5 Replies Latest reply on Mar 11, 2008 8:04 AM by dgaines

    Unable to get a gateway certificate

    dgaines Apprentice

       

      When I request a certificate on a client through the broker config, the client waits for the certificate for 5 minutes then returns an error message "Failed to retrieve certificate.".  The client's broker config log looks like this:

       

       

      Mon, 10 Mar 2008 15:39:35 PostCertificate() posting cert to host <core server name>, proxy

      Mon, 10 Mar 2008 15:39:35 PostCertificate() StartSession returned 0

      Mon, 10 Mar 2008 15:39:35 PostCertificate() request returned 0

      Mon, 10 Mar 2008 15:39:35 PostCertificate() Write returned 0

      Mon, 10 Mar 2008 15:39:35 PostCertificate() Response returned 0, status of 202

      Mon, 10 Mar 2008 15:44:35 GetCertificate() File did not appear after 300 seconds

       

       

       

      The broker service log looks like this:

       

       

      Mon, 10 Mar 2008 15:39:29 Processing Certificate Request File C:\Program Files\LANDesk\ManagementSuite\brokerreq\8863.e8d7f56dee288c1.csr

      Mon, 10 Mar 2008 15:39:29 Error loading Authority files C:\Program Files\LANDesk\ManagementSuite\brokerreq\8863.e8d7f56dee288c1.csr:No CA files found for requestC:\Program Files\LANDesk\ManagementSuite\brokerreq\8863.e8d7f56dee288c1.csr

       

       

       

      Now some clients can get the certificate and others cannot.  This log is from a freshly installed client.

       

       

       

       

       

        • 1. Re: Unable to get a gateway certificate
          dgaines Apprentice

          Ok, more information...  It appears on a new install, there is a certificate missing from the c:
          Program Files\LANDesk\Shared Files\cbaroot\certs directory.  I copy that file in from an existing working client and i am able to request certificates.   Is that file suppose to be installed by the client install or is it generated at a later time by some process?

          • 2. Re: Unable to get a gateway certificate
            Employee

            That .0 file will get copied during agent install if the following conditions are met:

            1) The .key and .crt files that correspond to the .0 file are in the C:\Program Files\LANDesk\Shared Files\Keys directory on the core.

            2) The .0 file is in the ldlogon directory on the core.

            3) The agent configuration has that certificate checked. Just open the agent configuration and click on "Standard LANDesk agent" to see what certificates are checked.

            • 3. Re: Unable to get a gateway certificate
              dgaines Apprentice

              Ok, all of those conditions are in place.  Is there a log file that will tell us more information on why that is not being copied?

              • 4. Re: Unable to get a gateway certificate
                Employee

                It depends. How are you deploying your agents? If you do a regular agent push, and the .0 file is not properly added to the cab, the task will generate an error.

                 

                Check the agent configuration .ini file in ldlogon. Check for the .0 file in that .ini file. If it's not there, try a "Rebuild All" in the console (in the agent config section) and see if that adds the file. That is what will handle adding that file to the agent install.

                 

                You may also want to open the .0 file with a text editor and make sure it's pointing to the certificate (.key and .crt) files in your keys directory.

                 

                If the .0 file is getting added, but doesn't copy to the client, I wonder if the LANDesk Management Agent is installing correctly. Is the service there and running?

                 

                You could also try an uninstall of the agent, then try installing again.

                • 5. Re: Unable to get a gateway certificate
                  dgaines Apprentice

                  Rebuilding the clients seems to have done the trick.  Thanks