10 Dec 2018 06:55 AM
Hello, We are getting the Certificate check failed in the ruxitagent_host log file while connecting to the Dynatrace live cluster during the OneAgent installation. We have already opened the 443 and 8443 ports. Telnet is successful on 443 but the telnet on port 8443 is not successful.
Below are the log lines in uxitagent_host log file:
2018-12-06 10:20:36.111 UTC [00001cc8] info [native] URL https://123abc.live.dynatrace.com:443/communication not working (SSL certificate problem: unable to get local issuer certificate) (occurred 63 times in the last 1h 0m 0s)
2018-12-06 10:21:35.369 UTC [000011c8] info [native] Removed file:C:/ProgramData/dynatrace/oneagent/log/process/ruxitagentproc_2018-11-22.log
2018-12-06 10:21:35.399 UTC [00001e74] info [native] suspicious: AutoUpdater: Failed to get new version: Not sent because last heartbeat failed.
2018-12-06 10:21:35.981 UTC [00001cc8] warning [native] Certificate check failed
What is the probable cause of this? and the possible resolution.
Solved! Go to Solution.
10 Dec 2018 08:05 AM
Hi,
You need open port 8443.
Radek
10 Dec 2018 08:29 AM
Hi Radoslaw, The network team has opened the 8443 as well but there is no ACK packets being seen. Is there certificate issues somewhere? Not sure though.
Regards, Rajesh
10 Dec 2018 08:38 AM
It possible that your proxy/firewall server has self-signed (or non CA-signed) certificate. In that case you need to add that certificate to dynatrace truststore.
See https://www.dynatrace.com/support/help/deploy-dynatrace/managed/configuration/how-to-add-a-certificate-to-server-trust-store/ for details.
14 Dec 2018 08:57 AM
It was found that the the monitored server used proxy which was blocking the certificate negotiation between the Saas and Agent. For this network team added the bypass rule for certificate negotiation on the proxy server. After this agent got connected to SaaS cluster.
14 Dec 2018 09:04 AM
Nice to know;) Great
14 Dec 2018 09:06 AM
It was found that the the monitored server used proxy which was blocking the certificate negotiation between the Saas and Agent. For this network team added the bypass rule for certificate negotiation on the proxy server. After this agent got connected to SaaS cluster.