Some of our agents cannot contact their respective beacon after installations, and the following error messages are present in the logs:
Download failure: Error 0xE0500191: 401 Unauthorized - Authentication Required
Download FAILED for “https://[SERVER_NAME]/ManageSoft/Policies/Merged/_domain/Machine/[MACHINE_NAME].npl?machinename=[MACHINE_NAME]&ipaddress=[IP1],[IP2]”
Command “ndlaunch -r "$(DownloadRootURL)/Policies/Merged/Merged/_domain/Machine/[MACHINE_NAME].npl?machinename=[MACHINE_NAME]&ipaddress=[IP1],[IP2]” -o PkgType=Policy -o InstallProfile=Public -o "AllowedPkgTypes=Schedule" -o "SaveAllUserSymbols=False" -o "UILevel=Quiet"” returned exit code 1
ERROR: FlexNet Manager Platform installation agent cannot install the merged deployment policy
The example is a RedHat machine, and there are some AIX servers producing the same error. On the beacon servers, anonymous and windows authentication modes are enabled. System version is 2021 R1, agent version is 17.0.1.
I think this could be a confirugration issue, but I can't find what exactly could be the problem, as most of our agents are able to connect to the beacons.
Can you please help me, where to start?
Sep 06, 2022 12:33 AM
HI @thegedus ,
On the beacon machine, set as anonymous and also check if the required ports are open from Agent to beacon machine. Try wget or curl cmd from agent machine and see if you are able to download the policy from beacon machine.
Sep 12, 2022 02:12 PM
Does the URL noted in the installation.log file really start with "https://[SERVER_NAME]/ManageSoft/" as you've noted?
The reference to "ManageSoft" here should be "ManageSoftDL". If you are indeed seeing "ManageSoft" referenced then that would likely describe what you're seeing a failure. (Although I'd probably expect to see a 404 NOT FOUND error rather than 401 UNAUTHORIZED error...)
If you do see anonymous authentication enabled on the relevant virtual directory in IIS then it seems strange to get a 401 UNAUTHORIZED response when trying to access it. That might occur if there is some kind of web proxy between the agent and beacon that is requiring authentication.
Sep 13, 2022 08:43 PM
I looked again at the installation.log, it is indeed ManageSoft and not ManageSoftDL. When I tried to wget the same URL with ManageSoftDL, the request is successful, at least from my machine, we are yet to try from the endpoints in question.
In this case, it looks like something went off in an agent configuration. Do you happen to know which one we should check?
Sep 14, 2022 12:53 AM
If this is affecting newly installed agents (that is, agents that have never successfully applied policy) then it's likely the "ManageSoft" value in the URL came from the bootstrap configuration specified in the mgsft_rollout_config file (on Unix-like operating systems) or mgssetup.ini file (on Windows) that was used to install the agent.
Sep 14, 2022 01:29 AM