Deployment failures due to CRL Validation
  • Dark
    Light
  • PDF

Deployment failures due to CRL Validation

  • Dark
    Light
  • PDF

ControlUp Agents

Issue

Installing the ControlUp Agent fails with a timeout (screenshot)

Timeout error

An error occured while trying to start remote service. Service Request Timeout

After installing the ControlUp Agent or upgrading from a previous version, the Real-Time Console may experience difficulties reconnecting to remote agents in environments without internet access.
image.png

Cause

The Agent issues CRL authentication (click here for more information) to the internet to validate the certificate and the session times out (internet unreachable.)

Traced packets can revel connection attempt to cacerts.digicert.com

Known IP addresses:

  • 104.16.238.184
  • 104.16.239.184
  • 104.16.237.184
  • 104.16.241.184
  • 104.16.240.184
  • crl3.digicert.com - aka: cs9.wac.phicdn.net IP: 72.21.91.29
  • crl4.digicert.com - aka: rvip1.ue.cachefly.net IP: 66.225.197.197

Suggested Solution

To update CTL, follow the instructions here:

Microsoft Trusted Root Certificate Program Updates
Microsoft Support downloadable packages

The suggested workaround for this issue is to bypass the agent's need to verify the digital signature or to update trusted and disallowed CTLs in disconnected environments in Windows.

To manually apply the workaround for this issue: (A text file is downloadable below ready for use.)

  1. Go to C:\Program Files\Smart-X\ControlUpAgent\Version 7.1.0.124
  2. On the remote machine create a text file and name it: cuAgent.exe.config with the following content:
<?xml version="1.0" encoding="utf-8">
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>

A text file is downloadable below ready for use:

cuAgent.exe.config

ControlUp Monitors

Issue

Installing the ControlUp Monitor fails with timeout (screenshot)

Timeout error

Failed to start ControlUp Monitor Service. An error occurred while trying to start remote service. Service Request Timeout.

After installation of ControlUp Monitor or when upgrading from a previous version, the installation of the Monitor can fail to validate the certificate in environments without access to the internet.

Example:
360000185049image002.png

Cause

The Monitor issues CRL authentication (click here for more information) to the internet in order to validate the certificate and the session times out (internet unreachable.)

Traced packets can revel connection attempt to cacerts.digicert.com

Known IP addresses:

  • 104.16.238.184
  • 104.16.239.184
  • 104.16.237.184
  • 104.16.241.184
  • 104.16.240.184
  • crl3.digicert.com - aka: cs9.wac.phicdn.net IP: 72.21.91.29
  • crl4.digicert.com - aka: rvip1.ue.cachefly.net IP: 66.225.197.197

**Suggested Solution

To update CTL follow instructions here:

The suggested workaround to this issue it to bypass the Monitor need to verify the digital signature or update trusted and disallowed CTLs in disconnected environments in Windows.
To manually apply the workaround for this issue: (A text file is downloadable below ready for use.)

  1. Go to C:\Program Files\ControlUpMonitor\7.0.2.11
  2. On the remote machine, create a notepad file and name it: cuMonitor.exe.config with the following text:
<xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>

Was this article helpful?