Manual Key Exchange Relay Setting Issue

Usage and Config Platform
1

Hi,

I have followed the steps in the below article but do not see the _BESRelay_Comm_KeyExchangePassword setting on the relay but it’s in the registry. Is this expected behavior? I was able to successfully change it as seen below.

image

image

image
image801×262 33.5 KB

I’m not sure why the client is not able to authenticate against our DMZ relay when trying to do a secure registration as it’s getting a 403 forbidden error. We do have the _BESClient_SecureRegistration client setting with the same password set on the client.

2

Am I missing any other setting for secure registration? We were able to get the client to register manually by running the command BESClient -register [http://relay:52311] on the client.

3

Does the log on the client include the text “Attempting secure registration” ? Can you paste a log snippet of the attempt and failure message here (removing hostnames and IP addresses)? Otherwise please open a Support Incident so they can analyze the logs.

You don’t appear to be missing the settings though. Did you restart the Relay service after setting the password on the Relay side?

4

Yes, we did restart the relay service. We were able to manually register the client via the command BESClient -register [http://relay:52311] on the client. Just not sure why it doesn’t work the way it is outlined in the article.

RegisterOnce: Attempting secure registration with 'https://[relayremoved]:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=10.0.7.52&Body=0&SequenceNumber=5&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://[rootremoved]%3a52311&[bunch of stuff removed]
Response: Error

403 – Forbidden


RegisterOnce: GetURL failed - HTTP 403 Error (Forbidden) - ‘http://[relay]:52311/cgi-bin/bfenterprise/clientregister.exe?RequestType=RegisterMe60&ClientVersion=10.0.7.52&Body=0&SequenceNumber=5&MinRelayVersion=7.1.1.0&CanHandleMVPings=1&Root=http://[root]%3a52311c72%2f64_0’ http failure code 403 - registration url - http://[relay]:52311/cgi-bin/bfenterprise/clientregister.exe?
5

It should work as described in the article, I’ve helped set this up with a number of customers.

The password you’re using - does it have special characters the client might interpret as a relevance subsitution? Specifically { or % ?
Any spaces in the value that might confuse the command-line interpreter?

6

There is an “!!” in the password as the only special character.

7

Hm. That shouldn’t confuse anything. I think you’ll need a support ticket where they can walk you through some debug logging on the client.

8

ok, will do. Thanks.