Targets unable to contact the server successfully and a session cannot be established with these targets
- Symptom
- Targets cannot contact the server successfully and a session cannot be established with the targets.
- Causes
- The target may not have the correct web address for the server or the host name part of the web address, which it uses to contact the server, does not match the common name in the server's SSL certificate.
- Solution
-
After you install the target software the target tries to contact the server. It uses http or https, and the server web address that you defined during the installation of the target. However, there are two important things to note to ensure that the connection between the server and target is successful.
- The target needs to have the correct web address for the server.
- The host name part of the web address must match the common name in the server's SSL certificate.
When you install the BigFix® Remote Control Server by using the installation program, you must ensure that you enter the correct values in the Web server parameters window. The upload data to server field takes the computer name from the Windows® operating system settings. The server installer program uses the field value to generate the server URL and the SSL certificate. The server URL is used to set the url property value in the trc.properties file. Therefore, you must specify the correct name during the installation. If you specify an incorrect value the following problem might occur. When a target contacts the server for the first time, it uses the ServerURL property from the target registry or configuration file to contact the server. When the server responds to the target it includes the server address that is assigned to the url property in the trc.properties file. The target uses this address to contact the server in the future. If the web address that is sent to the target is incorrect, the symptoms you will see are that the target can register once and then is unable to contact the server again. After a while the target is marked as being offline. You are also unable to start sessions with this target, because the target does not have a correct working server address with which to authenticate an incoming session.
The common name that is in the server's SSL certificate has to be a host name that actually resolves to the IP address of the server. If the SSL certificate, for example, has mytrcserver, but on the target there is no way to translate 'mytrcserver' to the IP address of the server, then your environment is not correctly configured. The only names that are correctly supported for this are fully qualified domain names that are registered in the DNS, for example, mytrcserver.location.uk.example.com. If you use only mytrcserver, then that will only work if the server and target are on the same local network and have WINS configured.
You can check that the DNS server is properly configured by using the nslookup command to query the full computername and IP address.
In the example you can see that the server hostname resolves to the correct IP address.For example: At a command prompt type the following commands C:\>nslookup Default Server: gbibp9ph1--31ndcr.wan.example.com Address: 192.0.2.21 Type in the hostname of your server > mytrcserver.location.uk.example.com Server: gbibp9ph1--31ndcr.wan.example.com Address: 192.0.2.21 Name: mytrcserver.location.uk.example.com Address: 192.0.2.25 Type in the ip address of your server > 192.0.2.25 Server: gbibp9ph1--31ndcr.wan.example.com Address: 192.0.2.21 Name: mytrcserver.location.uk.example.com Address: 192.0.2.25