No communication between Ivanti Automation Agent and Ivanti Automation Dispatcher with a Self-Signed Certificate

Version 5

    Problem

    Consider the following scenario:

     

    • Ivanti Automation has been upgraded to version 2018.1.
    • A self-signed certificate is used for the communication between the Automation Agents and the Automation Dispatcher.
    • The FQDN of the Ivanti Automation Dispatchers does not match the configured FQDN in the Ivanti Automation Dispatcher list.

     

    In the above scenario, the upgraded agents are displayed as "offline" in the Ivanti Automation Console

     

    Cause

    The Ivanti Automation upgrade pack uses the local hostname, FQDN, and IP address to generate a self-signed certificate.

    If alternate addresses for these Ivanti Automation Dispatchers are configured through DNS, these will not be included in this certificate.

    This results in an invalid trust relationship between the Ivanti Automation Agents and the Ivanti Automation Dispatchers.

     

    Solution

    Solved in Ivanti Automation 2018.1.1