- Print
- DarkLight
- PDF
Deployment failures due to CRL Validation
- Print
- DarkLight
- PDF
ControlUp Agents
Issue
Installing the ControlUp Agent fails with a timeout (screenshot)
An error occured while trying to start remote service. Service Request Timeout
After installing the ControlUp Agent or upgrading from a previous version, the Real-Time Console may experience difficulties reconnecting to remote agents in environments without internet access.
Cause
The Agent issues CRL authentication (click here for more information) to the internet to validate the certificate and the session times out (internet unreachable.)
Traced packets can revel connection attempt to cacerts.digicert.com
Known IP addresses:
- 104.16.238.184
- 104.16.239.184
- 104.16.237.184
- 104.16.241.184
- 104.16.240.184
- crl3.digicert.com - aka: cs9.wac.phicdn.net IP: 72.21.91.29
- crl4.digicert.com - aka: rvip1.ue.cachefly.net IP: 66.225.197.197
Suggested Solution
To update CTL, follow the instructions here:
Microsoft Trusted Root Certificate Program Updates
Microsoft Support downloadable packages
The suggested workaround for this issue is to bypass the agent's need to verify the digital signature or to update trusted and disallowed CTLs in disconnected environments in Windows.
To manually apply the workaround for this issue: (A text file is downloadable below ready for use.)
- Go to C:\Program Files\Smart-X\ControlUpAgent\Version 7.1.0.124
- On the remote machine create a text file and name it: cuAgent.exe.config with the following content:
<?xml version="1.0" encoding="utf-8">
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>
A text file is downloadable below ready for use:
ControlUp Monitors
Issue
Installing the ControlUp Monitor fails with timeout (screenshot)
Failed to start ControlUp Monitor Service. An error occurred while trying to start remote service. Service Request Timeout.
After installation of ControlUp Monitor or when upgrading from a previous version, the installation of the Monitor can fail to validate the certificate in environments without access to the internet.
Example:
Cause
The Monitor issues CRL authentication (click here for more information) to the internet in order to validate the certificate and the session times out (internet unreachable.)
Traced packets can revel connection attempt to cacerts.digicert.com
Known IP addresses:
- 104.16.238.184
- 104.16.239.184
- 104.16.237.184
- 104.16.241.184
- 104.16.240.184
- crl3.digicert.com - aka: cs9.wac.phicdn.net IP: 72.21.91.29
- crl4.digicert.com - aka: rvip1.ue.cachefly.net IP: 66.225.197.197
**Suggested Solution
To update CTL follow instructions here:
The suggested workaround to this issue it to bypass the Monitor need to verify the digital signature or update trusted and disallowed CTLs in disconnected environments in Windows.
To manually apply the workaround for this issue: (A text file is downloadable below ready for use.)
- Go to C:\Program Files\ControlUpMonitor\7.0.2.11
- On the remote machine, create a notepad file and name it: cuMonitor.exe.config with the following text:
<xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>