Community
User Guides
Support
Community
Help Forums
English Forum
General
About our Community
General Discussion
News and Feedback
Products
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Beta programs
Feature Requests
Finnish Forum (Tukifoorumi)
Tuotteet Kotiin
F-Secure SAFE
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Muut tietoturvatuotteet
Support Articles
Language
English
Suomi
Deutsch
Français
日本語
Svenska
Dansk
Italiano
Nederlands
Norsk
Polski
中文 (繁體)
Products & Services
F-Secure TOTAL
F-Secure SAFE / Internet Security / Anti-Virus
F-Secure FREEDOME
F-Secure KEY
F-Secure SENSE Router
F-Secure ID PROTECTION
Other products
Common topics
User Guides
Support
Login
|
Register
After Policy Manager Server and Proxy upgrade to version 14, Client Security 13.x hosts are unable to connect - F-Secure Community
<main> <article class="userContent"> <h3 data-version="3" data-article="000020475" data-id="issue">Issue:</h3> <p>After F-Secure Policy Manager Server and Proxy upgrade to version 14, Client Security 13.x hosts are unable to connect.<br><br>Logfile log (...\F-Secure\common folder) in AV CS 13.xx shows similar errors:<br><br><i>1 2020-02-06 09:15:05+01:00 SENC5078N SYSTEM F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14<br>F-Secure Management Agent konnte keine Verbindung zum Server herstellen und arbeitet nun im Offline-Modus. (Fehlernummer 0: No valid server certificates.)<br>1 2020-02-06 09:16:36+01:00 SENC5078N SYSTEM F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14<br>F-Secure Management Agent konnte keine Verbindung zum Server herstellen und arbeitet nun im Offline-Modus. (Fehlernummer 0: No valid server certificates.)</i><br><br>Running fspmp-enroll-tls-certificate.bat doesn't help.</p> <h3 data-id="resolution">Resolution:</h3> <p>Check nrb.log (C:\ProgramData\F-Secure\Logs\fspmsupport), to see if there are similar log entries:<br><br>Server returned 582097 bytes, whereas limitation is 409600 bytes<br>Failed to get certificates from server "<a href="https://xxxxx/fsms/fsmsh.dll"" rel="nofollow">https://xxxxx/fsms/fsmsh.dll"</a>: Type: fs::BaseException, Reason: Too much data returned from server<br><br>This means that there are too many certificates or certificate size exceeds the limit.<br><br>Client Security 13.xx limits are:<br></p><ul><li>Maximum certificate size is limited for 409600 bytes</li><li>Maximum certificates count is limited for 100</li></ul> Client Security 14.xx only has size limit, which is: <ul><li>Maximum certificate size is limited for total file size ~ 96000000 bytes</li></ul> Steps how to resolve the issue: <ol><li>Enable H2 console in Policy Manager Server. Instructions found <a rel="nofollow" href="https://community.f-secure.com/t5/Business-Suite/Policy-Manager-advanced/ta-p/11869">here</a>.</li><li>Delete all old certificates, which were generated before Policy Manager upgrade. Use this SQL statement:</li></ol> To get a list of not needed certificates. <br><br>SELECT * FROM (SELECT CAST(SUBSTRING(AUTHORIZED_BY, 37, 13) as BIGINT) as tcs FROM ISSUED_CERTIFICATES where type='TLS' and AUTHORIZED_BY like '%trustedCertificateSerial%') as tis<br>JOIN ISSUED_CERTIFICATES is1 on tis.tcs=is1.SERIAL<br><br>And all of those are not needed anymore, customer can drop some of these all of them alltogether:<br><br>delete FROM ISSUED_CERTIFICATES where serial in (SELECT tcs FROM (SELECT CAST(SUBSTRING(AUTHORIZED_BY, 37, 13) as BIGINT) as tcs FROM ISSUED_CERTIFICATES where type='TLS' and AUTHORIZED_BY like '%trustedCertificateSerial%') as tis<br>JOIN ISSUED_CERTIFICATES is1 on tis.tcs=is1.SERIAL) <p>Article no: 000020475</p> </article> </main>