Some users may have issues creating a community account See more here.

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
craig_moore
Active participant
‎Jul 13, 2021 12:24 PM

Revocation server offline error

Jump to solution

Deploying agent to new beacon support internal SSL certificate.  Agent installs successfully completes with servers in same domain.

Am testing on a server in different domain and receiving Revocation server offline error in the installation.log.  We have validated that the windows server has the required root cert and  firewall updates are in place to download the crls from the distribution points.  We also successfully connect to the beacon from the windows server from a browser - https://<beacon-name>/ManageSoftDL/test so everything appears fine there.

 

Any ideas?

 

Thanks

Craig

0 Kudos
1 Solution
craig_moore
Active participant
In response to ChrisG
‎Jul 21, 2021 10:56 AM

Jump to solution

We figured out this issue.  We ran the CRLUTIL  check utility and it turns out our CRL file was expired.  We updated CRL file and works correctlynow.

 

Thanks

View solution in original post

4 Replies
winvarma
Analyst
‎Jul 14, 2021 12:42 AM

Jump to solution

Hi @craig_moore ,

Please follow the KB articles and see if they are useful in your scenario. 

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/FlexNet-Inventory-Agent-The-revocati... 

https://community.flexera.com/t5/FlexNet-Manager-Knowledge-Base/The-revocation-function-was-unable-t... 

will you be able to share the exact error you are seeing in the installation log.

 

regards, 

0 Kudos
craig_moore
Active participant
In response to winvarma
‎Jul 15, 2021 09:56 AM

Jump to solution

Below is the extract.  Note that we ran a test yesterday and installed the agent on a Linux server with no errors (reported in as expected).  So works with Linux but not windows from this other domain.  Windows servers in same domain report in fine.

 

Thanks

 

[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0x80092013: The revocation function was unable to check revocation because the revocation server was offline.

[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0xE050044D: Failed to create remote directory /ManageSoftRL

[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0xE0690099: Specified remote directory is invalid, or could not be created

[7/6/2021 11:53:11 AM (G, 0)] {2528} ERROR: Remote directory is invalid

[7/6/2021 11:53:11 AM (G, 0)] {2528} Upload failed due to a server side issue.  This server may be retried during this upload session.

[7/6/2021 11:53:11 AM (G, 0)] {2528} WARNING: FlexNet Manager Platform has failed to upload a file to all configured upload servers; aborting attempt to upload these file(s)

[7/6/2021 11:53:11 AM (G, 0)] {2528} Uploading finished

[7/6/2021 11:53:11 AM (G, 0)] {2528} ************************************************************

[7/6/2021 11:53:11 AM (G, 0)] {2528} Unable to upload inventory file(s)

[7/6/2021 11:53:11 AM (U, 0)] {2528} ERROR: Error (s189m263)

[7/6/2021 11:53:11 AM (U, 0)] {2528} ----------------

[7/6/2021 11:53:11 AM (U, 0)] {2528} FlexNet Manager Platform could not upload the inventory.

 

[7/6/2021 11:53:11 AM (G, 0)] {2528} Program exited with code -524484345

[7/6/2021 11:53:11 AM (G, 0)] {2528} ************************************************************

 

 

0 Kudos
ChrisG
Community Manager Community Manager
Community Manager
In response to craig_moore
‎Jul 16, 2021 01:41 AM

Jump to solution

This error almost certainly indicates that the computer has successfully made an HTTPS connection to the beacon, but is subsequently failing to make an HTTPS connection to the server that holds the certificate revocation list identified in the certificate configured on the beacon.

One way to test this connectivity would be to identify the host from the CRL URL in the certificate, and execute a PowerShell command similar to the following on a computer that is having trouble:

Test-NetConnection server-hosting-your-crl.acme.com -port 443

It's possible to configure the agent to skip checking the certificate revocation list by setting the agent's CheckCertificateRevocation preference to "false". However if it is possible to work out the connectivity issues, it is better to avoid disabling the check: presumably whoever configured the certificate for the beacon explicitly added a CRL URL in there because they intend for it to be used to detect if the certificate ever has to be revoked.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)
craig_moore
Active participant
In response to ChrisG
‎Jul 21, 2021 10:56 AM

Jump to solution

We figured out this issue.  We ran the CRLUTIL  check utility and it turns out our CRL file was expired.  We updated CRL file and works correctlynow.

 

Thanks

View solution in original post