Some users may have issues creating a community account See more here.

CertificateFile registry entry need be removed

CertificateFile registry entry need be removed

Summary

This knowledge base article provides an instruction on how to edit a Child Beacon registry key entry -- CertificateFile and why it may need to be done.

Synopsis

When a child beacon (not a top level beacon) is configured in an FNMS Cloud hierarchy or if the registry value exists in an OnPremises beacon, the beacon fails to download policy as it is unable to verify the Cloud certificate configured against the connection from the parent beacon or FNMS (OnPremises) server.  You may see the beacon test connection is successful but the Beacon control file (policy) is missing error being displayed on the beacon UI.  The BeaconEngine log may also indicate the following error:

[Rules.PolicyClient |policy] [ERROR] Failed to verify policy signature.

Discussion

This is required because the default configuration of a beacon is based on the assumption that it will connect to the FNMS Cloud infrastructure directly. As such, it expects data to be securely signed by Flexera as it comes across the Internet. However this assumption does not hold for child beacons which communicate to another beacon within the client environment rather than FNMS Cloud or on FNMS OnPremises implementations; deleting the registry entry fixes resolves this scenario

The following registry entry needs to be deleted (renamed to other):
HKLM\SOFTWARE\Wow6432Node\ManageSoft Corp\ManageSoft\Compliance\CurrentVersion\CertificateFile

Was this article helpful? Yes No
No ratings
Version history
Revision #:
2 of 2
Last update:
‎Jul 01, 2021 09:32 AM
Updated by:
 
Contributors