This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject

FlexNet Inventory Agent - 'The revocation function was unable to check revocation because the revocation server was offline.'

FlexNet Inventory Agent - 'The revocation function was unable to check revocation because the revocation server was offline.'

Symptoms:

Our Agent is unable to download policy.

When we investigate within our Installation.log:

C:\Windows\Temp\Managesoft\installation.log
Or
Var/opt/managesoft/log/installation.log

 

We see the following reported:

 

[Timestamp] {process ID} Download failure: The revocation function was unable to check revocation because the revocation server was offline.

[Timestamp] {process ID} Download FAILED for “https://Beacon/ManageSoftDL/Policies/Merged/Domain/Machine/policy.npl"

Diagnosis:

  1. Copy the aforementioned .npl download URL from our installation.log
  2. Within your web browser of choice on the target device navigate to that URL
  3. To the left of our Beacon URL, select the lock iconurl.png
  4. On this drop-down, select 'Certificate'certificate.png

On this resulting certificate dialog, choose the 'details' tab

  1. On our 'Details' list, locate the CRL Distribution Points list - this outlines the Revocation Servers our error mentions, which distribute our Certificate Revocation List to our agent device
    certs.png
  2. Copy the URL for these distribution points, and test navigating to these within your web browser
    The Certificate Revocation Server addresses are specified within the 'URL=' values above.

Solution:

If the CRL Distribution Points are inaccessible from our agent device, this would explain our 'Revocation Server offline' Error - raise this with your network team to rectify, ensuring this URL is part of an allow-list or unblocked by a firewall.

 

If this is not possible to rectify, configure your Inventory Agent to ignore Certificate Revocation utilising the [Registry]\ManageSoft\Common\

CheckCertificateRevocation = False

And

CheckServerCertificate = False

Settings within the Windows Registry or config.ini file for our Inventory Agent - depending on whether you're utilising a Windows or UNIX-based agent respectively.

Was this article helpful? Yes No
0 Kudos
0 1633
No ratings
Version history
Revision #:
1 of 1
Last update:
‎Jul 13, 2020 10:04 AM
Updated by:
Flexera
 
View article history
Contributors