The "FlexNet Manager Platform cannot access the directories describing your FlexNet Manager Platform applications" log message suggests the configuration of the agent on this machine is somewhat suspect.

As per the thread that @durgeshsingh referred to, uninstalling the agent, deleting /var/opt/managesoft and re-installing the agent may be the most pragmatic and safest path forward here to get to a clean/known state.

Another option (although potentially not as safe if the configuration is really messed up) would be to try to reset the configuration to a default state by executing the following command:

/opt/managesoft/bin/mgsconfig -i /opt/managesoft/install/default.ini

If you want to dig into the configuration some more to see what may have gone wrong (before doing any of the above uninstall or reset steps), take a look at the /var/opt/managesoft/etc/config.ini file and verify the following settings appear configured in the [ManageSoft\Launcher\CurrentVersion] section of that file:

LogFile=$(CommonAppDataFolder)/log/installation.log
CacheDirectory=$(CommonAppDataFolder)/launcher/cache
PkgCacheDirectory=$(CommonAppDataFolder)/launcher/pkgcache
PluginDirectory=$(InstallDir)/lib/launcher

Thank for your quick response. @ChrisG  I corrected settings as you provided in /var/opt/managesoft/etc/config.ini and I'm now getting this when running again adjusted mgspolicy command: 

----------------------------------------------------------------------------------------------------------------------------------------------------------

Failed to retrieve URL https://beacon.domain/ManageSoftRL/Policies/Merged/_domain/Machine/deviceHostname.npl?machinename=deviceHostname&ipaddress=10.XXX.XXX.XXX,10.XXX.XXX.XXXlXXXXXXX]

-----------------------------------------------------------------------------------------------------------------------------------------------------------

and further (I replaced with 'beacon.domain', 'deviceHostname' and 'X'):

-----------------------------------------------------------------------------------------------------------------------------------------------------------

A few things to check--i noticed you're using SSL.  This could be as simple as the cert chain isn't trusted, and therefore won't make the secure connection.  I've run into a lot of that with my customers that use internally generated (non-commercial) SSL certs with 3rd part root CAs.  Also, if the revocation isn't available to look up, it won't work either.  When installing the Unix agent, copy the bootstrap file "mgsft_rollout_response" into the same directory you run the install from.  The file should look like this:

------------

# The initial download location(s) for the installation.
# For example, http://myhost.mydomain.com/ManageSoftDL/
# Refer to the documentation for further details.
MGSFT_BOOTSTRAP_DOWNLOAD=https://beacon.domain.com/ManageSoftDL/
# The initial reporting location(s) for the installation.
# For example, http://myhost.mydomain.com/ManageSoftRL/
# Refer to the documentation for further details.
MGSFT_BOOTSTRAP_UPLOAD=https://beacon.domain.com/ManageSoftRL/
# For subnets using IPv6, uncomment to cause the inventory agent
# to prefer IPv6 addresses when both formats are returned.
# Fails over to IPv4 addresses when IPv6 is not available.
# The default behavior when this setting is not specified
# uses the IP version of the first address returned by the DNS and OS.
# PREFERIPVERSION=ipv6
# The initial proxy configuration. Uncomment these to enable proxy configuration.
# Note that setting values of NONE disables this feature.
# MGSFT_HTTP_PROXY=http://webproxy.local:3128
# MGSFT_HTTPS_PROXY=https://webproxy.local:3129
# MGSFT_NO_PROXY=internal1.local,internal2.local
# Check the HTTPS server certificate's existence, name, validity period,
# and issuance by a trusted certificate authority (CA). This is enabled
# by default and can be disabled with false.
MGSFT_HTTPS_CHECKSERVERCERTIFICATE=true
# Check that the HTTPS server certificate has not been revoked. 
# enabled by default and can be disabled with false.
MGSFT_HTTPS_CHECKCERTIFICATEREVOCATION=true
# Prioritize the method of checking for revocation of the HTTPS server
# certificate. You can reverse the values to swap the default order.
# MGSFT_HTTPS_PRIORITIZEREVOCATIONCHECKS=OCSP,CRL
# These settings control the caching of HTTPS server certificate checking.
# Default values are shown (these take effect when no settings are specified).
# Lifetime is in seconds. There are parallel settings for using CRL or OCSP
# checking. See documentation for more information.
# MGSFT_HTTPS_SSLCRLCACHELIFETIME=64800
# MGSFT_HTTPS_SSLOCSPCACHELIFETIME=64800
# The run policy flag determines if policy will run after installation.
# "1" or "Yes" will run policy after install
# "0" or "No" will not run policy
MGSFT_RUNPOLICY=1

