Showing results for 
Show  only  | Search instead for 
Did you mean: 

LsAgent failing - Lansweeper SSL Expired

Engaged Sweeper
We've had issues with clients using the Lansweeper agent not reporting to our server lately. Today I checked the logs on a new client that is failing and I see the SSL certificate for is expired.

The specific error from the logs is:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority ''. ---> System.Net.Http.HttpRequestException: The SSL connection could not be established, see inner exception. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

When looking at the SSL certificate, I see it's a wildcard certificate that expired on July 16, 2020.

I created a ticket, however, I received a response that they are backlogged. Hopefully, someone from Lansweeper will see this and get the certificate updated.

Engaged Sweeper III
Could you create a DNS CNAME to point to or either modify the hosts file on the machine?

Engaged Sweeper II
Just FYI.

I updated one of my client PCs and the issue is now gone.

The reason appears to be that Lansweeper changed the DNS for the relay server.

Lsagentlog.txt now shows:
DEBUG Created RelayCommunicationSender to URL

instead of:
DEBUG Created RelayCommunicationSender to URL

it is so odd that the agent has this hardcoded and not configurable from the local server, i.e. configuration on local server --> relay --> agent. This way we could perform a smooth transition.

More concerning is that Lansweeper team did not provide a primary and a secondary DNS OR resolved that with the old DNS (with a redirection).

We will need to schedule a Unscheduled update of 800+ machines now.

Engaged Sweeper
Lansweeper confirms upgrading the LSagent to the latest version will fix the problem. I had tried this and indeed fixed the issue.

This is frustrating as all our 200 clients can no longer update the Lansweeper database. We depend on the cloud services to ensure our database is updated.

Secondly Lansweeper does not inform us of a new LSAgent patch till we find out there is an issue.

Finally, the LSAgent has no built in capability of upgrading itself, hence we would have to roll it out to over 200 computers manually to get back to where we were. Lansweeper should build it into LSAgent to have the capability of updating the SSL cert without reinstalling. This would make things simple.