Rapid Recovery agent deployment is failing with error "Failed to get metadata from '192.168.20.0' "

Hi,

      I have installed Rapid Recovery 6.1 trial version on "Windows Server 2016 (Datacenter edition)" operating system and trying to protect two test machines via RR 6.1 agent software.

Triggered agent deployment remotely via protect machine wizard and RR agent also deployed successfully on two test machines but still those machines are not visible on dashboard for further operations. I am getting below exception for both the machines:

Exception:
The Request was aborted: Could not create SSL/TLS secure channel
Call to servuce method 192.168.20.0:8006/.../summaryMetadata PUT failed.
Failed to get metadata from '192.168.20.0'.

I tried agent service restart on both machine, verified firewall status (make it to OFF as per other AA/RR core setups) and also run protect machine wizard again but still getting above exception.

I am not sure whether this issue is coming due to Windows Server 2016 OS or any other reason. I have one more RR 6.1 setup installed on Windows server 2012 R2 and it's working fine without any issues.

Can someone give any pointers to resolve this error?

 

Thanks and Regards,

Laxmikant

 

  • Hi Laxmikant:

    'The Request was aborted: Could not create SSL/TLS secure channel' is a generic error message caused by a certificate issue (duh!) so, lacking specifics, I will propose the following approach:

    1. Assuming that there may be a certificate key length issue, I would create the following registry key-value pair:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms\Diffie-Hellman]

    "ClientMinKeyBitLength"=dword:00000200

    Please note that the [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL\KeyExchangeAlgorithms] key is, by default, empty.

    2. Assuming that there is some nonconforming/bad certificate in the certificate store of any of your machines, it would create the following registry key:

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]

    "SendTrustedIssuerList"=dword:0

    This would ensure that only the RR certificates (and not the whole store content) are sent upon request to the core.

    3. Additionally, I would remove the RR certificates from the Trusted Root Certificates Authorities Store both on the Core and the Agents, restart the core/agent services so they are regenerated and attempt re-protecting the agents.

    I would attempt refreshing the core console after each step :)

    Please let us know if you were able to solve the issue as it may be encountered by other users as well.

    Hope that this helps.

  • Thanks Tudor. Will try suggested steps on RR core and share observations on this.

    But still I did not understand why this issue is not encountered with another Rapid Recovery 6.1 setup prepared on "Windows Server 2012 R2" OS?

    Do we need to have make any changes explicitly when we install RR 6.1 on "Windows server 2016"? Is it platform specific issue?

    Regards,
    Laxmikant
  • Some of us actually experienced this exact issue during our pre-release testing. It only occurred in some environments and was resolved by applying this Microsoft cumulative update to our 2016 servers - support.microsoft.com/.../3194798. Please verify you have this cumulative update installed. If not, please install it and test again.
  • Just to update, tried below things:

    1. created new key value pair "Diffie-Hellman" as below,

    ClientMinKeyBitLength and DWORD 32 bit value data as "200" with Hexadecimal base.

    2. Restarted and refreshed Core services

    3. We have checked RR certificates in Trusted Root Certificates Authorities but did not find anything in store.

    Additionally, we have checked the RR 6.1 setup which is created on "Windows server 2012" also does not have above listed key value pair and no RR certificates in Trusted root certificate but still agent deployment and backups running without any issues.

    I am suspecting problem is coming when we install Rapid recovery 6.1 on "Windows Server 2016" due to compatibility but not sure at this stage.

    Please help us to resolve this issue.

    Regards,
    Laxmikant
  • Sure Tim. Will check and apply cumulative updates on Core machine.

    Regards,
    Laxmikant
  • Thanks a lot Tim !!! Applying suggested Microsoft cumulative updates on Windows 2016 worked in my case.

    Regards,
    Laxmikant