Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
vinceneil666
Advisor

SandBlastAgent, onprem, clients unable to registre.

Jump to solution

hi,

For an on-prem solution, r80.40, I am having issues with clients not able to register to the management. The just dont show up att all.. The strange thing is that they used to work, but all of a sudden stopped.

( there was a task performed some time during the time they started getting issues, but should not be related I think. We did a revoke and regen of the sic certificate ref:sk20905 )

We have verified all ports OK in the firewall - so there should be no blocking the agents getting to the management.

Looking at the logs from the client I see a lot of this:

--deleted info----- Error 0x0 111 0 cpdaApp: (CFNetwork) Connection 25414: default TLS Trust evaluation failed(-9813)
--deleted info----- Default 0x0 111 0 cpdaApp: (CFNetwork) Connection 25414: TLS Trust result -9813
--deleted info----- Error 0x0 111 0 cpdaApp: (CFNetwork) Connection 25414: TLS Trust encountered error 3:-9813
--deleted info----- Error 0x0 111 0 cpdaApp: (CFNetwork) Connection 25414: encountered error(3:-9813)
--deleted info----- Default 0x0 111 0 cpdaApp: (CFNetwork) Connection 25414: cleaning up

 

Another thing that I am considering is that there has been a task on the management. The portal port (443) had been changed to another port - as we do for most gateways - so no to crash with the ssl port...  For the management this is really not an issue - so some time back we changed the management portal port back to 443 ----  could this have an impact on client reg ??

 

Any help is appreciated ! 🙂 

0 Kudos
1 Solution

Accepted Solutions
Igor_Moskowitz
Employee
Employee

Dear vinceneil666,

Endpoint clients connect to the management on port 443. If you enable Endpoint Management Blade the Gaia portal will change to 4434 to enable your endpoint clients to connect. Please change the Gaia-Portal to a different port (4434 for example) and you clients should be able to connect again.

 

Best regards,
Igor

View solution in original post

(1)
3 Replies
Lzm
Participant

A common debug I use for these cases is to check the https://MGMT_IP/cp/connectionPoint.

You should reach Uepm Connection Point Status Page. Other than that it should be a misconfiguration with ports. The sk172485 helped me, I was updating from R80.40 to R81 and it solved the problem. This may give you a way, but I'd advise contacting TAC to analyze your case specifically.

Cheers!

vinceneil666
Advisor

I found out that we recently had changed the Gaia portal port from 4434 to 443. Looking at the SK it kinda looks like we are onto something.

I do not have the stuff in the logs, as specified by the SK. But -- the rest of it matches. I will look into the hotfix or the workaround. Thank you 

Igor_Moskowitz
Employee
Employee

Dear vinceneil666,

Endpoint clients connect to the management on port 443. If you enable Endpoint Management Blade the Gaia portal will change to 4434 to enable your endpoint clients to connect. Please change the Gaia-Portal to a different port (4434 for example) and you clients should be able to connect again.

 

Best regards,
Igor

View solution in original post

(1)