We are experiencing an issue with FlexNet Agents on a Windows server reporting to a beacon. The following has been checked:
What could be the issue and what should we check.
Oct 15, 2019 04:42 PM
The verification you've done appears to confirm that the agent computer can connect to port 443 on the beacon OK, so I wonder if the timeout is occurring trying to connect to the certificate's certification revocation list (CRL) URL.
What value do you have configured for the CheckCertificateRevocation agent preference setting? Does it help to set this to "false"? For example, run the following to attempt to update policy:
start mgspolicy -t Machine -o CheckCertificateRevocation=false -o DownloadRootURL=https://JMNGD1BAW50V02.rjil.ril.com/ManageSoftDL
Oct 15, 2019 05:15 PM
A quick Google search on the error message indicates an issue with the certificates installed on your client computer(s).
A valid trusted root certification authority (CA) certificate has not been found in the Trusted Root Certification Authorities store. Check the following sites please:
Oct 16, 2019 03:23 AM
You can use the following option CheckServerCertificate =false
According to documentation:
When transferring data to or from an inventory beacon using the HTTPS protocol, a web server certificate is applied to
the data being transferred. All component agents can (and by default do) validate the public certificates received from
the inventory beacon against their local copy (on Windows, in the certificate store; and on UNIX in the PEM file).
If you wish, you can use the CheckServerCertificate preference to prevent agents from performing the certificate
check. (Without this check, the certificate is ignored, and the HTTPS protocol provides only encryption as security on the
transfer, without validating that the agent is contacting the correct inventory beacon server.)
You can set this as a common registry entry, so that the same behavior occurs across all agents; and you can override the
common behavior by setting an overriding registry entry for any individual agent if required. By default, this preference
is set so that all agents check the inventory beacon server certificate against the root CA certificate.
Also other question, when you installed the agent on unix/linux did you put before installation the certificate on server?
Also according to documentation:
If the target computer device is to use the HTTPS protocol to communicate with an inventory beacon, and you
require certificate checking to validate that the device is talking to the correct inventory beacon (for details, see
Agent third-party deployment: Enabling the HTTPS Protocol on UNIX Agents):
a. Prepare a summary HTTPS CA certificate for the target device(s) (see notes in Agent third-party
deployment: HTTPS CA Certificate File Format (UNIX))
b. Configure your deployment/installation tool to deliver the certificate file as /var/tmp/
mgsft_rollout_cert on the target device.
This file must be in place on the device before you run the installer for FlexNet inventory agent. During
installation, the /var/tmp/mgsft_rollout_cert file is copied to /var/opt/managesoft/etc/
Tip: If you do not complete this as part of the deployment and installation process, after installation
you can simply copy the completed certificate to /var/opt/managesoft/etc/ssl/cert.pem on
a device where FlexNet inventory agent is locally installed.
If you did the previous step correctly then probably there is a issue with your certificate, may be you can recreate it.
Oct 16, 2019 04:35 AM