This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

WinHttp request (12175); status = 499 - "A security error occurred"

Certain network restrictions may prevent Software Vulnerability Manager agents from reporting scan results, resulting in the following error in the agent scan log:


[Date and Time] Error when sending WinHttp request (12175)
[Date and Time] Connection error....
[Date and TIme] Error in HttpRequest: status=499, StatusText="A security error occurred' ,winCode=12175

Cause

In most cases, the root cause is a block somewhere on the network. Consider that some security networks have explicit deny procedures in place to disallow anything that is not explicitly allowed on the corporate firewall, the corporate proxy, or another security device with blocking/filtering functions. 

Common causes are listed below:

  • Software Vulnerability Manager uses a Certificate Revocation List (CRL) to ensure secure data transfer. The required online CRL URLs for certificate revocation may not be whitelisted at the Proxy/Firewall.
  • There is a Proxy on the network, but the client(s) facing WinHttp 12175 have netsh proxy set = Direct. 
  • Content-inspection Proxy is stripping the original certificate and the security validation breaks.
  • The Agent/Daemon/Plugins are run with user credentials insufficient to bypass the Proxy/Firewall.

Solution

Whitelist the URLs required by the Software Vulnerability Manager Cloud CRL at your network's Firewall/Proxy. For details on which online CRL validation websites must be whitelisted, see the article SVM Cloud CRL online requirements.

Workarounds

If you’re still experiencing this error, you can temporarily disable CRL to troubleshoot. Keep in mind, this method is not secure and should not be used as a long-term solution.

Disable CRL on the Daemon

  1. Go to Windows Registry and navigate to HKLM at:

SYSTEM\CurrentControlSet\Services\Flexera Corporate Software Inspector Daemon\

  1. Double-click on Image Path and add the following text at the end of the line after "--service-launch":

--ignore-crl --ignore-ca --ignore-an 

  1. Restart the Software Vulnerability Manager Daemon service under services.msc for the changes to take effect.

Disable CRL on the Agent

  1. Go to Windows Registry and navigate to HKLM at: 

SYSTEM\CurrentControlSet\Services\Flexera Corporate Software Inspector Agent

  1. Double-click on Image Path and add the following text at the end of the line after "--service-launch":

--ignore-crl --ignore-ca --ignore-cn

‎May 17, 2024 03:16 PM

Labels:
Was this article helpful? Yes No
No ratings
0 Kudos
Version history
Last update:
‎May 17, 2024 03:16 PM
Updated by:
Community Manager Community Manager