After Policy Manager Server and Proxy upgrade to version 14, Client Security 13.x hosts are unable t

Customer_CareCustomer_Care Posts: 548
in Business Suite

Issue:

After F-Secure Policy Manager Server and Proxy upgrade to version 14, Client Security 13.x hosts are unable to connect.

Logfile log (...\F-Secure\common folder) in AV CS 13.xx shows similar errors:

1 2020-02-06 09:15:05+01:00 SENC5078N SYSTEM F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14
F-Secure Management Agent konnte keine Verbindung zum Server herstellen und arbeitet nun im Offline-Modus. (Fehlernummer 0: No valid server certificates.)
1 2020-02-06 09:16:36+01:00 SENC5078N SYSTEM F-Secure Management Agent 1.3.6.1.4.1.2213.11.1.14
F-Secure Management Agent konnte keine Verbindung zum Server herstellen und arbeitet nun im Offline-Modus. (Fehlernummer 0: No valid server certificates.)

Running  fspmp-enroll-tls-certificate.bat doesn't help.

Resolution:

Check nrb.log (C:\ProgramData\F-Secure\Logs\fspmsupport), to see if there are similar log entries:

Server returned 582097 bytes, whereas limitation is 409600 bytes
Failed to get certificates from server "https://xxxxx/fsms/fsmsh.dll": Type: fs::BaseException, Reason: Too much data returned from server

This means that there are too many certificates or certificate size exceeds the limit.

Client Security 13.xx limits are:

  • Maximum certificate size is limited for 409600 bytes
  • Maximum certificates count is limited for 100

Client Security 14.xx only has size limit, which is:
  • Maximum certificate size is limited for total file size ~ 96000000 bytes
Steps how to resolve the issue:
  1. Enable H2 console in Policy Manager Server. Instructions found here.
  2. Delete all old certificates, which were generated before Policy Manager upgrade. Use this SQL statement:
  • DELETE FROM ISSUED_CERTIFICATES where TYPE = 'TLS' and ISSUED_ON < date as unix timestamp

Article no: 000020475

Like
Sign In or Register to comment.