Our ARL imports have been failing on all our lab and customer systems since 6/28. I saw the post referencing the SSL changes, but we are not whitelisting by IP so I am not sure that it applies here. Is anyone else seeing this issue?
I have attached the stack trace.
Jun 30, 2021 07:02 AM
Flexera rolled out a change to the network configuration on the server that provides ARL files for download at 4pm June 30th Pacific Time (11pm June 30th UTC). Testing and feedback has indicated that this has resolved the reported download issues being discussed in this thread. No customer action is needed for this change to work.
Also, be aware of the recent IP address and SSL certificate changes noted in the following post: www.managesoft.com & update.managesoft.com - IP Address and SSL Certificate changes for FlexNet Manager Suite On-premises. These changes may require your action if you have configuration which restricts which IP addresses or SSL certificates your ARL download process can use.
Subject to the above comments, your next automated ARL import should complete successfully. If you are still encountering issues, please note your observations in this thread or raise a case with Flexera Support.
Jul 01, 2021 06:09 AM
Hi,
I'm also having a problem with ARL Import as we speak. The last update as per process was 25th of June but I'm on version 2612 yet still, it says ARL Import failed on system tasks. I tried running the MgsImportRecognition.exe and I'm getting the error message: The underlying connection was closed: An unexpected error occurred on a send.
Jun 30, 2021 07:24 AM
I just opened a case for our implementation as well. We are getting a connection interrupted or ended error but our networking team said everything is going through fine on our end. Glad we arent the only ones.
Jun 30, 2021 08:27 AM
Hi,
same here. First thought was it depends on the SSL/IP change that Flexera made to the URLs: https://community.flexera.com/t5/FlexNet-Manager-Content-Blog/www-managesoft-com-amp-update-managesoft-com-IP-Address-and-SSL/ba-p/196656/jump-to/first-unread-message
But the manual download works fine, so it can't be a problem with my local internet/whitelist/config.
Jun 30, 2021 08:34 AM
I thought the same thing so I imported the CRL and Cert that was provided in that post, but it didn't resolve the issue. I am also able to manual download by hitting the URL in the browser.
Jun 30, 2021 08:36 AM
Same with us, Our Networking team verified there is nothing blocking/preventing/or hindering our connections to the site for download. looks to be site/server related on flexeras end.
Jun 30, 2021 08:37 AM
Jun 30, 2021 08:38 AM
if you follow the manual steps of obtaining the ARL files, there isnt an issue. its only the connection job that seems to fail.
Jun 30, 2021 08:40 AM
Jun 30, 2021 08:42 AM
@jjoaquin If you open a browser on the server and navigate to the RecognitionAfter82 url from the stack trace you can see if your network is blocking traffic from your server to the managesoft content site. This is usually a good first step when you have issues with the ARL Import. The download should kick off immediately when you browse to the site. For me I can download it directly from there, but the automated import is failing.
The link is below.
https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab
Jun 30, 2021 08:41 AM
Jun 30, 2021 08:46 AM
yes, that's how it works. They were downloaded and imported. No files left. Did you run the import by using the command or just started the scheduled task manually?
Jun 30, 2021 08:48 AM
Jun 30, 2021 08:52 AM
@jjoaquin Try going to %systemdrive%\ProgramData\Flexera Software\Compliance\Logging\Content and check the mgsRecognitionImport.log, importPURL.log, and recognition.log. That will give you some indication if the manual import was successful.
Jun 30, 2021 08:52 AM
Jun 30, 2021 09:05 AM
Jun 30, 2021 09:05 AM
Hi,
Same issue occurred in our environment also, we added https://update.managesoft.com in the trusted sites then after it's able to download .cab files and can telnet to update.managesoft.com port 443.
Today we are not seen any error on ARL.
Thanks,
Sreerama Yenuga.
Jul 01, 2021 03:36 AM
Flexera rolled out a change to the network configuration on the server that provides ARL files for download at 4pm June 30th Pacific Time (11pm June 30th UTC). Testing and feedback has indicated that this has resolved the reported download issues being discussed in this thread. No customer action is needed for this change to work.
Also, be aware of the recent IP address and SSL certificate changes noted in the following post: www.managesoft.com & update.managesoft.com - IP Address and SSL Certificate changes for FlexNet Manager Suite On-premises. These changes may require your action if you have configuration which restricts which IP addresses or SSL certificates your ARL download process can use.
Subject to the above comments, your next automated ARL import should complete successfully. If you are still encountering issues, please note your observations in this thread or raise a case with Flexera Support.
Jul 01, 2021 06:09 AM
@pyadav The scheduled task to download the ARL is still failing for us. We added https://update.managesoft.com to trusted sites. We also exported every certificate in the chain and imported each one in MMC. I have an open case but any input here is appreciated. Here's the latest error:
2021-07-06 01:02:41,813 [.RecognitionImportTool] [ERROR] ManageSoft.Compliance.Logic.Core.Impl.Licensing.RecognitionImport.ContentDownloadException: Could not download https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab ---> ManageSoft.Compliance.Logic.Core.API.ImportRecognitionDownloadException: Failed to download the file 'https://www.managesoft.com/support/Compliance/RecognitionAfter82.cab' to 'C:\ProgramData\Flexera Software\FlexNet Manager Platform\DataImport\Content\ARL\RecognitionAfter82.cab'. ---> Flexera.Web.Client.MaxAttemptsExceededException: One or more errors occurred. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
If we go to https://update.managesoft.com from a browser on the app server, it says NET::ERR_CERT_AUTHORITY_INVALID and it won't automatically download the file.
Also, for each of the five certificates in this chain, when I open each one from the batch/inventory server, it says "Windows does not have enough information to verify this certificate". If I open them from my laptop, the only one it complains about is the Starfield Class 2, but that one doesn't show up in the certification path when I open the managesoft cert from my laptop. It does appear in the chain when I open it from the server.
Jul 06, 2021 08:45 AM
Follow up from my previous post. I had to get the "right" Starfield Class 2 Certification Authority cert from here (https://aws.amazon.com/blogs/security/how-to-prepare-for-aws-move-to-its-own-certificate-authority/) to resolve this issue.
Jul 06, 2021 03:39 PM