Windows Server 2003 unable to check in to TMS

cancel
Showing results for 
Search instead for 
Did you mean: 

Windows Server 2003 unable to check in to TMS

L3 Networker

Hello everybody,

 

  I'm trying to connect an old Windows Server 2003 (service pack 2, 32 bits) to the traps management service. I know that I have to use an old version of the agent (I've installed 5.0.10), but the agent fails to check into the TMS. The problem is related to a certificate that the agent fails to validate. I installed all the required hot fixes listed here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClPRCA0

 

and then followed the steps described here: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr...

 

But I'm unable to find the third certificate in the list at Step 3 (GlobalSign (Google)).

 

Has anyone succeded in this kind of setup?

 

Thank you in advance.

"Tutto ciò che tu fa è male, io voglio che tu sa ciò." (cit. Janosz Poha)
1 ACCEPTED SOLUTION

Accepted Solutions

L1 Bithead

I was able to make most of mine work with just two. i got them through help desk inquiry and imported with certificates add-in mmc and they worked fine. Not sure what they google one is for. What i did note though was on about 3 of 20 servers they connected and showed in management but they remained red on endpoint. Looking at traps log though they appeared to be working anyway.

View solution in original post

9 REPLIES 9

L1 Bithead

I was able to make most of mine work with just two. i got them through help desk inquiry and imported with certificates add-in mmc and they worked fine. Not sure what they google one is for. What i did note though was on about 3 of 20 servers they connected and showed in management but they remained red on endpoint. Looking at traps log though they appeared to be working anyway.

View solution in original post

L3 Networker

Hi Grenzi,

 

On your machine or other machine that is working, you can do mmc-->add or remove snap-ins and select Certificates then select computer account. Once loaded, you can go to Trusted Root Certification Authorities-->Certificates then try to find the GlobalSign cert with the correct thumbprint per step 3,  then you can export it and import it to the server where its missing this certificate.

 

https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr...

 

@JohnSmith7732 

Have you tried restarting the cortex xdr service? or is it still red even after the server reboot/restart?

Thank you. I had to import all the CA certificate using the MMC as well. Now the agent seems to work, but with the strange behavior as described by @JohnSmith7732: on the host, the agent shows that is not connected, but in the Endpoint Administration page on Cortex XDR the client shows as connected.

"Tutto ciò che tu fa è male, io voglio che tu sa ciò." (cit. Janosz Poha)


@JohnSmith7732 wrote:

I was able to make most of mine work with just two. i got them through help desk inquiry and imported with certificates add-in mmc and they worked fine. Not sure what they google one is for. What i did note though was on about 3 of 20 servers they connected and showed in management but they remained red on endpoint. Looking at traps log though they appeared to be working anyway.


Hi @JohnSmith7732 , the support confirmed that all three certificates are required (I exported them from another machine, as suggested by @jcandelaria ), as well as the patch KB2868626 for the operating system to support SHA256. Now my agents are connected successfully.

"Tutto ciò che tu fa è male, io voglio che tu sa ciò." (cit. Janosz Poha)

@grenzi Have you tried restarting the xdr service? or is it the same even after you restarted the server itself?


@jcandelaria wrote:

@grenzi Have you tried restarting the xdr service? or is it the same even after you restarted the server itself?


No need to restart the server or the service itself after installing the patch and the CA certificates.

"Tutto ciò che tu fa è male, io voglio che tu sa ciò." (cit. Janosz Poha)

I have to go back and visit the 3 again. Thanks for the suggestion

@grenzi good to know that the agent is working and connected..

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!