Hi,
At the beginning of 2019 Q1 we rolled out the FlexNet Agent 13.1.1 Build 8.712 on all devices for a customer. Since the end of March, all Windows 7 devices no longer transfer their inventory to the Beacon Server. All other devices (Win 10, RHEL, AIX, Win Server, ...) communicate successfully.
Then the customer confirmed that TLS 1.0/1.1 was switched off centrally.
A check on the Win 7 devices showed that TLS 1.2 is active in the OS, but the agent throws the following error message:
An existing connection was forcibly closed by the remote host.
Therefore we went into the KB article and other links:
https://docs.microsoft.com/de-de/dotnet/framework/network-programming/tls
As a result, we made the following changes on the registry of a test client, but unfortunately we got the same result after a test:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.2\Client]
"DisabledByDefault"=dword:00000000
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\WinHttp]
"DefaultSecureProtocols"=dword: 00000800
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v2.0.50727]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\.NETFramework\v4.0.30319]
"SystemDefaultTlsVersions"=dword:00000001
"SchUseStrongCrypto"=dword:00000001
Has someone fixed TLS 1.2 issues with Win 7 and maybe went through the same steps?
Thanks a lot.
Martin
Martin
‎Jun 27, 2019 04:21 AM
‎Jun 28, 2019 10:54 AM
Hi,
Thanks for the reply.
I found the following at the tracker.log for a manual test, as the agent tries to reach several upload locations.
Each of those are responding with the same error messages. Please find the last one in the log bellow:
“…
[27.06.2019 10:18:04 (N, 0)] {3324} Error 0x80072746: An existing connection was forcibly closed by the remote host.
[27.06.2019 10:18:04 (N, 0)] {3324} Error 0xE050044D: Failed to create remote directory /ManageSoftRL
[27.06.2019 10:18:04 (N, 0)] {3324} Error 0xE0690099: Specified remote directory is invalid, or could not be created
[27.06.2019 10:18:04 (G, 0)] {3324} ERROR: Remote directory is invalid
[27.06.2019 10:18:04 (G, 0)] {3324} Upload failed due to a server side issue. This server may be retried during this upload session.
[27.06.2019 10:18:04 (G, 0)] {3324} WARNING: FlexNet Manager Platform has failed to upload a file to all configured upload servers; aborting attempt to upload these file(s)
[27.06.2019 10:18:04 (G, 0)] {3324} Uploading finished
[27.06.2019 10:18:04 (G, 0)] {3324} ************************************************************
[27.06.2019 10:18:04 (G, 0)] {3324} Unable to upload inventory file(s)
[27.06.2019 10:18:04 (U, 0)] {3324} ERROR: Error (s189m263)
[27.06.2019 10:18:04 (U, 0)] {3324} ----------------
[27.06.2019 10:18:04 (U, 0)] {3324} FlexNet Manager Platform could not upload the inventory.
[27.06.2019 10:18:04 (G, 0)] {3324} Program exited with code -524484345
[27.06.2019 10:18:04 (G, 0)] {3324} ************************************************************
…“
‎Jul 11, 2019 09:54 AM
Hi Martin, not sure if you have already done this but you need to make some changes on the Beacon servers if they are not already configured for TLS 1.2. I have attached the Flexera Article that shows you what you need to do. Basically, they are adding some new registry keys.
Take a quick look on one of your Beacon servers to see if the registry settings identified in the article are in place.
‎Jul 11, 2019 01:19 PM
Hi Martin
We too facing similar error, however we ensured the tls 1.2 settings are enabled on beacons and few win7 agents computers as well. However, we facing below errors :
1. Few agents started reporting even without tls 1.2 setting on end computers, but few failed
2. Then we enabled tls 1.2 on a few win 7 computers, few started reporting but not reporting after a few days. with error logs say: hostname not found,few other errors says - connection forcibly terminated by host
so, we need to answer the customer that - why few machines were reporting even without a tls 1.2 setting while the security policies are same across the domain and how to fix all the errors.
Appreciate your help
‎Jan 29, 2020 12:49 AM - edited ‎Jan 29, 2020 01:01 AM
If you're still having issues, I suggest that you create a support case and request assistance in further troubleshooting.
Thanks,
‎Feb 06, 2020 03:59 AM