Symptoms
The EdgeSight Server has been configured to use SSL and the agent has been installed without enabling SSL encryption. The agent is unable to send its payload to the server.
Background
Citrix EdgeSight Monitoring Agent uses Port 80 or Port 443 “SSL Encryption” to upload the payload to the EdgeSight Server. Each component must be configured to use the same port.
NOTE: You must use an SSL certificate from a recognized Certificate Authority (CA) to allow proper software operation. A Commercial Root CA SSL Cert provides a “Trusted” hierarchy that Internet Information Services (IIS) can trace back and verify. This is not the case all the time with an internal CA (one can install their own Internal Root CA). Test SSL certificates generated by Microsoft Certificate Server or other non-root certificate authorities do not allow remote pages to be displayed, or remote scripts to be run. Attempts to perform these actions result in an error message stating that the SSL certificate is not valid for the operation. IIS Certificate Services does not generate an SSL certificate that is from a Trusted authority.
Resolution
Enable SSL on the EdgeSight Monitoring Agent after installation.
Resolution 1:
1. Open the Control Panel and double-click Citrix System Monitoring Agent.
2. Select Use SSL encryption.
Resolution 2:
Caution! This fix requires you to edit the registry. Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.
1. Open the registry and navigate to the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\System Monitoring\Agent\EdgeSight\4.00\NetAccess
2. Change the ConnectionFlags REG_DWORD value to 1.
HTTP Port 80 = 0
HTTPS Port 443 = 1
More Information
CTX111924 – How to Configure EdgeSight to Use SSL with Microsoft Certificate Services
