SM client install fails with "An error occurred while attempting to fine network"

SOLVED
MFuchs
Here to help

SM client install fails with "An error occurred while attempting to fine network"

Hi !

We set up a new Windows 2019 domain controller and wanted to install the SMAgent (3.1.1) on this machine.

Now the setup fails with the following error:

MFuchs_0-1636984741259.png

Network connectivity is give, nothing is filtered.

 

I wrote a packet trace and saw that the client connects to ios.meraki.com and presents a user-certificate from the local CA.

This causes an Encrytion Alert and terminates the session, thus resulting the SMClient noch to connect.

 

We discovered that windows authenticates with the certificate of the user.

So we logged on with a service user and installed the SMClient and entered the network id which now worked fine, BUT:

The client does not show up in the clients pane in the dashboard.

 

Does anyone have any idea on how to install the client correctly or how to get around this issue ?

1 ACCEPTED SOLUTION
MFuchs
Here to help

It turned out to the following issue:

 

when the user has a user-certificate, it is used by the meraki agent as the authentication against ios.meraki.com.

So the Agent fails when trying to find the network:

 

Transport Layer Security
TLSv1.2 Record Layer: Encrypted Alert

Using a windows user that does NOT have a user-cert (as a service user for the meraki agent) for installing and adding the agent to the network works as expected and after a short while (and when you have sufficient licenses left) the client appears in the dashboard after a short while.

View solution in original post

5 REPLIES 5
GreenMan
Meraki Employee
Meraki Employee

Devices enrolled into Systems Manager appear (for MDM purposes) primarily under Systems Manager > Monitor > Devices, within the relevant SM network in your Dashboard.   Your device would only appear under Network-wide > Clients if it's a Combined network and it is physically plugged into a Meraki switch managed in the same Network.   The latter functionality would essentially have no  relationhip to SM specifically.

Yes, you're right.that's what i meant.

But the devices / servers do NOT appear there...

as it they would not register...

@MFuchs have you checked the windows firewall settings? 

MFuchs
Here to help

Windows Firewall is deactivated. 
mad unmentioned above I can see the traffic flow on the gateway firewall and also took a trace. 
i think it’s some kind of cert-auth-problem

or else … no traffic-flow Problem …

MFuchs
Here to help

It turned out to the following issue:

 

when the user has a user-certificate, it is used by the meraki agent as the authentication against ios.meraki.com.

So the Agent fails when trying to find the network:

 

Transport Layer Security
TLSv1.2 Record Layer: Encrypted Alert

Using a windows user that does NOT have a user-cert (as a service user for the meraki agent) for installing and adding the agent to the network works as expected and after a short while (and when you have sufficient licenses left) the client appears in the dashboard after a short while.

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels