winvarma
Level 10

FNMS agent installed on Windows server 2003 and 2008 were not reflecting

Hello Forum,

We are in the phase of initial setup of FNMS cloud 2019 R1.3 and have deployed agents(13.6.0) on few windows test servers (2003, 2008, 2012, 2016 & 2019) OS versions.

The FNMS agents  below 2012 OS were not reflecting in the Suite. Identified that the agents were giving the below error in the installation log

**********************************************************************************************************

[6/25/2019 4:05:30 PM (G, 1)] {4264} Base URL “https://xyz.com/ManageSoftDL/” will be used
[6/25/2019 4:05:30 PM (N, 0)] {4264} Downloading “https://xyz.com/ManageSoftDL/Policies/Merged/xyz.com_domain/Machine/xyz.npl?machinename=xyz&ipaddres... to “C:\Windows\TEMP\NDL9225.npl”
[6/25/2019 4:05:30 PM (G, 0)] {4264} Download failure: An existing connection was forcibly closed by the remote host.
[6/25/2019 4:05:30 PM (N, 0)] {4264} Download FAILED for “https://xyz.com/ManageSoftDL/Policies/Merged/xyz.com_domain/Machine/axcndevdb01.npl?machinename=axcn...
[6/25/2019 4:05:30 PM (N, 0)] {4264} Downloading “https:/xyz.com/ManageSoftDL/Policies/Merged/xyz_domain/Machine/xyz.npl?machinename=axcndevdb01&ipaddress=XXX.XXX.XXX.XXX” to “C:\Windows\TEMP\NDL9225.npl”
[6/25/2019 4:05:30 PM (G, 0)] {4264} Download failure: An existing connection was forcibly closed by the remote host.
[6/25/2019 4:05:32 PM (U, 0)] {4264} ERROR: Error (s107m858)
[6/25/2019 4:05:32 PM (U, 0)] {4264} ----------------
[6/25/2019 4:05:32 PM (U, 0)] {4264} The following network error occurred while retrieving the application:

An existing connection was forcibly closed by the remote host.

Contact your network administrator for assistance.

*************************************************************************************************************

Suspecting issue might be with the TLS protocol and request you to suggest the work around like registry settings in the client server, as we have only 1 Beacon setup in the solution and how to force the agent to communicate with the Beacon server.

Will be thankful for any leads and suggestions.

 

Thanks,

Winvarma

0 Kudos
5 Replies
bmaudlin
Level 8

This is typically the behaviour experienced in either:

Necessary firewalling hasn't been completed from Agent to Inventory server

Or more likely as its Windows 2012 and lower TLS 1.1/.2 has not been enabled on the servers to be inventoried by the agent. 

As on 2008R2 it is switched off by default, on lower so 2008 or 2003 it cannot be enabled. 

 

In terms of workaround - there is a number of options - and depending what the environment stipulates is also a factor:

Switch on TLS 1.1/.2 for 2008R2 Servers - however this will not solve the issue on 2003/2008.

Switch TLS off on the inventory beacon for client connections - im guessing here there is at least two beacons (inventory and master)

Enable a second beacon that does not have the requirement for TLS - however the agent configuration will have to differ for these versions 

Decomm the older servers - remove the problem that way 🙂

 

hi @bmaudlin ,

Thanks for sharing your thoughts on the issue,but there is no chance to deploy a second Beacon server and  will not be able to switch off TLS as the cloud solution inventory beacon should upload and download data via TLS 1.1/1.2 only due to security reasons(Data packets received by the Flexera Cloud that are encrypted using TLS 1.0 will not be accepted- by Flexera).

Smiley SurprisedThe solution is provided for a customer and he might not be a thought on decommissioning the old servers. 

Trying to figure out all the Possible work arounds,

0 Kudos

Hi @winvarma 

So I'm guessing that there is not two beacons in place? As my understanding is in terms of the Cloud solution at least it is recommended for at least two beacons to be in place:

So one that connects to the Flexera cloud with the necessary TLS requirement in place, and a second beacon to which collects the inventory data from the agent which doesn't require TLS which sends its data to the beacon that connects to the FLexera cloud.

Ben

 

0 Kudos

Hi @bmaudlin  yes there is only 1 Beacon and customer didn't accept for 2 beacons may be we will place one one more once the initial phase is completed, and then have to check as suggested.

Thanks for the reply

0 Kudos