- Flexera Community
- :
- FlexNet Manager
- :
- FlexNet Manager Forum
- :
- Re: Revocation server offline error
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Subscribe
- Mute
- Printer Friendly Page
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Deploying agent to new beacon support internal SSL certificate. Agent installs successfully completes with servers in same domain.
Am testing on a server in different domain and receiving Revocation server offline error in the installation.log. We have validated that the windows server has the required root cert and firewall updates are in place to download the crls from the distribution points. We also successfully connect to the beacon from the windows server from a browser - https://<beacon-name>/ManageSoftDL/test so everything appears fine there.
Any ideas?
Thanks
Craig
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We figured out this issue. We ran the CRLUTIL check utility and it turns out our CRL file was expired. We updated CRL file and works correctlynow.
Thanks
This thread has been automatically locked due to inactivity.
To continue the discussion, please start a new thread.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @craig_moore ,
Please follow the KB articles and see if they are useful in your scenario.
will you be able to share the exact error you are seeing in the installation log.
regards,
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Below is the extract. Note that we ran a test yesterday and installed the agent on a Linux server with no errors (reported in as expected). So works with Linux but not windows from this other domain. Windows servers in same domain report in fine.
Thanks
[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0x80092013: The revocation function was unable to check revocation because the revocation server was offline.
[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0xE050044D: Failed to create remote directory /ManageSoftRL
[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0xE0690099: Specified remote directory is invalid, or could not be created
[7/6/2021 11:53:11 AM (G, 0)] {2528} ERROR: Remote directory is invalid
[7/6/2021 11:53:11 AM (G, 0)] {2528} Upload failed due to a server side issue. This server may be retried during this upload session.
[7/6/2021 11:53:11 AM (G, 0)] {2528} WARNING: FlexNet Manager Platform has failed to upload a file to all configured upload servers; aborting attempt to upload these file(s)
[7/6/2021 11:53:11 AM (G, 0)] {2528} Uploading finished
[7/6/2021 11:53:11 AM (G, 0)] {2528} ************************************************************
[7/6/2021 11:53:11 AM (G, 0)] {2528} Unable to upload inventory file(s)
[7/6/2021 11:53:11 AM (U, 0)] {2528} ERROR: Error (s189m263)
[7/6/2021 11:53:11 AM (U, 0)] {2528} ----------------
[7/6/2021 11:53:11 AM (U, 0)] {2528} FlexNet Manager Platform could not upload the inventory.
[7/6/2021 11:53:11 AM (G, 0)] {2528} Program exited with code -524484345
[7/6/2021 11:53:11 AM (G, 0)] {2528} ************************************************************
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
This error almost certainly indicates that the computer has successfully made an HTTPS connection to the beacon, but is subsequently failing to make an HTTPS connection to the server that holds the certificate revocation list identified in the certificate configured on the beacon.
One way to test this connectivity would be to identify the host from the CRL URL in the certificate, and execute a PowerShell command similar to the following on a computer that is having trouble:
Test-NetConnection server-hosting-your-crl.acme.com -port 443
It's possible to configure the agent to skip checking the certificate revocation list by setting the agent's CheckCertificateRevocation preference to "false". However if it is possible to work out the connectivity issues, it is better to avoid disabling the check: presumably whoever configured the certificate for the beacon explicitly added a CRL URL in there because they intend for it to be used to detect if the certificate ever has to be revoked.
- Mark as New
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We figured out this issue. We ran the CRLUTIL check utility and it turns out our CRL file was expired. We updated CRL file and works correctlynow.
Thanks
