Server domains/IP addresses should be whitelisted in firewalls, proxies, antivirus software, web filters, etc. Find the list of domains here. To verify domain reachability: Open your browser, type https://<domain name>
, and check whether the HTTPS requests are successful without requiring any user intervention.
To make the agent communicate via proxy, the proxy should be configured for remote offices. This can be done by navigating to Agent -> Remote Offices -> Edit Remote Office.
NOTE:
Transport Layer Security (TLS) is the security protocol used for encrypting communication between web servers and endpoints. Support for older versions 1.0 and 1.1 has been withdrawn due to security concerns. TLS 1.2 is made mandatory for communicating with the cloud server (Link). In some legacy Windows devices such as Windows 7, Windows Server 2008 R2, and Windows Server 2012, TLS 1.2 is not enabled by default. Navigate to the following link to enable TLS 1.2: Update to enable TLS 1.1 and TLS 1.2 as default secure protocols in WinHTTP in Windows.
Some proxies might intercept agent-server communication by providing their own self-signed certificate. In such cases, a proxy root certificate has to be installed in the machine's trust store. Manual certificate installation steps and certificate installation via GPO steps are attached below.
Root certificates are used to authenticate a website's identity and enable encrypted communication with the server. The Windows Root Certificate Program enables trusted root certificates to be distributed automatically in Windows. Some reasons for missing root certificates include:
Registy Path | HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\AuthRoot |
Registry Name | DisableRootAutoUpdate |
Registry Value | 1 [REG_DWORD] |
The following root certificates are used to authenticate the server domains: link. If the root certificate is missing on some machines, the certificate can be installed manually.
mmc.exe
.If the root certificate is missing on many machines, certificates can be installed via GPO. Refer to the following steps for Certificate Installation Via GPO: link