Notification

Icon
Error

2012R2: LSAgent: Could not create SSL/TLS secure channel - LSAgent failing to connect to Lansweeper Server directly.

Posted: Wednesday, September 9, 2020 12:14:01 AM(UTC)
JimL

JimL

Member Original PosterPosts: 3
0
Like
We've rolled out LSAgent to our fleet of servers and have discovered that LSAgent on the remaining 2012R2 servers are not reporting to LanSweeper. Tested on one and it is able to use the Relay, but this is not the desired config. Has anyone run across and solved this?

Thanks in advance!

# Server - Lansweeper Server - Windows 2016 Standard
# Server - Lansweeper Server Version - v. 8.0.130.23
# Client - Windows 2012R2 Standard
# Client - LSAgent Version=7.2.110.16
# Client - .NET Framework 4.6.1 or newer.

Not blocked by Windows or network firewall.
Browser HTTPS to Lansweeper App works fine from client machine.
Browser HTTPS to Lansweeper server on port 9524 throws cert warning from client machine. 443/9524 are presenting different certs.
Agent works as expected on 2016 and 2019 server clients.

# lsagent.log
2020-09-08 17:56:38,595 [1] INFO Starting Lansweeper Agent Service
2020-09-08 17:56:38,611 [7] INFO === Service started ===
2020-09-08 17:56:39,173 [8] DEBUG Detected OS: Windows
2020-09-08 17:56:39,173 [8] DEBUG Client Version: 7.2.110.16
2020-09-08 17:56:39,173 [8] DEBUG Cleaning up older versions...
2020-09-08 17:56:39,173 [8] DEBUG Checking OS
2020-09-08 17:56:39,173 [8] DEBUG 64bit detected: checking registry (64bit)
2020-09-08 17:56:39,173 [8] DEBUG Reading ini file...
2020-09-08 17:56:39,251 [8] INFO CreateReachableEndPoint for XXXXXXXX-XXXX-XXXX-XXXX-7f58bb890d15
2020-09-08 17:56:39,298 [8] INFO Url Check with address failed. Endpoint with address 'https://server.tld:9524/lsagent' was not reachable: The request was aborted: Could not create SSL/TLS secure channel.
2020-09-08 17:56:39,314 [8] WARN Connection to url https://server.tld:9524/lsagent failed
2020-09-08 17:56:39,314 [8] INFO Url Check with address failed. Endpoint with address 'https://cname-to-server.tld:9524/lsagent' was not reachable: The request was aborted: Could not create SSL/TLS secure channel.
2020-09-08 17:56:39,314 [8] WARN Connection to url https://cname-to-server.tld:9524/lsagent failed
2020-09-08 17:56:59,344 [8] INFO Url Check with address failed. Endpoint with address 'http://server.tld:9524/lsagent' was not reachable: The operation has timed out
2020-09-08 17:56:59,344 [8] WARN Connection to url http://server.tld:9524/lsagent failed
FrankSc
#1FrankSc Member Administration Posts: 87  
posted: 9/17/2020 6:48:34 PM(UTC)
Hello,

LsAgent tries to send scanned data to the listen port of your server, and uses port 9524 by default. The error you are seeing seems to indicate this port is not accessible. This port must be open in the firewall of the Lansweeper scanning server.
You can also choose a custom port in the Service Options section of the following Lansweeper web console menu: Configuration\Server Options.
JimL
#2JimL Member Original PosterPosts: 3  
posted: 9/18/2020 6:35:00 AM(UTC)
I'm not sure that's the case. Other servers are working as expected (2016/2019)

Disabled the Windows firewalls on both the client and server systems.
No network firewall blocking is being reported.
The Lansweeper server is using the default port, 9524.

I wonder if there are OS security settings or TLS settings on 2012 and older systems that might be causing issues communicating with the LanSweeper server (2016)

Is there an endpoint I can hit on 9524 with a browser to confirm connectivity? Something like: https://server:9524/lsagent/status

Here is a log from a 2016 server in the same network as the 2012 server, working succesfully.

2020-09-18 00:20:51,803 [7] INFO === Service started ===
2020-09-18 00:20:52,366 [8] DEBUG Detected OS: Windows
2020-09-18 00:20:52,367 [8] DEBUG Client Version: 7.2.110.16
2020-09-18 00:20:52,367 [8] DEBUG Cleaning up older versions...
2020-09-18 00:20:52,368 [8] DEBUG Checking OS
2020-09-18 00:20:52,368 [8] DEBUG 64bit detected: checking registry (64bit)
2020-09-18 00:20:52,369 [8] DEBUG Reading ini file...
2020-09-18 00:20:52,439 [8] INFO CreateReachableEndPoint for xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2020-09-18 00:20:52,559 [8] DEBUG Creating InternalCommunicationSender to URL https://internal-server.tld:9524/lsagent
2020-09-18 00:20:52,588 [8] DEBUG Asset is enabled.
2020-09-18 00:20:52,589 [8] DEBUG Retrieving configuration...
2020-09-18 00:20:52,644 [8] DEBUG New agent key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2020-09-18 00:20:52,644 [8] DEBUG Checking version.
2020-09-18 00:20:52,645 [8] DEBUG Waiting for schedule...
2020-09-18 00:20:52,645 [8] DEBUG Schedule triggered
2020-09-18 00:20:52,645 [8] DEBUG Starting scan
2020-09-18 00:20:52,646 [8] DEBUG Detected OS: Windows
2020-09-18 00:20:53,164 [8] DEBUG Scanning computer...
2020-09-18 00:21:09,249 [8] DEBUG Computerscan completed.
2020-09-18 00:21:09,250 [8] DEBUG Compressing scanfile.
2020-09-18 00:21:09,305 [8] DEBUG Scan has been sent.

Active Discussions

Lansweeper Lansweeper Errors - Licencing and scanning
by  dnkleaf   Go to last post Go to first unread
Last post: Yesterday at 1:02:13 PM(UTC)
Lansweeper Search for Blank Fields
by  CS Caritas Socialis IT  
Go to last post Go to first unread
Last post: Yesterday at 12:19:05 PM(UTC)
Lansweeper Uninstalled software still listed
by  Dennis Gewillig   Go to last post Go to first unread
Last post: Yesterday at 9:19:19 AM(UTC)
Lansweeper Software deployment initiated by user
by  LS_enthusiast_4444   Go to last post Go to first unread
Last post: 11/26/2020 9:28:18 PM(UTC)
Lansweeper Help Desk not disabling for regular users?
by  FrankSc  
Go to last post Go to first unread
Last post: 11/26/2020 8:18:38 PM(UTC)
Lansweeper Satisfaction Questionnaire after ticket close
by  mouaad   Go to last post Go to first unread
Last post: 11/26/2020 4:31:44 PM(UTC)
Lansweeper Microsoft EDGE browser support
by  Vapoured  
Go to last post Go to first unread
Last post: 11/26/2020 4:54:30 AM(UTC)