cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

FlexNet Agent on Win 7 over TLS 1.2 [Issue] [Error]

Hi,

At the beginning of 2019 Q1 we rolled out the FlexNet Agent 13.1.1 Build 8.712 on all devices for a customer. Since the end of March, all Windows 7 devices no longer transfer their inventory to the Beacon Server. All other devices (Win 10, RHEL, AIX, Win Server, ...) communicate successfully.

Then the customer confirmed that TLS 1.0/1.1 was switched off centrally.

A check on the Win 7 devices showed that TLS 1.2 is active in the OS, but the agent throws the following error message:

 

An existing connection was forcibly closed by the remote host.

 

Therefore we went into the KB article and other links:

https://community.flexera.com/t5/FlexNet-Manager-knowledge-base/Transport-Layer-Security-TLS-1-1-1-2-Configuration/ta-p/2250

https://community.flexera.com/t5/FlexNet-Manager-knowledge-base/How-to-setup-https-SSL-TLS-to-secure-and-encrypt-internal-FNMS/ta-p/2085

https://docs.microsoft.com/de-de/dotnet/framework/network-programming/tls

 

As a result, we made the following changes on the registry of a test client, but unfortunately we got the same result after a test:

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]

"DisabledByDefault"=dword:00000000

"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]

"DefaultSecureProtocols"=dword: 00000800

 

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]

"SystemDefaultTlsVersions"=dword:00000001

"SchUseStrongCrypto"=dword:00000001

 

Has someone fixed TLS 1.2 issues with Win 7 and maybe went through the same steps?

Thanks a lot.

 

Martin

 

Martin

(5) Replies
Hi Martin,
Can you post snippets from the upload logs with any additional context around the error you are encountering?

Hi,

Thanks for the reply.

I found the following at the tracker.log for a manual test, as the agent tries to reach several upload locations.

Each of those are responding with the same error messages. Please find the last one in the log bellow:

“…

 

[27.06.2019 10:18:04 (N, 0)] {3324} Error 0x80072746: An existing connection was forcibly closed by the remote host.

[27.06.2019 10:18:04 (N, 0)] {3324} Error 0xE050044D: Failed to create remote directory /ManageSoftRL

[27.06.2019 10:18:04 (N, 0)] {3324} Error 0xE0690099: Specified remote directory is invalid, or could not be created

[27.06.2019 10:18:04 (G, 0)] {3324} ERROR: Remote directory is invalid

[27.06.2019 10:18:04 (G, 0)] {3324} Upload failed due to a server side issue.  This server may be retried during this upload session.

[27.06.2019 10:18:04 (G, 0)] {3324} WARNING: FlexNet Manager Platform has failed to upload a file to all configured upload servers; aborting attempt to upload these file(s)

[27.06.2019 10:18:04 (G, 0)] {3324} Uploading finished

[27.06.2019 10:18:04 (G, 0)] {3324} ************************************************************

[27.06.2019 10:18:04 (G, 0)] {3324} Unable to upload inventory file(s)

[27.06.2019 10:18:04 (U, 0)] {3324} ERROR: Error (s189m263)

[27.06.2019 10:18:04 (U, 0)] {3324} ----------------

[27.06.2019 10:18:04 (U, 0)] {3324} FlexNet Manager Platform could not upload the inventory.

 

[27.06.2019 10:18:04 (G, 0)] {3324} Program exited with code -524484345

[27.06.2019 10:18:04 (G, 0)] {3324} ************************************************************

 

…“

Hi Martin, not sure if you have already done this but you need to make some changes on the Beacon servers if they are not already configured for TLS 1.2. I have attached the Flexera Article that shows you what you need to do. Basically, they are adding some new registry keys.

Take a quick look on one of your Beacon servers to see if the registry settings identified in the article are in place.

 

Hi Martin

@martin_schulz 

@bruce_giles 

We too facing similar error, however we ensured the tls 1.2 settings are enabled on beacons and few win7 agents computers as well. However, we facing below errors :

1. Few agents started reporting even without tls 1.2 setting on end computers, but few failed

2. Then we enabled tls 1.2 on a few win 7 computers, few started reporting but not reporting after a few days. with error logs say: hostname not found,few other errors says - connection forcibly terminated by host

so, we need to answer the customer that - why few machines were reporting even without a tls 1.2 setting while the security policies are same across the domain and how to fix all the errors.

Appreciate your help

@ImIronMan 

If you're still having issues, I suggest that you create a support case and request assistance in further troubleshooting.

Thanks,