This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Linux devices not able to upload to beacon (OpenSSL unable to get local issuer certificate)

Jump to solution
gilesogram
By
Level 4

 

We are using zero touch to collect inventory form a few Linux devices. The inventory is running correctly (i.e. username etc all correct).

However the upload fails (as see in the tracker.log) with the following error:

Error 0xE1BBFC14: OpenSSL error 0xFC14: unable to get local issuer certificate

and they are unable to create and upload inventories.

We have tried to add the IP and also the FQDN in the BeaconEngine.conf file, but this has made no difference.

The beacon and FNMS are running HTTPS and their certificates are valid.

Do we need to get a local copy of those certificates installed on the Linux devices, or a copy of the RootCA added to the Linux?

 

‎Mar 05, 2024 04:27 AM

tracker.log
0 Kudos
(2) Solutions

Jump to solution
ChrisG
By Community Manager Community Manager
Community Manager

Unfortunately file upload using HTTPS protocol is not directly supported for UNIX-like platforms when using zero-touch inventory.

See some commentary about this on the following page in the Gathering FlexNet Inventory guide (search in the page for the string "ssl"): Zero-Footprint: System Requirements

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

‎Mar 05, 2024 04:37 AM

Jump to solution
ChrisG
By Community Manager Community Manager
Community Manager
In response to gilesogram

Yes, deploying the agents (with an appropriate certificate configured) would allow data to be uploaded using HTTPS. Beyond just the HTTPS considerations, having agents deployed is typically a more robust and reliable approach for gathering inventory than using the zero-touch approach. The zero-touch approach is very sensitive to factors such as network connectivity, having credentials for remote access configured, target devices being online, etc.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

View solution in original post

‎Mar 05, 2024 04:55 AM

(5) Replies

Jump to solution
ChrisG
By Community Manager Community Manager
Community Manager

Unfortunately file upload using HTTPS protocol is not directly supported for UNIX-like platforms when using zero-touch inventory.

See some commentary about this on the following page in the Gathering FlexNet Inventory guide (search in the page for the string "ssl"): Zero-Footprint: System Requirements

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Mar 05, 2024 04:37 AM

Jump to solution
gilesogram
By
Level 4
In response to ChrisG

Thanks for the update.

Would it then be better to get the agents deployed on those Linux devices instead?

‎Mar 05, 2024 04:47 AM

0 Kudos

Jump to solution
ChrisG
By Community Manager Community Manager
Community Manager
In response to gilesogram

Yes, deploying the agents (with an appropriate certificate configured) would allow data to be uploaded using HTTPS. Beyond just the HTTPS considerations, having agents deployed is typically a more robust and reliable approach for gathering inventory than using the zero-touch approach. The zero-touch approach is very sensitive to factors such as network connectivity, having credentials for remote access configured, target devices being online, etc.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Mar 05, 2024 04:55 AM

Jump to solution
gilesogram
By
Level 4

So latest update is that we can get the ndlaunch command to run direct from a Linux machine to the beacon HTTPS URL.

However, when we try the task from a discovery/inventory rule on our beacon, it seems to discover correctly, and create an inventory, but we get the following error when trying to upload:

2024-03-05 16:34:12,098 [.BasicInventoryVisitor| rules-9] [INFO ] Queued zero touch inventory on device 'linux02'
2024-03-05 16:34:36,147 [.BasicInventoryVisitor| rules-9] [INFO ] ---------------------------------------------------------------------------------------------------------------------
2024-03-05 16:34:36,147 [.BasicInventoryVisitor| rules-9] [INFO ] Finished processing task of type 'TaskType_Inventory' on target 'x.x.x.112' with result '-3'
2024-03-05 16:34:36,147 [.BasicInventoryVisitor| rules-9] [INFO ] Result of type 'TaskType_Inventory' on target 'x.x.x.112':
<TaskStatus Result="Failed" StartDateTime="2024-03-05T16:34:12" Type="Inventory" Status="RemoteExecutionFailedReturnedNonZero" Duration="24.01">
<Step Result="Success" Type="SSHCopyAgent" Status="SSHExecutionSucceeded" Credential="Linux" Duration="2.44">
<CommandLine>C:\Program Files (x86)\Flexera Software\Inventory Beacon\RemoteExecution\pscp.exe -batch -q -ln &quot;Linux&quot; \\beacon\mgsRET$\Inventory\ndtrack.sh \\beacon\mgsRET$\Inventory\ndtrack.ini \\beacon\mgsRET$\Inventory\InventorySettings.xml x.x.x.112:.</CommandLine>
</Step>
<Step Result="Failed" Type="SSHCommandRunAgent" Status="SSHExecutionOnRemoteHostReturnedNonZero" Credential="Linux" Duration="21.19">
<CommandLine>C:\Program Files (x86)\Flexera Software\Inventory Beacon\RemoteExecution\plink.exe -t -batch -ln &quot;Linux&quot; x.x.x.112 &quot;sudo /bin/sh ./ndtrack.sh -t Machine -o UploadLocation=&quot;&quot;https://beacon.dcss.dev/ManageSoftRL&quot;&quot; -o LogModules=&quot;&quot;default&quot;&quot; -o IgnoreConnectionWindows=&quot;&quot;true&quot;&quot; -o ShowIcon=&quot;&quot;false&quot;&quot; -o PolicyRevisionNumber=&quot;&quot;165&quot;&quot; -o RuleID=&quot;&quot;9&quot;&quot; -o SessionUID=&quot;&quot;2ea9222d-6bb5-480c-8130-5aae4052b942&quot;&quot; -o IncludeDirectory=&quot;&quot;&quot;&quot; -o CALInventory=&quot;&quot;False&quot;&quot;&quot;</CommandLine>
<ProcessStdOut>[sudo] password for user:
ManageSoft Inventory agent 21.0 -&gt; Build 678
Copyright 2023 Flexera Software LLC
----- Gathering inventory
&gt; Initialising
&gt; Searching for hardware
&gt; Searching for Oracle database instances
&gt; Searching for Oracle listener
&gt; Searching for software
&gt; Searching the native package database
&gt; Symantec Storage Foundation Tracking Started
&gt; IBM MQ Queue Manager Tracking Started
&gt; IBM Db2 tracking started.
&gt; Started Jboss tracking
&gt; Generating inventory &apos;/var/tmp/flexera/tracker/inventories/system on linux02.ndi&apos;
&gt; Compressing inventory &apos;system on devmgtter02.ndi&apos; to &apos;mgs82255128.ndi.gz.tmp&apos;
&gt; Uploading inventory
*** Error: Error (s189m263)
*** FlexNet Manager Platform could not upload the inventory.
</ProcessStdOut>
<Parameter Index="0">7</Parameter>
</Step>
</TaskStatus> 

‎Mar 05, 2024 10:48 AM

0 Kudos

Jump to solution
gilesogram
By
Level 4

So we think that the linux agent has a set of scheduled tasks that will collect the inventory and upload to the beacon. That has been checked by running 'ndschedag -e' and the log files show the uploads are working to the HTTPS address of the beacon.

‎Mar 06, 2024 04:01 AM

0 Kudos