How to troubleshoot errors related to Image creator?
The communication between the image creator component and the server may fail in the following scenarios. The step by step instructions to resolve this issue has been given under the respective titles.
Image Creator and Server Communication Failed
While creating an OS image
If you face this error while creating an image, that could be due to one of the following reasons.
- The target computer (imaging computer) and the central server are not connected.
- The antivirus configured has blocked the image creator component.
- The image creator component service has been stopped.
- The image creator process has been terminated.
The target computer (imaging computer) and the central server are not connected
At times, the central server or the computer from which you are trying to get the image might not be reachable. In such cases, ensure the following.
- Ensure that the target computer and the central server are connected to the network
Open Control Panel > Network and Internet > Network Sharing Center > View network computers and devices on both machines and verify connectivity. - From the target computer, run ping <server IP> from command prompt.
- Verify required ports on the server are not blocked. Know more on the ports required.
The antivirus configured has blocked the image creator component
Ensure the imageCreator.exe or ManageEngineOSDeployer Image Creator Service is not blocked by antivirus software on either computer.
The image creator component service has been stopped
Open services.msc on the imaging computer and restart ManageEngine Image Creator Service or ImageCreator.exe if it is stopped.
The image creator process has been terminated
Open taskmgr.exe and check for ImageCreator.exe. If absent, restart the service and retry imaging.
While deploying an OS image to a target computer
If you face this error while deploying an image, that could be due to one of the following reasons.
- The target computer (deployment computer) and the central server are not connected.
- The deployment process terminates abruptly.
The deployment machine and the central server are not connected
- Ensure that the deployment computer and the central server are connected to the network.
- From both computers, run ping <server IP> to confirm reachability.
- Verify that required ports are not blocked. Know more on the ports required.
Fix Security Channel Error in TLS Communication
During agent-server communication, you may encounter a "Security Channel Error" when the cipher suites supported by the agent do not match those supported by the server.
This issue can occur during:
- Deployment
- Media download
- Image creation processes
Cause
This communication failure occurs when there is no overlap between the TLS protocol versions and cipher suites supported by the agent machine and those configured on the server.
For a successful TLS handshake, both the agent and server must support at least:
- One common TLS protocol version
- One common cipher suite
- Compatible key exchange, hash, and encryption algorithms
If the server is configured to allow only modern cipher suites while the agent or WinPE environment supports only older suites, the TLS negotiation fails and results in a Security Channel Error.
During deployment, the issue is caused by the following
- Older WinPE environments
- Older ADK boot images
- Machines with outdated TLS settings
Resolution
- Use the Nartac IIS Crypto tool to identify the TLS protocols, cipher suites, hashes, and key exchange algorithms supported by the affected machine.
- Compare the configuration of the affected machine with the server machine and ensure that both systems have at least one common supported TLS version and cipher suite.
- It is recommended to apply the Best Practices configuration in IIS Crypto to enable modern and compatible TLS settings.
