We have FNMS 2019 R2 on-premises.
Recently we observe that many machines are not able to download policy files. We have uninstall FNMS agent in one machine then delete managesoft folder and install agent again but while downloading machine policy file it gives error.
Download failure: Error 0xE0500013: Timeout on connection
When copy Download URL from installation log file and paste it in browser then browser does not show any result also file is not downloaded and it is showing waiting.
May 11, 2020 05:41 AM
Hello @msutharh,
From the agent device, what is the result of navigating to <BeaconURL>/ManageSoftDL/test in a browser?
The error suggests a connectivity issue between agent and beacon. Can you telnet over port 80/443 from agent -> beacon?
Do other agents seem to be reporting in to this beacon OK?
HTH,
Joseph
May 11, 2020 05:45 AM
Beacon URL is accessible from client machine.
I am able to telnet on port 80 and 443 both. Yes, other agents reporting is ok.
May 11, 2020 06:44 AM
We have FlexNet Manager Suite 2020 R2 agent 15 and facing the same problem on many machines. Some machines could connect and some not.
Even worse, some could connect and now running into the same downlad failure on windows - all are 2012 R2 machines.
We can connect without problems by browser and download the files.
But running the mgspolicy - Machine gives the time out error.
Do you have any idea what happened or what we can do to solve this mystery?
May 10, 2021 05:38 AM
@Lars_F - your browser being able to connect to a URL that FlexNet inventory agent processes are failing to connect to could be a symptom that access to the URL is going through a web proxy that the browser is configured to use but the agent is not configured to use.
May 10, 2021 10:37 PM
Hello,
I usually test the connection with powershell:
test-netconnection -port 443 -computername <host name of the beacon>
I found this commend very useful because some time I found that the ping is working from server to beacon but the port is closed, other times is the ping disabled but the port is open.
May 11, 2021 04:33 AM
Thanks for your hints.
I've disabled the SSL settings of IIS from accept to ignore - seems to work for some systems.
To execute the mgspolicy on all affected machines will take some time. I will then check the rest with your suggestions.
May 11, 2021 04:51 AM
Hi Adrian,
thank you for the idea. We have to support the full sortiment of operating systems available. And so I found the command CURL very usefull. It has a bunch of options, but there are no deviation on each architectures options. And it has choices for deep inspection of multiple protocols and is also available on MS Windows from stock. For pure connection inspection you can use i.e. "curl -vki https://flexbeacon". Second test might be the reachability of Certificate Authority (Port 80 !), potentially it is in another DMZ.
And if there are network related showstoppers, you have to dive deeper. How already mentioned, because of security concerns are there some protocols barred from use. So ping and oldstyle traceroute might not work. But because you are only interested in TCP-traffic of HTTP protocol, you are lucky to use your "netstat -an" to analyse your stack of TCP-ports. Filtering it with grep/findstr for status "SYN" or "FIN" will give you hints for broken network connections. Your network dude will appreciate your hints.
Kind regards, Juergen
Mar 02, 2022 06:47 AM
few tests that I do in such scenarios :
1. Run https://<ipaddress>/ManagesoftDL/Test or http://<FQDN>/ManagesoftDL/Test on the agent device browser. If you don't get "Test succeeded", most likely it is a port/firewall issue. get them opened based on your environment.
2. telnet <ipaddress> <port> or telnet <FQDN> <port>
this will tell you about the same port issue.
3. In one of my case, my old agent didn't worked at all after port and firewall fix, I upgraded the agent to the next available version.
Hope It may help.
Feb 22, 2022 08:21 AM - edited Feb 22, 2022 08:22 AM
Hi Sushant, I hope you're well?
I really appreciate your contribution to the discussion here!
I might recommend @adrian_ritz1 's suggestion above telnet:
test-netconnection -port 443 -computername <host name of the beacon>
I find that often telnet is disabled on customer devices, while Test-NetConnection is a standard Powershell command. Most devices should therefore have access to it.
Best regards,
Jack
Feb 22, 2022 10:51 AM
@Lars_F , I notice something in your response
I've disabled the SSL settings of IIS from accept to ignore - seems to work for some systems.
Take note to not mix things up, if you put the settings in IIS to accept for certificate, you need to take into consideration mTLS, which you will check if the agent have also a certificate and is trusted, how ever if you want to go on this path, then you need to do additional settings.
Mar 01, 2022 11:26 AM