Clients running F-Secure end-point software unable to connect to the Policy Manager Server after installing Server Security 14 (or later) on the same server

Issue:

The symptoms include

  • clients are unable to download updates from the Policy Manager Server
  • clients are unable to upload status information to the Policy Manager Server and will eventually show up in Policy Manager Console as disconnected hosts
However, clients might still be able to download updates because in the default configuration, fallback to F-Secure update servers is allowed.

A couple of logfiles on the endpoont help to establish, if the client is having a connection problem due to the firewall blocking access on the server.
Examples are for Client Security 14 but also apply for Server Security 14 and later. Policy Manager Server here is pms.acme.com listening on default ports 80 and 443.

C:\ProgramData\F-Secure\Log\AUA\Aua.log

2019-10-02 12:07:25.311 [15d4.1d50]  I: Connecting to pms.acme.com:80/guts22019-10-02 12:07:46.349 [15d4.1d50]  I: Update check failed, error=110 (connection timed out)

Same is also visible in this logfile:

2019-10-02 12:17:37.502 [15d4.1d68]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from pms.acme.com:443 with HTTP proxy ''2019-10-02 12:17:58.535 [15d4.1d68] *E: UpdatablePmCertVerifier::RenewCertificates: Failed to download certificate bodies (FsHttpRequest::Error_Timeout, AsyncSendRequest failed: 12002)2019-10-02 12:18:07.536 [15d4.1d68]  I: UpdatablePmCertVerifier::RenewCertificates: Renewing certificates from pms.acme.com:443 with HTTP proxy ''

Error 12002 translates to 

12002 ERROR_INTERNET_TIMEOUT The request has timed out.

Resolution:

Server Security 14 uses the Windows Firewall. It is likely that the ports that the HTTP and HTTPS services are using are blocked in the firewall on the server where Policy Manager Server is installed in. This would cause the clients to be unable to be in contact with the Policy Manager Server.  

To resolve the issue, create a firewall rule allowing inbound HTTP and HTTPS traffic to the server where Policy Manager Server is installed. 

You can find instructions how to create firewall rules in Policy Manager 14 in this guide.

Things to consider:

  1. Make sure, the firewall rule is enabled. This is the first checkbox in the Firewall rules table.
  2. Make sure, the Server profile containing the rule is assigned as the "Server host profile". In the example below, the profile is called Server (cloned).
  3. The other rules in the profiles in this screenshot are also activated but this is is not needed to meet client Policy Manager Server communication requirements.
  4. As this particular rule is only required for the server host running Policy Manager Server, we have selected the server before making the change (the server called here DC1-PETERF)


 Firewall rule to allow inbound connections to PMS ports 80 and 443.

Article no: 000016843

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
1 of 1
Last update:
‎11-10-2019 05:14 PM
Updated by: