I am getting error while installing Microsoft Monitoring Agent.
Installation Error Screenshot
I look at the Monitoring agent log file available in %temp% file and it shows below Error.
Error: Failed to connect, exception : System.Net.WebException: The request was aborted: Could not create SSL/TLS secure channel.
at System.Net.HttpWebRequest.GetResponse()
at Microsoft.MOMv3.Setup.MOMv3ManagedCAs.ValidateOpInsightsConnection(Session session)
I check communication and firewall all are ok but getting same error. I have referrer official document troubleshoot issues as well but didn't help much on this. Same Agent we are able to install on other systems and working fine. So our Workspace key and ID is working fine.
please help here to resolve this issue.
Above issue can be resolved by set up correct registry entry. If Hardening is applied and lower version of TLS is disabled then above issue will occur.
This is basically TLS handshake issue between target system and Azure Log Analytics.
To resolve, we have to Setup below Registry policy.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\Protocols\TLS 1.0\Client]
"Enabled"=dword:00000001
"DisabledByDefault"=dword:00000000
Related
When logging on to OWA using a browser, receive a 503 error. In the Fiddler trace will see a more detailed response status code:
503 Failed authentication on backend server: Unauthorized
On the Exchange Server, see the following System event log (intermittently):
Event 4 Security-Kerberos
The Kerberos client received a KRB_APP_ERR_MODIFIED error from the server exchangeserver$.
The target name used was HTTP/exchangeserver.ad.root.
This indicates that the target server failed to decrypt the ticket provided by the client.
I hope someone only receives this in a lab environment!
Here is a link to enable Kerberos logging, which could be helpful as well: https://learn.microsoft.com/en-us/troubleshoot/windows-server/identity/enable-kerberos-event-logging
After enabling Kerberos logging, would see the KRB_APP_ERR_MODIFIED error more frequently, whereas before would not be logged each time a logon attempt occurred.
The issue here (in the lab) was that a duplicate SPN for the Exchange Server in question was added erroneously to another server, causing a duplicate. This was due to trying to enable Kerberos delegation for a separate web application.
Although there could be a quicker way to do this, you can list the SPNs on each server to look for your erroneous exchangeserver record by running
setspn -l otherservername (this is a lower-case L)
And if you find that SPNs like http/exchangeserver or http/exchangeserver.ad.root are listed on another server (say 'otherservername'), you can carefully remove them by running
setspn -D http/exchangeserver otherservername
setspn -D http/exchangeserver.ad.root otherservername
I was able to logon to OWA immediately after the duplicate SPN was removed, without restarting any servers or services.
Check, if the bindings for Exchange Backend website in IIS is correctly configured. You can check this by visiting IIS console in the server and open bindings for Backend website for 443 port. See, if the certificate is assigned well
Also, check, if the Default website's binding is correct. It should have thirdparty SSL certificate assigned or the self signed certificate
If any of the bindings are incorrect, fix it and restart IIS (iisrest from cmd prompt). Check again
I have installed and configured an on-premise VSTS agent behind a corporate firewall. At first, the Nuget tasks were failing with connection related errors, but I fixed this using the HTTP_PROXY and HTTPS_PROXY environment variables. However, the Nuget Push task ( VSTSNuGetPush.exe ) is still failing with a connection related error, and I need to establish exactly how it expects proxy information to be configured?
From the VSTS logs, the actual error message is:
2018-06-21T11:28:25.6945523Z System.Net.Http.HttpRequestException: An error occurred while sending the request. ---> System.Net.WebException: Unable to connect to the remote server ---> System.Net.Sockets.SocketException: A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond 13.107.6.175:443
I'm not sure if it complicates things, but the first step in the release is a Nuget Tool Installer of 4.6.2 to ensure semantic versioning 2.0 is supported.
Any help greatly appreciated!
There isn't any way to achieve this for now.
As a workaround, you can add a variable "NuGet.ForceNuGetForPush" in your build definition and queue the build with its value set to true. This will force the task to use nuget.exe to push the package which should read the proxy settings.
I am trying to enable SSL on Apache Server (XAMPP) on Windows Server 2012 R2. I have a signed certificate from a Certificate Authority.
