Agent Server Communication Issues

Unsuccessful Ping

Problem:

Agent machine failed to contact the Endpoint Central server/ Distribution server due to failure of ping.

Reason:

Here is a list of possible reasons on why a ping fails:

1. Ping TimedOut - If the ping didn't receive the server installed machine on time. The usual available time will be 5 seconds
2. Ping DestinationUnreachable - If the server installed machine is not reachable from the agent machine, then the ping will fail
3. Ping BadDestination - If the ping carries an invalid address
4. Ping DestinationHostUnreachable - If the ping cannot reach the server host
5. Ping DestinationNetworkUnreachable - If the ping cannot contact the network on which the server is hosted
6. Ping DestinationProtocolUnreachable - If the server machine does not accept the protocol followed by the ping for communication
7. Ping BadRoute - If there is any error in the route through which the ping reaches the server
8. Ping DestinationScopeMismatch - If the source and destination address of the ping is not within the range of Central server.
9. Ping ICMPError - If there is any error in the protocol followed by ICMP to relay the communication
10. Ping PacketTooBig - If the size of the packet exceeds the maximum limit of MTU (Maximum Transmission Unit).
11. Ping SourceQuench - If the network packet is discarded by the server due to insufficient storage or quick processing time
12. Ping TimeExceeded - If the forwarding node (routers etc..) discard the packet since the Time to live (TTL) reached zero
13. Ping Unknown - If the ping fails due to unknown reason

Solution:

For the above-mentioned issues, please contact your organization's network administrator to fix them.

---

 

Port not reachable:

Problem:

Endpoint Central agent could not contact the server, since the ports on the server machine is not reachable.

Reason:

The ports for agent server communication are blocked on the network firewall/proxy server.

Solution:

Telnet the server installed machine to check the status of the ports used. The syntax is as follows telnet For example: telnet 172.22.139.179 8383
Open the Endpoint Central web console from the agent machine to check the connectivity.
If you are using a proxy connection, make sure the proxy details are stored in the server. You can also disable the proxy connection to check the connectivity status.
In case of any further assistance, reach out to our support team at endpointcentral-support@manageengine.com

---

 

SSL version error:

Problem:

Endpoint Central agent failed to reach the Central server when secure connection was enabled.

Reason:

If the 'Disable the older version of TLS' is configured, agents with obsolete version of TLS cannot connect the server.

Solution:

Disable this setting to restore the connection from subsequent refresh cycle. If the agent is running on a Windows server OS, the machine must contain the basic SSL crypt keys to contact the server. Follow these steps to add the basic SSL crypt keys to a Windows server OS machine:

• Open the 'Run' and run the command "gpedit.msc"
• Open 'Computer Configurations' in Local Group Policy Editor. Navigate to Administrative templates -> Network -> SSL Configuration Settings. Open the 'SSL Cipher Suite Order'.
• Select the 'Enabled' option and paste the below crypt key in the SSL Cipher Suites field:

TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA_P256,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA256_P256,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_ECDSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA_P256,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P384,TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA256_P256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA256,TLS_DHE_DSS_WITH_AES_256_CBC_SHA,TLS_DHE_DSS_WITH_AES_128_CBC_SHA256,TLS_DHE_DSS_WITH_AES_128_CBC_SHA,TLS_RSA_WITH_AES_256_CBC_SHA256,TLS_RSA_WITH_AES_256_CBC_SHA,TLS_RSA_WITH_AES_128_CBC_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA

• Restart the machine to apply the setting.

---

 

Agent status error

Problem:

Agent status changes from Live to Down.

Reason:

This happens due to failure of TCP connection. The maximum time limit will be 10 minutes. Agent should establish connection within ten minutes.

Solution:

Check the idle TCP connection in your network.
If the Endpoint Central is hosted on an Azure or AWS instance, follow the below mentioned steps to set your TCP connection settings:

• Login to your Azure/AWS instance and select the machine in which you want to configure Endpoint Central Server
• Navigate to properties, select "PUBLIC IP ADDRESS/DNS NAME LABEL."
• Now, modify the TCP timeout duration.

 

Other KB articles

24/5 Support

Agent Installation Configurations Inventory Management Patch Management Software Distribution Service Pack Installation Desktop Sharing Active Directory Reports User Logon Reports Endpoint Central SP Upgrade Miscellaneous » More

Support will be available 24hrs a day and five days a week (Monday through Friday), excluding USA & India public holidays. Tel : +1-888-720-9500 Email : endpointcentral-support@manageengine.com Speak to us Join the Endpoint Central Community, to get instant answers for your queries, register with our Forum. Look out for the latest happenings in Desktop Management, follow our Tweets on Twitter. Get to know the latest updates and Best Practices in Desktop Management through our Blog.