cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Symptoms:  

When you are using a beacon connected to our cloud endpoint, beacon.flexnetmanager.com, you receive an SSL/TLS error stating that the connection could not be made:
BeaconTLS_Error.png

Clicking OK on the error, going to Beacon configuration > Parent connection, and clicking Test connection will show failed for parent inventory beacon, but download and upload test succeed:

BeaconTLS_TestConnection.png

Diagnosis:

This is caused by missing cipher suites on the server that is hosting the beacon. The endpoint beacon.flexnetmanager.com is failing due to the change in certificate provider where this cipher suite is required to establish the TLS connection. The endpoint data.flexnetmanager.com may still work without error, as that endpoint is still using an older certificate type at this time.

Solution:

You will need to ensure that the cipher suite, TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, is enabled on the server. If this is disabled, it was most likely controlled via Group Policy on the server, and you will want to work with your System Administrator/Security teams to have this enabled. You can also use a utility like ‘IIS Crypto’ that will allow you to verify and configure the cipher suites easily. Within IIS Crypto, you will want to go into the Cipher Suites view, find TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384, enable this with the check box, check the Reboot check box, and then press the Apply button. Once the server is rebooted, this cipher suite will be enabled, allowing the beacon to connect to the endpoint without error. If you recheck this value after reboot and see that it is unchecked again, this would indicate that this value is still being controlled by Group Policy or something else that would clear this on the system startup.

IIS Crypto:
IISCrypto.png

Group Policy:
CipherSuiteGPO.png

 

Was this article helpful? Yes No
100% helpful (2/2)
Version history
Last update:
‎Aug 03, 2021 03:44 PM
Updated by: