Issue:
After F-Secure Policy Manager Server and Proxy upgrade to version 14, Client Security 13.x hosts are unable to connect.
Logfile log (...\F-Secure\common folder) in AV CS 13.xx shows similar errors:
1 2020-02-06 09:15:05+01:00 SENC5078N SYSTEM F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14
F-Secure Management Agent konnte keine Verbindung zum Server herstellen und arbeitet nun im Offline-Modus. (Fehlernummer 0: No valid server certificates.)
1 2020-02-06 09:16:36+01:00 SENC5078N SYSTEM F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14
F-Secure Management Agent konnte keine Verbindung zum Server herstellen und arbeitet nun im Offline-Modus. (Fehlernummer 0: No valid server certificates.)
Running fspmp-enroll-tls-certificate.bat doesn't help.
Resolution:
Check nrb.log (C:\ProgramData\F-Secure\Logs\fspmsupport), to see if there are similar log entries:
Server returned 582097 bytes, whereas limitation is 409600 bytes
Failed to get certificates from server "https://xxxxx/fsms/fsmsh.dll": Type: fs::BaseException, Reason: Too much data returned from server
This means that there are too many certificates or certificate size exceeds the limit.
Client Security 13.xx limits are:
- Maximum certificate size is limited for 409600 bytes
- Maximum certificates count is limited for 100
Client Security 14.xx only has size limit, which is:
- Maximum certificate size is limited for total file size ~ 96000000 bytes
Steps how to resolve the issue:
- Enable H2 console in Policy Manager Server. Instructions found here.
- Delete all old certificates, which were generated before Policy Manager upgrade. Use this SQL statement:
- DELETE FROM ISSUED_CERTIFICATES where TYPE = 'TLS' and ISSUED_ON < date as unix timestamp
Article no: 000020475