BigFix Remote Control Server

Hi I am receiving error when trying to start a new broker session “Unable to connect The Certificate from the pee cannot be trusted with the configured trust list”

Also noticed unable to use the LDAP over SSL that is my LDAP config is set to ldaps://domain.com.au:636 and fails whereas the alternate being ldap://domain.com.au allow access.

I have imported new certificate from CA ,updated key pairs, update SSL.XML , ldap.properties.

Anything else I am missing ?? Cant et it working and very frustrating

Also does this mean while its down that user workstation off the network are unable to receive any Bigfix Deployment task/fixlets/update etc ?

Hi toros72,

Did you import the Broker certificate on the RC server trusted store ?

This is how you can extract the Broker certificate:

https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/rcbexportcert.html?hl=adding%2Ccertificate%2Ctrust%2Cstore

This is how you can import it to the RC server:

https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/rcbaddcert.html?hl=adding%2Ccertificate%2Ctrust%2Cstore

About the LDAP problem if you already followed this guide you are ok from the configuration point of view:

https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/t_configure_secure_ldap.html?hl=ldaps

Do you see your groups and users listed in the RC server (Users -> All Users and User Groups -> All User Groups ?) If no the synchronization failed or hasn’t been enabled yet. Take a look at this guide:

https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/rcadm_LDAP_synch.html?hl=enable%2Cldap%2Csynch

What about the RC server log ? Does it report something useful about LDAP ?

https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/rcadmserverlogfiles.html?hl=server%2Clog

If the server is a global catalog you can try to use port 3269 and see if it makes any difference.

Thanks for info I am getting closer and AD Authentication is now working and can populate groups and users. However when I enable SSL as per this link it does not work https://help.hcltechsw.com/bigfix/9.2/lifecycle/Remote_Control/RC_Admin_Guide/rcadmadssl.html

So without is without AD Auth over SSL I cannot establish secure session?
The error message now is " Error retrieving the list of trusted certificates for broker connections"

I have added and imported certificates as per articles and also received support from vendor HCL - now awaiting Level 3 support so hope they can resolve ASAP

Hi Toros72,

The error that you are getting has nothing to do with LDAP. Usually the error “Error retrieving the list of trusted certificates for Broker connections” means that the Controller failed to connect to the either the server or the broker depending on how you opened it (either from the RC server web page or the Lite Web Portal). It might be related to the CN in the server or broker that doesn’t match the hostname used to establish a session. If you enable the Controller logs you will get much more details on the failure:

https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/rcadmcontrlogfiles.html?hl=controller%2Clog

You don’t need to use a specific keystore for LDAP.
Try to put a # in front of these three lines and save the file:

ldap.security_protocol
ldap.ssl_keyStore
ldap.ssl_keyStorePassword

Then follow this guide to import the certificate to the default keystore:

https://help.hcltechsw.com/bigfix/10.0/lifecycle/Lifecycle/Remote_Control/RC_Admin_Guide/t_configure_secure_ldap.html?hl=ldaps

This worked for me.