Some users may experience issues accessing the case portal. For more information, please click here.

This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
donald_helliwell
Level 4
‎Oct 23, 2020 01:56 PM

Windows workgroup servers getting certificate error when communicating with the beacon.

The client requires some Windows workgroup servers to be inventoried. The agent has been installed. Communications with the beacon to download policy result in S107M858 error messages.

The following network error occurred while retrieving the application: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

These systems cannot be added to a domain to handle certificates.

Other than not checking for certificates what options exist to enable system communication with the beacon in this environment?

0 Kudos

This thread has been automatically locked due to inactivity.

To continue the discussion, please start a new thread.
2 Replies
erwinlindemann
Level 9 Champion
Level 9 Champion
‎Oct 24, 2020 11:45 AM

Hi Donald,

Generally, when using HTTPS on a Beacon running on a newer Windows OS, you will have to switch support for TLS 1.1/.2 on for Windows Server 2008 R2 Servers to allow downloading the policy from the Beacon or for uploading of Inventory data to the Beacon. This is independent if this is a 'Workgroup' server or member of a Windows Domain.

See the following discussion for additional information on Windows Server 2008 and other old versions of Windows, please.

ChrisG
Community Manager Community Manager
Community Manager
‎Oct 28, 2020 08:18 PM

I think you've touched on the primary options available here:

  1. Configure FlexNet agents so that they can run without trusting the certificate that is used to encrypt HTTPS traffic. This is done by setting the CheckServerCertificate agent preference to False.
  2. Configure the computers that FlexNet agents are installed on so that they trust the certificate that is installed on the beacon.

Some other technical possibilities (although they may be impractical) are:

  1. Change the certificate on the beacon to one that will be trusted by all computers in the agent runs on.
  2. Use plain unencrypted HTTP rather than HTTPS for agent->beacon communications.

 

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)