Just completed the successful deployment of two new beacons. Install and configuration went smoothly. Tested connection successfully.
Problem is in FNMS whereby the two beacons are showing the following:
The two beacons were deployed two days ago, so they should be reporting in. Again, everything in the Beacon UI looks good on both beacons.
Attempted to run the following beacon policy command:
mgsPolicy -t machine -o DownloadRootURL=http://<MyMachineName>/ManageSoftDL
This was unsuccessful and produced error (s107m858) "The following network error occurred while retrieving the application: The revocation function was unable to check revocation because the revocation server was offline. See attached image of error.
At this point, I am not sure why my two new beacons are not reporting in; Instead to check connectivity.
Need some pointers here as this is a first and I have other beacons successfully deployed in the same environment. Solution is FNMS 2018 R2, On-Prem.
Thanks in advance!
Apr 02, 2020 02:56 PM
Hi @marcos_lara ,
This a common issue when you use https communication and the CRL (Certificate Revocation List) is not reachable from the server.
You have 2 option:
1) To open the firewall to your CRL list, so that the certificate can be checked, the secure way.
2) Disable the Certificate Revocation Check, this is not ok from security point of view, as the servers will be unable to check if the certificate that he use is compromise or not.
To disable the check for CRL, please see help:
Searhch for:
CheckCertificateRevocation
Apr 03, 2020 01:22 AM
Apr 03, 2020 08:20 AM
Hi,
The firewall should be open from your beacon server to the CRL server, you should check with your AD team or with your PKI team to provide you the servers which hold the CRL list.
Opening the flow from your app servers to the CRL servers will not solve your issue.
As a temporary solution you can disable the check as instructed in the link that I provided.
Apr 03, 2020 08:35 AM
Hi Marcos,
The mgsPolicy command line tool is meant for downloading the policy for the Flexera Agent only.
When you do a default installation of a Flexera Beacon, a Flexera Agent will be installed on the computer, too.
Once you fixed the problem with the certificate on your Inventory server and did configure the parent connection in the Beacon UI, all you need to do is trigger the download of the policy by either launching the Beacon UI or restarting the "Flexera Beacon Engine" Windows service.
Check the Beacon Log files for any errors.
Apr 03, 2020 04:01 AM