DescriptionLogin Prompt Does Not Appear After Downloading Persistent Agent 3.x or Higher
ScopeVersion: Agent 3.x and higher
SolutionVersion: Agent 3.x and higher
Issue: Agent completes download but the login prompt does not appear after 5 minutes.
This suggests communication between Network Sentry and the agent is incomplete. Below are some possible causes.
Many or All Hosts Affected
Potential Cause 1: Incorrect DNS name resolution due to configuration on Network Sentry.
As of Persistent Agent version 3.x and Dissolvable Agent version 3.1.x, SSL certificate validation must be able to complete in order for the agent to successfully start communication with Network Sentry. This requires the endstation to be able to reach certain sites on the internet.
Solution: For common domains that need to be resolved for SSL Certificate validation, and instructions on how to add/remove domains in Network Sentry, see How To Add Allowed Domains to Network Sentry.
Potential Cause 2: Issues with SSL Certificate in Network Sentry. This could be any of the following:
- Certificate not installed or expired.
Solution: See SSL Certificates How To for installation and certificate renewal instructions.
- Installed Certificate incomplete (missing intermediate certificate).
Solution: See Identify Missing SSL Certificates via Administrative UI.
Potential Cause 3: Firewall blocking port 4568/4567 traffic.
Solution: Ensure TCP port 4568 and UDP port 4567 traffic is not being blocked by a firewall on the network.
Small Number of Hosts Affected
Suggests something on the endstation is preventing the communication.
Potential Cause 1: Incorrect DNS name resolution.
Solution a: Ensure there aren't any static DNS server entries. While within the registration/remediation/isolation VLAN, Network Sentry must act as the DNS server.
Solution b: Flush the DNS cache to ensure there aren't any cached DNS entries.
Windows command: ipconfig /flushdns
Mac OSX: Command can vary depending upon OS X version. One article to reference from Apple for DNS flush commands is the following:https://support.apple.com/en-us/HT202516
Potential Cause 2: Firewall blocking port 4568/4567 traffic on endstation:
The agent automatically adds an exception to allow this traffic only through Windows firewall. If the endstation has another program with a firewall feature enabled, this could be blocking the traffic.
Solution: Disable firewall feature on endstation or configure firewall to allow TCP 4568 and UDP 4567.
Potential Cause 3: Endstation Missing Root certificate to validate the issuing Certificate Authority (CA) of the certificate installed on Network Sentry.
Solution: See Solution 1855 for instructions on how to view the list of trusted CA's on either Windows or Mac OSX.