I have F-Secure Client Security / Server Security 12.x installed on a host. However, the host does not show up in the Policy Manager Console 15.00
AsyncSendRequest SSL fail: 12175 is logged in the pmpselectorplugin.log or nrb.log:
I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from 192.168.98.247:9443 with HTTP proxy ''
*E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies (FsHttpRequest::Error_Certificate, AsyncSendRequest SSL fail: 12175 [0x80000000])
.W: PmpSelectorPlugin::Run: Policy Manager unavailable
Also, the host does not connect to the Policy Manager Server to download the definitions update, nor is it able to receive policy updates from Policy Manager Server.
This could happen if Windows patch KB3042058 is not installed on a host with Windows 7, 8, 8.1, Server 2008 R2, Server 2012 or Server 2012 R2 . Download links and more information, including prerequisites, available here: https://support.microsoft.com/en-us/help/3042058/microsoft-security-advisory-update-to-default-cipher-suite-priority-or
If issue is spotted on a newer Windows operating system, you will need to verify whether the cipher suites supported on the Policy Manager Server, is supported on the host. You can do the following to find out:
To fetch list of cipher suites supported for Policy Manager Server, install Nmap and run the following on a host where Policy Manager Server is reachable:
To fetch list of cipher suites supported on the host, run the following in Windows PowerShell:
- nmap --script ssl-enum-ciphers -p <HTTPS port for Host Module> <Policy Manager Server host name or IP address>
Article no: 000025934