Error in server communication (280,226) : (0x00002ee2) => The operation timed out

lammertsm

Some of our Agents having issues communication with Secteer.

White listed in the Firewall/Proxy configuration.
The addresses for Amazon trust services:

ocsp.sca1b.amazontrust.com
crt.sca1b.amazontrust.com
and to SecTeer: https://*.vulndetect.com/

In de LOG file we see;
[2023-01-16 15:05:20.849+0060] Launching SecTeer Agent
[2023-01-16 15:05:20.854+0060] Agent main loop starting
[2023-01-16 15:05:20.855+0060] Initial configuration:
version:: 2.4.2.0
authToken : 3f9b3d5b-d0b2-xxxx-xxxx-xxxxxxxxxxxx
server : agent.vulndetect.com
guid::
verbosity:: info
processTimeout:: 600 seconds
checkInInterval:: 60 seconds
checkInRetryDelay:: 20 seconds
maxCheckInRetryCount:: 2
dataRetryDelay:: 900 seconds
inspectionWindow:: 21600 seconds
timezoneOffset : +60 minutes
currentTime:: 2023-01-16 16:05:20 (local time)
checkInNow:: false
[2023-01-16 15:05:20.855+0060] Checking in with server
[2023-01-16 15:05:20.855+0060] Waiting 34 seconds before first check-in
[2023-01-16 15:05:54.869+0060] Found computer name = 'SERVER01'
[2023-01-16 15:08:01.601+0060] Error in server communication (280,226) : (0x00002ee2) => The operation timed out
[2023-01-16 15:08:01.603+0060] Failed to check in with server:

Any ideas?

Tom

@lammertsm

Hi,

It appears that we have some outdated documentation, it will be fixed within a day or two. The OCSP / CRT hosts should be:

• r3.o.lencr.org
• r3.i.lencr.org

However, this is most likely not the cause of the issue that you have.

I can see that the host got registered with the system. This means that the installer managed to contact the backend and get the authToken, that you see in the logfile.

Since the installer is invoked interactively by the logged in user, it uses the same network / proxy settings as the user that is logged in, when it invokes the Agent to register for a authToken.

While the Agent runs as the SYSTEM user, after it is installed.

In some environments, there is restrictions on what the SYSTEM user can do on the network and whether it has access to a proxy.

I suspect that is what you are seeing here.

Since I don't know anything about your system configuration, it is hard to advise on the proper cause of action to allow the Agent network access.

lammertsm

@Tom

Thanks for your answer and pointing to a direction to investigate and possible solution.

Also we will update the whitelisted servers in our Proxy server.

Kind regards,

lammertsm

@Tom

Proxy settings are missing for SYSTEM.

Solved by set up the proxy for Local System account.
Download PsExec.exe.

Start a command shell (cmd.exe) with administrator privileges.

PsExec -i -s cmd.exe
This will open a new cmd.exe that is running under Local System authority. You may check this by executing "whoami" command into that new command shell which will return "nt authority\system"

Open the Internet Options with this command:

inetcpl.cpl
Go to “Connections” tab, click on “LAN settings”, and set up the “Proxy server” section with the relevant proxy address and port number.

(optional) If you need to Bypass proxy server for local addresses, tick the relevant checkbox.

(optional) If you need to specify exclusions, click “Advanced” and set up the “Exceptions” section accordingly, and click “OK”.

Click “OK”, and exit all open command shells.

Secteer agent is now communicating with the Secteer backend!

Tom

@lammertsm

I'm happy you found a solution.

And thank you very much for the detailed explanation, I'm certain other customers can benefit from this.