Notification

Icon
Error

2012R2: LSAgent: Could not create SSL/TLS secure channel - LSAgent failing to connect to Lansweeper Server directly.

Posted: Wednesday, September 9, 2020 12:14:01 AM(UTC)
JimL

JimL

Member Original PosterPosts: 3
0
Like
We've rolled out LSAgent to our fleet of servers and have discovered that LSAgent on the remaining 2012R2 servers are not reporting to LanSweeper. Tested on one and it is able to use the Relay, but this is not the desired config. Has anyone run across and solved this?

Thanks in advance!

# Server - Lansweeper Server - Windows 2016 Standard
# Server - Lansweeper Server Version - v. 8.0.130.23
# Client - Windows 2012R2 Standard
# Client - LSAgent Version=7.2.110.16
# Client - .NET Framework 4.6.1 or newer.

Not blocked by Windows or network firewall.
Browser HTTPS to Lansweeper App works fine from client machine.
Browser HTTPS to Lansweeper server on port 9524 throws cert warning from client machine. 443/9524 are presenting different certs.
Agent works as expected on 2016 and 2019 server clients.

# lsagent.log
2020-09-08 17:56:38,595 [1] INFO Starting Lansweeper Agent Service
2020-09-08 17:56:38,611 [7] INFO === Service started ===
2020-09-08 17:56:39,173 [8] DEBUG Detected OS: Windows
2020-09-08 17:56:39,173 [8] DEBUG Client Version: 7.2.110.16
2020-09-08 17:56:39,173 [8] DEBUG Cleaning up older versions...
2020-09-08 17:56:39,173 [8] DEBUG Checking OS
2020-09-08 17:56:39,173 [8] DEBUG 64bit detected: checking registry (64bit)
2020-09-08 17:56:39,173 [8] DEBUG Reading ini file...
2020-09-08 17:56:39,251 [8] INFO CreateReachableEndPoint for XXXXXXXX-XXXX-XXXX-XXXX-7f58bb890d15
2020-09-08 17:56:39,298 [8] INFO Url Check with address failed. Endpoint with address 'https://server.tld:9524/lsagent' was not reachable: The request was aborted: Could not create SSL/TLS secure channel.
2020-09-08 17:56:39,314 [8] WARN Connection to url https://server.tld:9524/lsagent failed
2020-09-08 17:56:39,314 [8] INFO Url Check with address failed. Endpoint with address 'https://cname-to-server.tld:9524/lsagent' was not reachable: The request was aborted: Could not create SSL/TLS secure channel.
2020-09-08 17:56:39,314 [8] WARN Connection to url https://cname-to-server.tld:9524/lsagent failed
2020-09-08 17:56:59,344 [8] INFO Url Check with address failed. Endpoint with address 'http://server.tld:9524/lsagent' was not reachable: The operation has timed out
2020-09-08 17:56:59,344 [8] WARN Connection to url http://server.tld:9524/lsagent failed
FrankSc
#1FrankSc Member Administration Posts: 74  
posted: 9/17/2020 6:48:34 PM(UTC)
Hello,

LsAgent tries to send scanned data to the listen port of your server, and uses port 9524 by default. The error you are seeing seems to indicate this port is not accessible. This port must be open in the firewall of the Lansweeper scanning server.
You can also choose a custom port in the Service Options section of the following Lansweeper web console menu: Configuration\Server Options.
JimL
#2JimL Member Original PosterPosts: 3  
posted: 9/18/2020 6:35:00 AM(UTC)
I'm not sure that's the case. Other servers are working as expected (2016/2019)

Disabled the Windows firewalls on both the client and server systems.
No network firewall blocking is being reported.
The Lansweeper server is using the default port, 9524.

I wonder if there are OS security settings or TLS settings on 2012 and older systems that might be causing issues communicating with the LanSweeper server (2016)

Is there an endpoint I can hit on 9524 with a browser to confirm connectivity? Something like: https://server:9524/lsagent/status

Here is a log from a 2016 server in the same network as the 2012 server, working succesfully.

2020-09-18 00:20:51,803 [7] INFO === Service started ===
2020-09-18 00:20:52,366 [8] DEBUG Detected OS: Windows
2020-09-18 00:20:52,367 [8] DEBUG Client Version: 7.2.110.16
2020-09-18 00:20:52,367 [8] DEBUG Cleaning up older versions...
2020-09-18 00:20:52,368 [8] DEBUG Checking OS
2020-09-18 00:20:52,368 [8] DEBUG 64bit detected: checking registry (64bit)
2020-09-18 00:20:52,369 [8] DEBUG Reading ini file...
2020-09-18 00:20:52,439 [8] INFO CreateReachableEndPoint for xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2020-09-18 00:20:52,559 [8] DEBUG Creating InternalCommunicationSender to URL https://internal-server.tld:9524/lsagent
2020-09-18 00:20:52,588 [8] DEBUG Asset is enabled.
2020-09-18 00:20:52,589 [8] DEBUG Retrieving configuration...
2020-09-18 00:20:52,644 [8] DEBUG New agent key: xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
2020-09-18 00:20:52,644 [8] DEBUG Checking version.
2020-09-18 00:20:52,645 [8] DEBUG Waiting for schedule...
2020-09-18 00:20:52,645 [8] DEBUG Schedule triggered
2020-09-18 00:20:52,645 [8] DEBUG Starting scan
2020-09-18 00:20:52,646 [8] DEBUG Detected OS: Windows
2020-09-18 00:20:53,164 [8] DEBUG Scanning computer...
2020-09-18 00:21:09,249 [8] DEBUG Computerscan completed.
2020-09-18 00:21:09,250 [8] DEBUG Compressing scanfile.
2020-09-18 00:21:09,305 [8] DEBUG Scan has been sent.

Active Discussions

Lansweeper License renewal - but why
by  mrusso   Go to last post Go to first unread
Last post: Yesterday at 5:01:47 PM(UTC)
Lansweeper Deployment Package Error Message
by  Brandon  
Go to last post Go to first unread
Last post: Yesterday at 2:04:25 PM(UTC)
Lansweeper Asset Type Mail Server
by  MarkPayton   Go to last post Go to first unread
Last post: Yesterday at 1:03:54 PM(UTC)
Lansweeper Upgrade Win 10 build to version 2004
by  Jean-FB  
Go to last post Go to first unread
Last post: 10/28/2020 7:34:29 PM(UTC)
Lansweeper Uptime only shows Standby
by  Gst4r   Go to last post Go to first unread
Last post: 10/28/2020 4:19:33 PM(UTC)
Lansweeper Excepciones
by  Pablo  
Go to last post Go to first unread
Last post: 10/27/2020 7:35:21 PM(UTC)
Lansweeper Help desk API
by  Skylar@Hennig   Go to last post Go to first unread
Last post: 10/27/2020 5:01:18 PM(UTC)
Lansweeper Helpdesk API
by  Skylar@Hennig  
Go to last post Go to first unread
Last post: 10/27/2020 4:44:50 PM(UTC)