/build/static/layout/Breadcrumb_cap_w.png

Systems Management Question


Returning laptops won't connect to Kace SMA. Why?

09/02/2020 101 views

My workplace has a library of laptop computers that can be checked-out by employees and returned.  

When the laptops are in the library, and connected to the Workplace network, they are connected to the Kace SMA.

When the laptops are taken offsite, and connected to the Workplace network via VPN, they connect to the Kace SMA.

But when the laptops are returned to the library, and connect to the Workplace network, they will not re-connect to the Kace SMA.  If I launch the KACE Agent Toolkit and press the Server Retrust button, then the laptop connects to the Kace SMA and is happy until it is again taken offsite and then returned to the library.

I first noticed this issue a few months ago on the prior Kace SMA release, but just now have time to investigate.  Our SMA is running the most recent release and agent, agent version 10.2.108.

I opened a support case with Kace a couple weeks ago, and provided several Kaptures, log files, and screenshots. There has not been a quick resolution.  The only clue to the problem we have identified is the konea.log scrolls errors about a "certificate signed by unknown authority".  That's odd to me because SSL is not enabled on the Kace SMA.  I have considered enabling SSL, but don't care to go through that hassle to learn that it doesn't solve the problem.

I appreciate any suggestions for resolving the issue.

Answer Summary:
0 Comments   [ + ] Show comments

Comments


Answer Chosen by the Author

0

The Agent has two communications paths to the SMA. 

One is the koneas (server)  - konea (Agent) that uses port 443 HTTPS regardless if you have SSL enabled for the Apache Web Server running on the SMA. This process does involve a SSL certificate.

The konea communications is how the Agent receives tasks like "Hey go run inventory".

Once this inventory task for example is completed.  The inventory is uploaded to the Apache Web Server on the SMA using port 80 HTTP since you do not have SSL enabled.

It is highly recommended to use a SSL certificate from a well known ROOT CA with the Apache to make your environment more secure.


Do you have any type of Proxy between the SMA and these external devices that may do SSL inspection on the traffic?


Answered 09/02/2020 by: KevinG
7th Degree Black Belt

  • Thank you. That information was very helpful. Based on it, we re-inspected and identified a firewall SSL Decryption rule that was causing the problem. We whitelisted the KACE SMA from SSL Decryption, and the problem appears resolved.

All Answers

0

It is highly recommended to use a SSL certificate from a well known ROOT CA with the Apache to make your environment more secure

Answered 09/14/2020 by: Sanjeev9910
Senior White Belt

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