Following the installation instructions, I copied the private key, Server Certificate and Intermediate CA certificate properly to right directory and also made necessary certificates name path settings in httpd-ssl file.
Now when i am trying to start Apache through Xampp it is giving me following error:
Error: Apache shutdown unexpectedly.
12:42:29 This may be due to a blocked port, missing dependencies,
12:42:29 improper privileges, a crash, or a shutdown by another method.
12:42:29 Press the Logs button to view error logs and check
12:42:29 the Windows Event Viewer for more clues
12:42:29 If you need more help, copy and post this
12:42:29 entire log window on the forums
Finally error is resolved now. The Error is because of "SSLPassPhraseDialog builtin is not supported on Win32". I followed this link and got it working. "https://support.quovadisglobal.com/KB/a90/i-get-error-message-error-init-sslpassphrasedialog.aspx" Thanks again.
After what seemed like a successful renewing of an academic license of Enthought Canopy 1.4.0 installed on OS10.9.2 executing any code would immediately return a crash report that said among other things:
User not logged in: Authentication failed: Authentication error: UNAUTHORIZED.
I did a complete clean re-install and now code runs but starting package manager returns an error:
Could not connect to authentication server. Reason: UNAUTHORIZED
Could not connect to Canopy server.
Please check your network connection.
Package manager will not be able to update or install new packages.
If you are behind a proxy firewall, please check your proxy settings in the Preferences dialog
My network connection seems to be fine and I have moved to another location to get on a completely different network and get the same result and am not aware of any proxy firewall on either network.
I've installed Web Deploy 2.1 on a Server 2008 R2 running under VMWare.
In the IIS Manager (Management Service applet) I can see that "Enable Remote Connections" is checked and the port is set to 8172. Under "IIS Manager Permissions" I've added my Windows account (CORP\ekkis) and under the "Authentication" applet (for IIS) I have enabled "Windows Authentication".
I've also turned off the firewall.
So from the command line I test the system to work like this:
C:\Program Files\IIS\Microsoft Web Deploy V2>msdeploy -verb:dump -source:contentPath=\temp,wmsvc=192.168.0.70,username=CORP\ekkis,password=MyPass,authType=Basic -allowUntrusted=True
and get this:
Info: Using ID '9b954a0f-ff07-4e77-ba2c-d27472f5fda0' for connections to the rem
ote server.
Error Code: ERROR_USER_UNAUTHORIZED
More Information: Connected to the destination computer ("192.168.0.70") using t
he Web Management Service, but could not authorize. Make sure that you are using
the correct user name and password, that the site you are connecting to exists,
and that the credentials represent a user who has permissions to access the sit
e.
Error: Object of type 'contentPath' and path '\temp' cannot be created.
Error: The remote server returned an error: (401) Unauthorized.
Error count: 1.
I've also tried deploying with Visual Studio 2010 from the host OS with the following service urls (I haven't found proper documentation on how to form this url):
https://192.168.0.70/
https://192.168.0.70:8172/
https://192.168.0.70:8172/MsDeployAgentService/
https://192.168.0.70/MsDeployAgentService/
I've tried the non-secure versions as well but just cannot get it to work. What is the correct format for the url? and what permissions am I missing?
the errors from VS have varied depending on how I attempt it but below is a sample:
Could not complete the request to remote agent URL 'http://192.168.0.70:8172//MSDEPLOYAGENTSERVICE'.
The underlying connection was closed: An unexpected error occurred on a receive.
Unable to read data from the transport connection: An existing connection was forcibly closed by the remote host.
An existing connection was forcibly closed by the remote host
Publish failed to deploy.
there really should be a guide out there to do this (yes, I've googled myself blue in the face)!
thanks - ekkis
ok, I've figured out that the correct url is:
https://192.168.0.70:8172/MsDeploy.axd
and that having the "Windows Authentication" enabled doesn't seem to make a difference. Also, having my account in the "Managers" list doesn't seem to make a difference either.
so the back end was all working fine (I've turned off the Web Deployment Agent Service). it was just the url I had wrong.