www.managesoft.com & update.managesoft.com - IP Address and SSL Certificate changes for FlexNet Manager Suite On-premises

pyadav
Flexera
Flexera
4 5 3,762

Flexera will be making some network changes to www.managesoft.com and update.managesoft.com endpoints, and as a result, the IP address and SSL certificates for the above domains will change.

 

These domains are used to deliver the ARL/PURL update files for our FlexNet Manager Suite On-premises customers.

 

If any of our customers have whitelisted the www.mangesoft.com or update.managesoft.com site by the IP address to get the ARL/PURL updates in their environment, they will need to add/update the new IP address to the whitelist before the scheduled activity planned date.

 

As part of the change, we will be moving to a new SSL certificate as well. Therefore, if the customer uses SSL whitelisting, it needs to be updated with the new certificate information.

 

Scheduled activity planned date:

CST: June 28th 2021 - 3:00 PM

UTC: June 28th 2021 - 8:00 PM

 

New IP Addresses:

54.204.247.103

35.172.82.165

54.172.24.197

 

New SSL Certificate information:

CRL:

OCSP:

5 Comments
sreeramyenuga
Active participant

Hi,

we are  able to telnet both the urls www.managesoft.com and update.managesoft.com.  Yesterday we are able to download manually "https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab" but today it's not downloading this .cab file. we added this sites to trusted sites.

We downloaded the cert from below site and  installed the cert in our App server through MMC.

Getting below error.

2021-06-30 01:00:20,560 [.RecognitionImportTool] [INFO ] ARL tasks (Download, Extract) have begun...
2021-06-30 01:00:20,800 [onImport.ContentImport] [INFO ] Downloading (using WebDownloader) https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab
2021-06-30 01:00:21,832 [onImport.ContentImport] [WARN ] RecognitionAfter82.cab download attempt 1 of 5 failed with System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
2021-06-30 01:00:21,832 [onImport.ContentImport] [INFO ] Waiting 10 seconds before trying again
2021-06-30 01:00:32,182 [onImport.ContentImport] [WARN ] RecognitionAfter82.cab download attempt 2 of 5 failed with System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
2021-06-30 01:00:32,182 [onImport.ContentImport] [INFO ] Waiting 20 seconds before trying again
2021-06-30 01:00:52,532 [onImport.ContentImport] [WARN ] RecognitionAfter82.cab download attempt 3 of 5 failed with System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
2021-06-30 01:00:52,532 [onImport.ContentImport] [INFO ] Waiting 40 seconds before trying again
2021-06-30 01:01:33,005 [onImport.ContentImport] [WARN ] RecognitionAfter82.cab download attempt 4 of 5 failed with System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
2021-06-30 01:01:33,005 [onImport.ContentImport] [INFO ] Waiting 80 seconds before trying again
2021-06-30 01:02:53,396 [onImport.ContentImport] [WARN ] RecognitionAfter82.cab download attempt 5 of 5 failed with System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.
2021-06-30 01:02:53,406 [.RecognitionImportTool] [ERROR] Unexpected error occured
2021-06-30 01:02:53,416 [.RecognitionImportTool] [ERROR] ManageSoft.Compliance.Logic.Core.Impl.Licensing.RecognitionImport.ContentDownloadException: Could not download https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab ---> ManageSoft.Compliance.Logic.Core.API.ImportRecognitionDownloadException: Failed to download the file 'https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab' to 'E:\ProgramData\Flexera Software\FlexNet Manager Platform\DataImport\Content\ARL\RecognitionAfter82.cab'. ---> Flexera.Web.Client.MaxAttemptsExceededException: One or more errors occurred. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send. ---> System.IO.IOException: Authentication failed because the remote party has closed the transport stream.
at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)
at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)
at System.Threading.ExecutionContext.RunInternal(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state, Boolean preserveSyncCtx)
at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)
at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)
at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)
at System.Net.ConnectStream.WriteHeaders(Boolean async)
--- End of inner exception stack trace ---
at System.Net.WebClient.DownloadFile(Uri address, String fileName)
at Flexera.Web.Client.WebClient.DownloadFile(String address, String fileName)
--- End of inner exception stack trace ---
at Flexera.Web.Client.WebClient.DownloadFile(String address, String fileName)
at ManageSoft.Compliance.Logic.Core.Impl.Licensing.RecognitionImport.WebDownloader.Download(String address, String destination)
--- End of inner exception stack trace ---
at ManageSoft.Compliance.Logic.Core.Impl.Licensing.RecognitionImport.WebDownloader.Download(String address, String destination)
at ManageSoft.Compliance.Logic.Core.Impl.Licensing.RecognitionImport.ContentImport.Run(EARLImportMode mode, String groupName)
--- End of inner exception stack trace ---
at ManageSoft.Compliance.Logic.Core.Impl.Licensing.RecognitionImport.ContentImport.Run(EARLImportMode mode, String groupName)
at ManageSoft.Compliance.Console.RecognitionImportTool.ImportRecognition()
2021-06-30 01:02:53,416 [.RecognitionImportTool] [ERROR] Could not download https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab
2021-06-30 01:02:53,416 [.RecognitionImportTool] [ERROR] Failed to download the file 'https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab' to 'E:\ProgramData\Flexera Software\FlexNet Manager Platform\DataImport\Content\ARL\RecognitionAfter82.cab'.
2021-06-30 01:02:53,651 [.RecognitionImportTool] [ERROR] ARL/SKU/EOSL tasks (Download, Extract) have failed. Please check the ARL/SKU log files for the detailed error message.

Thanks,

Sreerama Yenuga

 

DiannaB
Active participant

@pyadav Can you please provide more information about this change?  Our ARL updates are failing since this change was implemented.  I added all the new certificates to the app server, and we don't have IP white listing, but the updates are still failing with this error:  Could not establish trust relationship for the SSL/TLS secure channel

DiannaB
Active participant

Update:  In addition to what I wrote above, the complete error includes this message:  The remote certificate is invalid according to the validation procedure.

After installing the new certs.

Thanks!

DiannaB
Active participant

FYI for anyone still having issues.  I was able to get four good certs by going to update.managesoft.com in a browser and viewing the cert errors and downloading each certificate in the chain, which I then installed on the batch/inventory server.  HOWEVER, the Starfield Class 2 Certification Authority cert that gets downloaded that way is NOT valid.  To get that certificate, I went here at Flexera Support's direction (https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/) and downloaded that certificate, which I then installed.  

mfranz
Trusted advisor

I just exported the "Starfield Class 2 Certification Authority" from a client machine and put it one a server where it was missing. Seems to work...

PS: Make sure to install the certificate for the computer account. Otherwise a manual test may succeed, while the scheduled task still fails.

Latest Articles