 Kudos
Highlighted
Moderator Moderator
Moderator

Re: Register Flexera Service Gateway Authentication Failed

Jump to solution

Make sure you've also applied the following registry keys to both servers:

Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NetFramework\v4.0.30319" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NetFramework\v4.0.30319" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Wow6432Node\Microsoft\.NETFramework\v2.0.50727" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"
Set-ItemProperty -Path "HKLM:\SOFTWARE\Microsoft\.NETFramework\v2.0.50727" -Type DWord `
	-Value "1" -Name "SchUseStrongCrypto"

Enabling the protocols is not sufficient.  You also have to instruct .NET to use strong cryptography by default when making secure channel calls.

Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".
0 Kudos
Highlighted
Active participant

Re: Register Flexera Service Gateway Authentication Failed

Jump to solution

Thank you @jdempsey for the suggestions.  We do have those settings configured.  What fixed it for us was adding the App Portal service account to the Administrative role within FNMS.  

Thanks!

View solution in original post

0 Kudos