-----------

The two keys to make sure are disabled, or that you need to be worried about are: 

MGSFT_HTTPS_CHECKSERVERCERTIFICATE=true

this is the server validation---if it can't validate the SSL cert, the connection fails.  If you want to skip this (not recommended), then set this to false and it won't validate the server cert.  For testing purposes, setting this to false to validate this is the issue can be done.

MGSFT_HTTPS_CHECKCERTIFICATEREVOCATION=false

this is the server certificate revocation check---if you want to skip this, set it to false.  On closed networks, this can be a problem.

If you want to keep the server certificate check to true---but use 3rd party CAs....You have to put a copy of the CA certificate chain into a file called "cert.pem" and drop it in /var/opt/managesoft/etc/ssl for it to validate the certificate.  I won't go into it here--but if you need details on doing that, let me know.

Look in the agent's /var/opt/managesoft/log/installation.log file for more specific details of the download failure.

I'd be doing basic tests to ensure the beacon is running and accessible at this point. Some checks you could do here are:

• Check that the client computer has network connectivity to be able to connect to port 433 (HTTPS) on the beacon. For example:

  telnet beacon.domain 443

• Attempt to access the policy URL using HTTP (not HTTPS) from a browser running on the beacon itself to ensure the beacon is configured and operational:
  http://localhost/ManageSoftRL/Policies/Merged/_domain/Machine/deviceHostname.npl?machinename=deviceHostname&ipaddress=10.XXX.XXX.XXX,10.XXX.XXX.XXX
   
• Check that you can access the policy URL using HTTPS (the protocol you're using with the agent) from a browser running on another computer that you know has network access to the beacon:
  https://beacon.domain/ManageSoftRL/Policies/Merged/_domain/Machine/deviceHostname.npl?machinename=deviceHostname&ipaddress=10.XXX.XXX.XXX,10.XXX.XXX.XXX

Hello thank you for your suggestions @ChrisG , in /var/opt/managesoft/log/installation.log, this issue is appearing:

[Tue Aug 10 13:58:52 CEST 2021 (Y, 0)] {34472046} Set symbol “DownloadRootURL” to value “https://beacon.domain/ManageSoftRL”
[Tue Aug 10 13:58:52 CEST 2021 (G, 1)] {34472046} Base URL “https://beacon.domain/ManageSoftRL/” will be used
[Tue Aug 10 13:58:52 CEST 2021 (N, 0)] {34472046} Downloading “https://beacon.domain/ManageSoftRL/Policies/Merged/_domain/Machine/deviceHostname.npl?machinename=deviceHostname&ipaddress=10.XXX.XXX.XXX,10.XXX.XXX.XXX” to “/var/tmp/NDL26122.npl”
[Tue Aug 10 13:58:52 CEST 2021 (G, 0)] {34472046} Download failure: OpenSSL error 0xFC14: unable to get local issuer certificate

• From computer client, telnet beacon.domain 443 is working well
• ERR_CONNECTION_REFUSED when attempting to access the policy URL using HTTP from a browser running on the beacon itself
• I'll try and update this post

Seems , Certificate file is missing during agent installation.

Can you confirm your installation steps & file name.

Hi,

When the agent is stuck, I run the policy agent with these options:

"c:\Program Files (x86)\ManageSoft\Policy Client\mgspolicy.exe" -t Machine -s http://beacon.mydomain.com/ManageSoftDL/Policies/Merged/_domain/Machine/deviceHostname.npl

Best regards,

Markward