A new Flexera Community experience is coming on November 25th. Click here for more information.
All patches fail to publish except SVM's very own Agent.
The error message has no identification text or error, it simply stating that it failed to publish.
In the C:\Users\<User>\Documents\csi_pluginlog.txt you find the following error:
"An Error Occurred While Downloading The File:"." - HttpRequest: Status=499
You've changed nothing at the SVM host and publishing might have been working fine so far.
SVM starts throwing the same undefined error each time you attempted to publish a package.
When you face this issue, the following conditions are usually met:
"Error in HttpRequest: status=499, statusText='It was not possible to connect to the revocation server or a definitive response could not be obtained.',winCode=12057"
The error is caused by CRL blocking on the local SVM host when Internet Explorer attempts to connect to http://crl3.digicert.com and http://crl4.digicert.com. Internet Explorer performs such CRL validation of each program utilizing its WinHTTP classes to forward connection requests online (also the case with SVM package downloading). See more about certificate validation security in SVM and Windows here.
The current error is being caused by GPO implicit deny restrictions applied to any site not explicitly listed as Trusted in the 'Trusted Sites' configuration of Internet Explorer.
To confirm that this is indeed the problem you are trying to resolve, you need to validate the 3 bullet points listed under 'Symptoms' above. All three must be present, particularly the error message in the log file as pointed out.
Resolution to this problem is to include the following URLs to the Trusted Sites zone of the Internet Explorer on the SVM host:
You may want to test the fix before making changes to the network.
Use the instructions in the Workaround section for that.
To make 100% sure you can resolve this by GPO edit, you have to enforce the appropriate websites on the machine while overriding the GPO applicability.
You have only one option to do this - quickly modify the registry configuration of your browser and perform publishing before GPO is being reapplied. By default, GPO refreshes once per 90 min unless it's being configured otherwise. You have to config this quickly and check it promptly too.
Steps to override GPO locally and test package publishing;
The SVM Support team had been able to successfully resolve this problem by performing the above steps. However, Trusted Sites' applicability extends to a lot of possible custom configurations and you may end up needing to perform deeper troubleshooting or customization at the registry.
Refer to this full guide by Microsoft on how to adapt the required registry changes to your custom configuration to succeed in resolving this issue.
Nov 15, 2018 04:53 PM - edited Sep 16, 2019 01:03 PM