cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Beacons - Check Connectivity and Never Reported

Just completed the successful deployment of two new beacons.  Install and configuration went smoothly.   Tested connection successfully.

Problem is in FNMS whereby the two beacons are showing the following:

  • Connectivity Status is Check Connectivity
  • Beacon status is Never Reported

The two beacons were deployed two days ago, so they should be reporting in.  Again, everything in the Beacon UI looks good on both beacons.  

Attempted to run the following beacon policy command:

mgsPolicy -t machine -o DownloadRootURL=http://<MyMachineName>/ManageSoftDL

This was unsuccessful and produced error (s107m858) "The following network error occurred while retrieving the application:  The revocation function was unable to check revocation because the revocation server was offline.  See attached image of error.

At this point, I am not sure why my two new beacons are not reporting in; Instead to check connectivity.

Need some pointers here as this is a first and I have other beacons successfully deployed in the same environment.  Solution is FNMS 2018 R2, On-Prem.

Thanks in advance!

(4) Replies

Hi @marcos_lara ,

This a common issue when you use https communication and the CRL (Certificate Revocation List) is not reachable from the server. 

You have 2 option:

1) To open the firewall to your CRL list, so that the certificate can be checked, the secure way.

2) Disable the Certificate Revocation Check, this is not ok from security point of view, as the servers will be unable to check if the certificate that he use is compromise or not.

To disable the check for CRL, please see help:

https://helpnet.flexerasoftware.com/FlexNetManagerSuite2019R2/EN/WebHelp/index.html#reference/FIB-Registry.html

Searhch for:

CheckCertificateRevocation

 

So would I open the firewall to the app server, allowing access to CRL list, to the beacon, or both ways?

Regards,

Marcos Lara
Software Licensing & Management Solutions
SAM Services Team
DXC Technology
==================================
2020 Planned Leave:
June 8 - June 18




DXC Technology Company - Headquarters: 1775 Tysons Boulevard, Tysons, Virginia 22102, USA.
DXC Technology Company -- This message is transmitted to you by or on behalf of DXC Technology Company or one of its affiliates. It is intended exclusively for the addressee. The substance of this message, along with any attachments, may contain proprietary, confidential or privileged information or information that is otherwise legally exempt from disclosure. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient of this message, you are not authorized to read, print, retain, copy or disseminate any part of this message. If you have received this message in error, please destroy and delete all copies and notify the sender by return e-mail. Regardless of content, this e-mail shall not operate to bind DXC Technology Company or any of its affiliates to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.

Hi,

The firewall should be open from your beacon server to the CRL server, you should check with your AD team or with your PKI team to provide you the servers which hold the CRL list.

Opening the flow from your app servers to the CRL servers will not solve your issue.

As a temporary solution you can disable the check as instructed in the link that I provided.

 

Hi Marcos,

The mgsPolicy command line tool is meant for downloading the policy for the Flexera Agent only.

When you do a default installation of a Flexera Beacon, a Flexera Agent will be installed on the computer, too.

Once you fixed the problem with the certificate on your Inventory server and did configure the parent connection in the Beacon UI, all you need to do is trigger the download of the policy by either launching the Beacon UI or restarting the "Flexera Beacon Engine" Windows service.

Check the Beacon Log files for any errors.