FlexNet Inventory Agent - 'The revocation function was unable to check revocation because the revoca...

Report Inappropriate Content · ‎Jul 13, 2020

Symptoms:

Our Agent is unable to download policy.

When we investigate within our Installation.log:

C:\Windows\Temp\Managesoft\installation.log
Or
Var/opt/managesoft/log/installation.log

We see the following reported:

[Timestamp] {process ID} Download failure: The revocation function was unable to check revocation because the revocation server was offline.

[Timestamp] {process ID} Download FAILED for “https://Beacon/ManageSoftDL/Policies/Merged/Domain/Machine/policy.npl"

Diagnosis:

Copy the aforementioned .npl download URL from our installation.log
Within your web browser of choice on the target device navigate to that URL
To the left of our Beacon URL, select the lock icon
On this drop-down, select 'Certificate'

On this resulting certificate dialog, choose the 'details' tab

On our 'Details' list, locate the CRL Distribution Points list - this outlines the Revocation Servers our error mentions, which distribute our Certificate Revocation List to our agent device
Copy the URL for these distribution points, and test navigating to these within your web browser
The Certificate Revocation Server addresses are specified within the 'URL=' values above.

Solution:

If the CRL Distribution Points are inaccessible from our agent device, this would explain our 'Revocation Server offline' Error - raise this with your network team to rectify, ensuring this URL is part of an allow-list or unblocked by a firewall.

If this is not possible to rectify, configure your Inventory Agent to ignore Certificate Revocation utilising the [Registry]\ManageSoft\Common\

CheckCertificateRevocation = False

And

CheckServerCertificate = False

Settings within the Windows Registry or config.ini file for our Inventory Agent - depending on whether you're utilising a Windows or UNIX-based agent respectively.