This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

A new Flexera Community experience is coming on November 18th, click here for more information.

cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Revocation server offline error

Jump to solution
craig_moore
By
Level 6

Deploying agent to new beacon support internal SSL certificate.  Agent installs successfully completes with servers in same domain.

Am testing on a server in different domain and receiving Revocation server offline error in the installation.log.  We have validated that the windows server has the required root cert and  firewall updates are in place to download the crls from the distribution points.  We also successfully connect to the beacon from the windows server from a browser - https://<beacon-name>/ManageSoftDL/test so everything appears fine there.

 

Any ideas?

 

Thanks

Craig

‎Jul 13, 2021 12:24 PM

0 Kudos
(1) Solution

Jump to solution
craig_moore
By
Level 6
In response to ChrisG

We figured out this issue.  We ran the CRLUTIL  check utility and it turns out our CRL file was expired.  We updated CRL file and works correctlynow.

 

Thanks

View solution in original post

‎Jul 21, 2021 10:56 AM

(4) Replies

Jump to solution
craig_moore
By
Level 6
In response to winvarma

Below is the extract.  Note that we ran a test yesterday and installed the agent on a Linux server with no errors (reported in as expected).  So works with Linux but not windows from this other domain.  Windows servers in same domain report in fine.

 

Thanks

 

[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0x80092013: The revocation function was unable to check revocation because the revocation server was offline.

[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0xE050044D: Failed to create remote directory /ManageSoftRL

[7/6/2021 11:53:11 AM (N, 0)] {2528} Error 0xE0690099: Specified remote directory is invalid, or could not be created

[7/6/2021 11:53:11 AM (G, 0)] {2528} ERROR: Remote directory is invalid

[7/6/2021 11:53:11 AM (G, 0)] {2528} Upload failed due to a server side issue.  This server may be retried during this upload session.

[7/6/2021 11:53:11 AM (G, 0)] {2528} WARNING: FlexNet Manager Platform has failed to upload a file to all configured upload servers; aborting attempt to upload these file(s)

[7/6/2021 11:53:11 AM (G, 0)] {2528} Uploading finished

[7/6/2021 11:53:11 AM (G, 0)] {2528} ************************************************************

[7/6/2021 11:53:11 AM (G, 0)] {2528} Unable to upload inventory file(s)

[7/6/2021 11:53:11 AM (U, 0)] {2528} ERROR: Error (s189m263)

[7/6/2021 11:53:11 AM (U, 0)] {2528} ----------------

[7/6/2021 11:53:11 AM (U, 0)] {2528} FlexNet Manager Platform could not upload the inventory.

 

[7/6/2021 11:53:11 AM (G, 0)] {2528} Program exited with code -524484345

[7/6/2021 11:53:11 AM (G, 0)] {2528} ************************************************************

 

 

‎Jul 15, 2021 09:56 AM

0 Kudos

Jump to solution
ChrisG
By Community Manager Community Manager
Community Manager
In response to craig_moore

This error almost certainly indicates that the computer has successfully made an HTTPS connection to the beacon, but is subsequently failing to make an HTTPS connection to the server that holds the certificate revocation list identified in the certificate configured on the beacon.

One way to test this connectivity would be to identify the host from the CRL URL in the certificate, and execute a PowerShell command similar to the following on a computer that is having trouble:

Test-NetConnection server-hosting-your-crl.acme.com -port 443

It's possible to configure the agent to skip checking the certificate revocation list by setting the agent's CheckCertificateRevocation preference to "false". However if it is possible to work out the connectivity issues, it is better to avoid disabling the check: presumably whoever configured the certificate for the beacon explicitly added a CRL URL in there because they intend for it to be used to detect if the certificate ever has to be revoked.

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)

‎Jul 16, 2021 01:41 AM

Jump to solution
craig_moore
By
Level 6
In response to ChrisG

We figured out this issue.  We ran the CRLUTIL  check utility and it turns out our CRL file was expired.  We updated CRL file and works correctlynow.

 

Thanks

‎Jul 21, 2021 10:56 AM