Meraki

Community

SM client install fails with "An error occurred while attempting to fine network"

Solved
MFuchs
Here to help
‎Nov 15 2021 6:02 AM
‎Nov 15 2021 6:02 AM

SM client install fails with "An error occurred while attempting to fine network"

Hi !

We set up a new Windows 2019 domain controller and wanted to install the SMAgent (3.1.1) on this machine.

Now the setup fails with the following error:

MFuchs_0-1636984741259.png

Network connectivity is give, nothing is filtered.

 

I wrote a packet trace and saw that the client connects to ios.meraki.com and presents a user-certificate from the local CA.

This causes an Encrytion Alert and terminates the session, thus resulting the SMClient noch to connect.

 

We discovered that windows authenticates with the certificate of the user.

So we logged on with a service user and installed the SMClient and entered the network id which now worked fine, BUT:

The client does not show up in the clients pane in the dashboard.

 

Does anyone have any idea on how to install the client correctly or how to get around this issue ?

Labels:
0 Kudos
1 Accepted Solution
MFuchs
Here to help
‎Nov 18 2021 3:47 AM
‎Nov 18 2021 3:47 AM

It turned out to the following issue:

 

when the user has a user-certificate, it is used by the meraki agent as the authentication against ios.meraki.com.

So the Agent fails when trying to find the network:

 

Transport Layer Security
TLSv1.2 Record Layer: Encrypted Alert

Using a windows user that does NOT have a user-cert (as a service user for the meraki agent) for installing and adding the agent to the network works as expected and after a short while (and when you have sufficient licenses left) the client appears in the dashboard after a short while.

View solution in original post

0 Kudos
5 Replies 5
GreenMan
Meraki Employee All-Star Meraki Employee All-Star
Meraki Employee All-Star
‎Nov 15 2021 7:50 AM
‎Nov 15 2021 7:50 AM

Devices enrolled into Systems Manager appear (for MDM purposes) primarily under Systems Manager > Monitor > Devices, within the relevant SM network in your Dashboard.   Your device would only appear under Network-wide > Clients if it's a Combined network and it is physically plugged into a Meraki switch managed in the same Network.   The latter functionality would essentially have no  relationhip to SM specifically.

In response to GreenMan
MFuchs
Here to help
‎Nov 15 2021 8:27 AM
‎Nov 15 2021 8:27 AM

Yes, you're right.that's what i meant.

But the devices / servers do NOT appear there...

as it they would not register...

0 Kudos
In response to MFuchs
BlakeRichardson
Kind of a big deal
Kind of a big deal
‎Nov 15 2021 11:57 AM
‎Nov 15 2021 11:57 AM

@MFuchs have you checked the windows firewall settings? 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
0 Kudos
MFuchs
Here to help
‎Nov 15 2021 12:24 PM
‎Nov 15 2021 12:24 PM

Windows Firewall is deactivated. 
mad unmentioned above I can see the traffic flow on the gateway firewall and also took a trace. 
i think it’s some kind of cert-auth-problem

or else … no traffic-flow Problem …

0 Kudos
MFuchs
Here to help
‎Nov 18 2021 3:47 AM
‎Nov 18 2021 3:47 AM

It turned out to the following issue:

 

when the user has a user-certificate, it is used by the meraki agent as the authentication against ios.meraki.com.

So the Agent fails when trying to find the network:

 

Transport Layer Security
TLSv1.2 Record Layer: Encrypted Alert

Using a windows user that does NOT have a user-cert (as a service user for the meraki agent) for installing and adding the agent to the network works as expected and after a short while (and when you have sufficient licenses left) the client appears in the dashboard after a short while.

0 Kudos
li.common.scroll-to.top
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.