Deployment failures due to CRL Validation

ControlUp Agents

The Issue:

Installing the ControlUp Agent fails with a timeout (screenshot)

After installation of the ControlUp Agent or upgrading from previous versions, the Console can experience difficulties reconnecting to remote agents in environments without access to the internet.

image001.png

The Cause:

The Agent issues CRL authentication (click here for more information) to the internet in order to validate the certificate and the session times out (internet unreachable.)  

Traced packets can revel connection attempt to cacerts.digicert.com 

Known IP addresses:  104.16.238.184, 104.16.239.184, 104.16.237.184, 104.16.241.184, 104.16.240.184

crl3.digicert.com - aka: cs9.wac.phicdn.net  IP: 72.21.91.29                                              crl4.digicert.com - aka: rvip1.ue.cachefly.net  IP: 66.225.197.197

Suggested Solution:

To update CTL follow instructions here: 

Microsoft Trusted Root Certificate Program Updates

Microsoft Support downloadable packages 

How to update step by step guide 

The suggested workaround to this issue it to bypass the Agent need to verify the digital signature or update trusted and disallowed CTLs in disconnected environments in Windows.

To manually apply the workaround for this issue: (A text file is downloadable below ready for use.)

  1. Go to C:\Program Files\Smart-X\ControlUpAgent\Version 7.1.0.124
  2. On the remote machine create a notepad file and name it: cuAgent.exe.config with the following text: 
<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>
  

A text file is downloadable below ready for use:

cuAgent.exe.config.txt (142 Bytes)

ControlUp Monitors

The Issue:

Installing the ControlUp Monitor fails with timeout (screenshot)

After installation of ControlUp Monitor or when upgrading from a previous version, installation of the Monitor can fail to validate the certificate in environments without access to the internet. 

Example:

image002.png

The Cause:

The Monitor issues CRL authentication (click here for more information) to the internet in order to validate the certificate and the session times out (internet unreachable.)

Traced packets can revel connection attempt to cacerts.digicert.com 

Known IP addresses:  104.16.238.184, 104.16.239.184, 104.16.237.184, 104.16.241.184, 104.16.240.184

crl3.digicert.com - aka: cs9.wac.phicdn.net  IP: 72.21.91.29    crl4.digicert.com - aka: rvip1.ue.cachefly.net  IP: 66.225.197.197

Suggested Solution:

To update CTL follow instructions here: 

The suggested workaround to this issue it to bypass the Monitor need to verify the digital signature or update trusted and disallowed CTLs in disconnected environments in Windows.

To manually apply the workaround for this issue: (A text file is downloadable below ready for use.)

  1. Go to ->  C:\program files\controlup monitor\7.0.2.11
  2. on the remote machine create a notepad file and name it: cuMonitor.exe.config with the following text: 
 

<?xml version="1.0" encoding="utf-8"?>
<configuration>
<runtime>
<generatePublisherEvidence enabled="false"/>
</runtime>
</configuration>

 

 

A text file is downloadable below ready for use:

cuMonitor.exe.config.txt (142 Bytes)

 

1-on-1 Demo
Schedule now
Price Quote
Get it now
Need a Script?
Get it here
Powered by Zendesk