/build/static/layout/Breadcrumb_cap_w.png

Returning laptops won't connect to Kace SMA. Why?

My workplace has a library of laptop computers that can be checked-out by employees and returned.  

When the laptops are in the library, and connected to the Workplace network, they are connected to the Kace SMA.

When the laptops are taken offsite, and connected to the Workplace network via VPN, they connect to the Kace SMA.

But when the laptops are returned to the library, and connect to the Workplace network, they will not re-connect to the Kace SMA.  If I launch the KACE Agent Toolkit and press the Server Retrust button, then the laptop connects to the Kace SMA and is happy until it is again taken offsite and then returned to the library.

I first noticed this issue a few months ago on the prior Kace SMA release, but just now have time to investigate.  Our SMA is running the most recent release and agent, agent version 10.2.108.

I opened a support case with Kace a couple weeks ago, and provided several Kaptures, log files, and screenshots. There has not been a quick resolution.  The only clue to the problem we have identified is the konea.log scrolls errors about a "certificate signed by unknown authority".  That's odd to me because SSL is not enabled on the Kace SMA.  I have considered enabling SSL, but don't care to go through that hassle to learn that it doesn't solve the problem.

I appreciate any suggestions for resolving the issue.


0 Comments   [ + ] Show comments

Answers (1)

Answer Summary:
Posted by: KevinG 4 years ago
Red Belt
0

Top Answer

The Agent has two communications paths to the SMA. 

One is the koneas (server)  - konea (Agent) that uses port 443 HTTPS regardless if you have SSL enabled for the Apache Web Server running on the SMA. This process does involve a SSL certificate.

The konea communications is how the Agent receives tasks like "Hey go run inventory".

Once this inventory task for example is completed.  The inventory is uploaded to the Apache Web Server on the SMA using port 80 HTTP since you do not have SSL enabled.

It is highly recommended to use a SSL certificate from a well known ROOT CA with the Apache to make your environment more secure.


Do you have any type of Proxy between the SMA and these external devices that may do SSL inspection on the traffic?



Comments:
  • Thank you. That information was very helpful. Based on it, we re-inspected and identified a firewall SSL Decryption rule that was causing the problem. We whitelisted the KACE SMA from SSL Decryption, and the problem appears resolved. - davidrnoble 4 years ago

Don't be a Stranger!

Sign up today to participate, stay informed, earn points and establish a reputation for yourself!

Sign up! or login

Share

 
This website uses cookies. By continuing to use this site and/or clicking the "Accept" button you are providing consent Quest Software and its affiliates do NOT sell the Personal Data you provide to us either when you register on our websites or when you do business with us. For more information about our Privacy Policy and our data protection efforts, please visit GDPR-HQ