Highlighted
Occasional contributor

Windows workgroup servers getting certificate error when communicating with the beacon.

The client requires some Windows workgroup servers to be inventoried. The agent has been installed. Communications with the beacon to download policy result in S107M858 error messages.

The following network error occurred while retrieving the application: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

These systems cannot be added to a domain to handle certificates.

Other than not checking for certificates what options exist to enable system communication with the beacon in this environment?

0 Kudos
2 Replies
Highlighted
Frequent contributor

Re: Windows workgroup servers getting certificate error when communicating with the beacon.

Hi Donald,

Generally, when using HTTPS on a Beacon running on a newer Windows OS, you will have to switch support for TLS 1.1/.2 on for Windows Server 2008 R2 Servers to allow downloading the policy from the Beacon or for uploading of Inventory data to the Beacon. This is independent if this is a 'Workgroup' server or member of a Windows Domain.

See the following discussion for additional information on Windows Server 2008 and other old versions of Windows, please.

Highlighted
Community Manager Community Manager
Community Manager

Re: Windows workgroup servers getting certificate error when communicating with the beacon.

I think you've touched on the primary options available here:

  1. Configure FlexNet agents so that they can run without trusting the certificate that is used to encrypt HTTPS traffic. This is done by setting the CheckServerCertificate agent preference to False.
  2. Configure the computers that FlexNet agents are installed on so that they trust the certificate that is installed on the beacon.

Some other technical possibilities (although they may be impractical) are:

  1. Change the certificate on the beacon to one that will be trusted by all computers in the agent runs on.
  2. Use plain unencrypted HTTP rather than HTTPS for agent->beacon communications.

 

(Anything expressed here is my own view and not necessarily that of my employer, Flexera. If my reply answers a question you have raised, please click "ACCEPT AS SOLUTION".)
0 Kudos