Deployment failures due to CRL Validation

  • Updated on Sep 4, 2025
  • Published on Nov 1, 2021
  • 1 minute(s) read
Prev Next

ControlUp Agents

Issue

After installing the ControlUp Agent or upgrading from a previous version, the Real-Time DX Console might experience difficulties reconnecting to remote agents in environments without internet access. The agent installation fails with a timeout error, such as the following:

An error occurred while trying to start remote service. Service Request Timeout

Cause

The Agent issues CRL authentication to the internet to validate the certificate and the session times out (internet unreachable.) For more information, see here.

Traced packets can reveal connection attempt to cacerts.digicert.com.

Known IP addresses:

  • 104.16.238.184

  • 104.16.239.184

  • 104.16.237.184

  • 104.16.241.184

  • 104.16.240.184

  • crl3.digicert.com - aka: cs9.wac.phicdn.net IP: 72.21.91.29

  • crl4.digicert.com - aka: rvip1.ue.cachefly.net IP: 66.225.197.197

Suggested Solution

To update CTL, follow the official Microsoft instructions below:

Microsoft Trusted Root Certificate Program Updates
Microsoft Support downloadable packages

The suggested workaround for this issue is to bypass the Agent's need to verify the digital signature, or to update trusted and disallowed CTLs in disconnected environments in Windows.

To manually apply the workaround for this issue:

  1. Go to C:\Program Files\Smart-X\ControlUpAgent\Version 9.1.XXX

  2. On the remote machine, create a text file and name it: cuAgent.exe.config with the following content:

<?xml version="1.0" encoding="utf-8">
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>

Download the text file below to use:

cuAgent.exe.config

ControlUp Monitors

Issue

After installing the ControlUp Monitor or when upgrading from a previous version, the installation of the Monitor might fail to validate the certificate in environments without access to the internet. The monitor installation fails with a timeout error, such as the following:
Failed to start ControlUp Monitor Service. An error occurred while trying to start remote service. Service Request Timeout

Cause

The Monitor issues CRL authentication to the internet to validate  the certificate and the session times out (internet unreachable.) For more information, see here.

Traced packets can reveal connection attempt to cacerts.digicert.com.

Known IP addresses:

  • 104.16.238.184

  • 104.16.239.184

  • 104.16.237.184

  • 104.16.241.184

  • 104.16.240.184

  • crl3.digicert.com - aka: cs9.wac.phicdn.net   IP: 72.21.91.29

  • crl4.digicert.com - aka: rvip1.ue.cachefly.net   IP: 66.225.197.197

Suggested Solution

To update CTL, follow the official Microsoft instructions below:

The suggested workaround is it to bypass the Monitor’s need to verify the digital signature, or update trusted and disallowed CTLs in disconnected environments in Windows.
To manually apply the workaround for this issue:

  1. Go to C:\Program Files\ControlUpMonitor\9.1.XXX

  2. On the remote machine, create a text file and name it: cuMonitor.exe.config with the following text:

<xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>

Download the text file above to use.