Some users may be experiencing issues when trying to access customer resources like the Case Portal or the Product Licensing Center. Our team is aware of the issue and is working to resolve it. Click here for more information.

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Windows workgroup servers getting certificate error when communicating with the beacon.

The client requires some Windows workgroup servers to be inventoried. The agent has been installed. Communications with the beacon to download policy result in S107M858 error messages.

The following network error occurred while retrieving the application: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.

These systems cannot be added to a domain to handle certificates.

Other than not checking for certificates what options exist to enable system communication with the beacon in this environment?

(2) Replies

Hi Donald,

Generally, when using HTTPS on a Beacon running on a newer Windows OS, you will have to switch support for TLS 1.1/.2 on for Windows Server 2008 R2 Servers to allow downloading the policy from the Beacon or for uploading of Inventory data to the Beacon. This is independent if this is a 'Workgroup' server or member of a Windows Domain.

See the following discussion for additional information on Windows Server 2008 and other old versions of Windows, please.

ChrisG
By Community Manager Community Manager
Community Manager

I think you've touched on the primary options available here:

  1. Configure FlexNet agents so that they can run without trusting the certificate that is used to encrypt HTTPS traffic. This is done by setting the CheckServerCertificate agent preference to False.
  2. Configure the computers that FlexNet agents are installed on so that they trust the certificate that is installed on the beacon.

Some other technical possibilities (although they may be impractical) are:

  1. Change the certificate on the beacon to one that will be trusted by all computers in the agent runs on.
  2. Use plain unencrypted HTTP rather than HTTPS for agent->beacon communications.

 

(Did my reply solve the question? Click "ACCEPT AS SOLUTION" to help others find answers faster. Liked something? Click "KUDO". Anything expressed here is my own view and not necessarily that of my employer, Flexera.)