DescriptionWhen running the Dissovable Agent, the message "Unable to obtain configuration from server" appears.
The Dissolvable Agent (DA) leverages the SSL Certificate installed on the Captive Portal for agent server communication. As such, the DA needs internet access in order to validate the SSL Certificate. The protocols used for certificate validation are OSCP and CRL. These protocols use port 80 and 443 for communication.
ScopeVersion: Dissolvable Agent 3.1.x and aboveSolutionEnsure the requirements for successful SSL Certificate validation are in place:
- Third Party SSL Certificate is installed for the Portal and has not expired (System > Settings > Certificate Management). If certificate is not installed or has expired, install a new certificate.
- SSL Certificate for Portal is active (System > Settings > Portal SSL). SSL Mode should display Valid SSL Certificate.
- All intermediate and root certificates are installed. For instructions on identifying any missing certificates, see related KB article below.
- Sites used for OCSP and CRL validation are resolvable. For instructions on troubleshooting domain resolution, see related KB article below.
- Ports 80 and 443 are allowed access to the internet from the isolation networks. To validate, while in isolation, try browsing to an HTTP and a HTTPS site from the Allowed Domains List (System > Settings > Allowed Domains) (example: avg.com & avast.com).
- Verify the endstation has the correct Trusted Root Certification Authorities. See related KB article below for instructions.
Related Articles
Technical Note: Verify Trusted Certificate Authorities on Windows or Mac OSX
Technical Tip: Troubleshooting domain resolution in the captive portal
Technical Note: Identify missing SSL certificates via administration UI