Getting error something like - Windows Update has not the latest updates. But Windows is updated in full. Any ideas?
Hi @ITsupporter
Thank you for sharing the Connectivity Checker results, which I can see error 12175 to some of our backend servers.
From version 22.1 onwards, the connectivity requirements have changed for the Elements Agent and Elements Connector. This release included a new check which contacts Certificate Revocation List (CRL) servers, related to the validity check of TLS certificates used.
Connectivity requirements changed: Please note that we do require connection to CRL URLs now. Please verify that connections to the following CRL URLs work:
ocsp.rootca1.amazontrust.com crl.sca1b.amazontrust.com ocsp.rootg2.amazontrust.com ocsp.sca1b.amazontrust.com crl3.digicert.com crl4.digicert.com ocsp.digicert.com
If you see that the client status is not updating in the portal, or profile changes are not applied to the client, please open HTTP connections to the CRL URLs.
This is mentioned in the Elements EPP for Computers and Elements EPP for Servers change logs:
https://community.f-secure.com/change-logs-business/kb/articles/9238-release-22-1-availability-starting-13-01-2022
To know more about CRL and OCSP refer to the links below:
https://www.thesslstore.com/blog/crl-explained-what-is-a-certificate-revocation-list/ https://www.digicert.com/kb/util/utility-test-ocsp-and-crl-access-from-a-server.htm
Okey… The customer has no firewall or proxy. Must be something else. It is a standard Windows 10, connected via a router, provided by the Internet provider. It is a standard private home villa.
Thank you for providing the screenshot of the connection result. It appears that the backend connections failed to establish. Our Elements Agent require communication with the WithSecure backend for certain installations.
Note: The domains mentioned above needs to be whitelisted to your firewall or proxy. In case your have enabled some proxy in your environment, the client reads it via discovery service and tries to connect to *.fsapi.com through it.
This is what I get running the ConnectionChecker:
It does not exists. It is a fresh install.
Hi @ITsupporter Thank you for sharing the screenshot, which translates to "The certificate for the download server could not be verified. This may be due to you using an outdated version of Windows. Update Windows and try installing the product again".
Do check that your certificates are latest.
Is this a fresh install or an upgrade of Elements Agent ? Can you check the registry for this string if it exist ?
[HKEY_LOCAL_MACHINE\SOFTWARE\F-Secure\Ultralight\updates\ulcore\1709915445]:
"error_code_install"=(REG_DWORD):14If the string does not exist, we suggest to submit a support case with WSDiag logs - https://www.withsecure.com/en/support/contact-support/email-support
Still the same
HI @ITsupporter
Thank you for reaching out the WithSecure Community,
It's difficult to pinpoint the exact root causes of the issue without checking the WSdiag logs. Could you please provide information on how many machines are affected due to the Windows Update? If it's just a single machine, as a starting point, you can check if the ACS dependencies are missing on the reported machine. You can refer to this article: https://community.withsecure.com/en/kb/articles/29714-changes-in-support-on-microsoft-windows-minimum-patch-level
If the above mentioned is not your scenario, here are a few steps you can try to resolve this issue:
services.msc
sfc /scannow
Before proceeding with these steps, ensure that all external peripherals are unplugged except for the mouse, keyboard, and LAN cable. Also, temporarily disable or uninstall any third-party antivirus programs as they can interfere with the update process.
If you’ve tried all these steps and the issue persists, it might be helpful to seek further assistance from WithSecure Support.
Best regards, Sethu Community Moderator | Technical Support Engineer WithSecure™ https://www.withsecure.com/en/home
