IT Management Suite

 View Only

  • 1.  Agent connection to task server on WinXP is only on port 80

    Posted Sep 30, 2021 05:03 AM
    Hi Experts,
    been trying to change connection on an end target (WinXP) from port 80 to port 443 to the Task server.
    I Pushed the required certificates, as on other OS versions, but for some reason this doesn't help.

    Any ideas?

    Thanks,
    Hagai


  • 2.  RE: Agent connection to task server on WinXP is only on port 80

    Broadcom Employee
    Posted Sep 30, 2021 05:26 AM

    Hi Hagai!

    1. Your WinXP client should register with remote Task Server or with Task Server which is running on NS itself?

    2. Check NS communication profile & Site Server profiles whether they have TLS 1.0 enabled in SSL settings.

    Check that communication profiles have enabled HTTPs URL with correct ports and in SSL settings there is Task Server certificate(s) available, so after policy refresh on client side, they will know about HTTPs:port and certificate(s) for appropriate Task Server.

    3. How you enabled HTTPs and applied certificates for Task Server in IIS? Or HTTPs is enabled/applied using Global Site Server settings policy for Task Server?

    4. What shows SMA Log on this WinXP is you manually click "Reset Agent" button in "Task Status" tab of SMA UI?

    Thanks,
    IP.



    ------------------------------
    [JobTitle]
    [CompanyName]
    [State]
    ------------------------------

    Original Message


  • 3.  RE: Agent connection to task server on WinXP is only on port 80

    Posted Sep 30, 2021 06:18 AM

    Hi Igor! How are you Sir? ��

     

    WinXp target is a regular windows station (not a NS / SMP / Site server) – it should be registered (and it registered) to a remote task server. SMP port is 443 successfully, only task server port is 80 which I wanted to investigate root cause.

    I have the communication profile set to TLS 1.0 (by the way, if I will enable 1.1. and 1.2, does it do any harm / take any resources after implementation? I don't want to make too many changes if are not required:


     

    And the global site server settings configures as such (I disabled way back for the SMP to connect using http, so it's only the issue with the Task Server that is currently port 80, while I want it to be port 443) :

     

     

    Manual Log from the WinXP station:

    30/09/2021 12:08:07      Client Task Agent             client task agent.dll        Task Server Connection: Failed to register on Task Server 'task.server.com' over 'https', error: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider (0x800B0109)

     

     

    So, this means my RootCA is the root issue?

    Also, if the SMP is still connection established on 443, and only the task server connection is on port 80, what harm is being done? Will there any tasks / scripts / or any other jobs that won't be able to run properly ?

    • Just trying to assess cost effectiveness

     

    Thanks,

    Hagai

     




    Original Message


  • 4.  RE: Agent connection to task server on WinXP is only on port 80

    Posted Sep 30, 2021 11:28 AM

    Issue resolved,

     

    Apparently when pushing a certificate to WinXP, it doesn't provide you the option to push into "local machine" as default, and action must be taken sing MMC.exe console manually.

     

    All is working fine now, thanks,

     

    Hagai

     




    Original Message