Some users may experience issues accessing the case portal. For more information, please click here.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FlexNet Agent on Win 7 over TLS 1.2 [Issue] [Error]

Hi,

At the beginning of 2019 Q1 we rolled out the FlexNet Agent 13.1.1 Build 8.712 on all devices for a customer. Since the end of March, all Windows 7 devices no longer transfer their inventory to the Beacon Server. All other devices (Win 10, RHEL, AIX, Win Server, ...) communicate successfully.

Then the customer confirmed that TLS 1.0/1.1 was switched off centrally.

A check on the Win 7 devices showed that TLS 1.2 is active in the OS, but the agent throws the following error message:

 

An existing connection was forcibly closed by the remote host.

 

Therefore we went into the KB article and other links:

https://community.flexera.com/t5/FlexNet-Manager-knowledge-base/Transport-Layer-Security-TLS-1-1-1-2-Configuration/ta-p/2250

https://community.flexera.com/t5/FlexNet-Manager-knowledge-base/How-to-setup-https-SSL-TLS-to-secure-and-encrypt-internal-FNMS/ta-p/2085

https://docs.microsoft.com/de-de/dotnet/framework/network-programming/tls

 

As a result, we made the following changes on the registry of a test client, but unfortunately we got the same result after a test:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]

"DefaultSecureProtocols"=dword: 00000800

 

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

 

Has someone fixed TLS 1.2 issues with Win 7 and maybe went through the same steps?

Thanks a lot.

 

Martin

 

Martin

This thread has been automatically locked due to inactivity.

To continue the discussion, please start a new thread.

5 Replies
ashurts1
Flexera Alumni

Hi Martin,
Can you post snippets from the upload logs with any additional context around the error you are encountering?

Hi,

Thanks for the reply.

I found the following at the tracker.log for a manual test, as the agent tries to reach several upload locations.

Each of those are responding with the same error messages. Please find the last one in the log bellow:

“…

 

[27.06.2019 10:18:04 (N, 0)] {3324} Error 0x80072746: An existing connection was forcibly closed by the remote host.

[27.06.2019 10:18:04 (N, 0)] {3324} Error 0xE050044D: Failed to create remote directory /ManageSoftRL

[27.06.2019 10:18:04 (N, 0)] {3324} Error 0xE0690099: Specified remote directory is invalid, or could not be created

[27.06.2019 10:18:04 (G, 0)] {3324} ERROR: Remote directory is invalid

[27.06.2019 10:18:04 (G, 0)] {3324} Upload failed due to a server side issue.  This server may be retried during this upload session.

[27.06.2019 10:18:04 (G, 0)] {3324} WARNING: FlexNet Manager Platform has failed to upload a file to all configured upload servers; aborting attempt to upload these file(s)

[27.06.2019 10:18:04 (G, 0)] {3324} Uploading finished

[27.06.2019 10:18:04 (G, 0)] {3324} ************************************************************

[27.06.2019 10:18:04 (G, 0)] {3324} Unable to upload inventory file(s)

[27.06.2019 10:18:04 (U, 0)] {3324} ERROR: Error (s189m263)

[27.06.2019 10:18:04 (U, 0)] {3324} ----------------

[27.06.2019 10:18:04 (U, 0)] {3324} FlexNet Manager Platform could not upload the inventory.

 

[27.06.2019 10:18:04 (G, 0)] {3324} Program exited with code -524484345

[27.06.2019 10:18:04 (G, 0)] {3324} ************************************************************

 

…“

0 Kudos

Hi Martin, not sure if you have already done this but you need to make some changes on the Beacon servers if they are not already configured for TLS 1.2. I have attached the Flexera Article that shows you what you need to do. Basically, they are adding some new registry keys.

Take a quick look on one of your Beacon servers to see if the registry settings identified in the article are in place.

 

Hi Martin

@martin_schulz 

@bruce_giles 

We too facing similar error, however we ensured the tls 1.2 settings are enabled on beacons and few win7 agents computers as well. However, we facing below errors :

1. Few agents started reporting even without tls 1.2 setting on end computers, but few failed

2. Then we enabled tls 1.2 on a few win 7 computers, few started reporting but not reporting after a few days. with error logs say: hostname not found,few other errors says - connection forcibly terminated by host

so, we need to answer the customer that - why few machines were reporting even without a tls 1.2 setting while the security policies are same across the domain and how to fix all the errors.

Appreciate your help

0 Kudos

@ImIronMan 

If you're still having issues, I suggest that you create a support case and request assistance in further troubleshooting.

Thanks,

0 Kudos