ERROR Certificate invalid tryign to update UD Pocket from IGEL OS 11.03.500 via UMS 6.06.100

Hello – I am working with a client getting IGEL setup. They ordered some UD pockets. They come preinstalled with 11.03.500.01 on them. The UMS is version 6.06.100 (Build 48862) – when the devices check in, they show up magenta and go offline. We cannot deploy firmware to them to get them updated to 11.04.264 – we get ERROR Certificate invalid.

Learn more, read the entire thread inside the IGEL Community o Slack

Is this expected behavior with a jump from 11.03 to 11.04 or is this a UMS thing I can rectify?

Hello Brett, Magenta means “no valid licence” which is fine in general, but certificate invalid means to 90% that the device was already registered by another ums. Here is how to check which:

What IP stands under:

System, Remote Management? when right clicking the device and edit configuration?

If the device sees the new UMS, and works after a factory reset, I suspect the certificate.

On a local terminal:

journalctl -f | grep igelrm_agent

and send a new config. What does the logs tell?

Last thing, even if not in the main focus, do the devices have a NTP Server set?

and by the way preinstalled with 11.03.500 seems to be really old – current delivery is with 11.04.240

Hmm…these were just received a couple weeks ago… recent order.

@member – there is just the one UMS. It shows as the same IP in the edit configuration section you mentioned. I can’t factory reset from UMS. Due to cert errors, I cannot send any command to endpoint from UMS.

And you got these devices directly from us (IGEL) or from a distributor?

Could you check if a NTP Server is set on the endpoint and how the time is set (no bigger offsets)?

Are they any kind of Firewall between UMS and endpoint which might intercept SSL Traffic?

you get sure, that the time on the udpocket is the same like on the UMS (timezone / time set)?

@member – these came from Ingram Micro

I will look into the time issue – I am setting NTP with a profile, but it isn’t getting to that point. Thanks for the suggestions!!

Side note – assuming that works…is there any way to automate the time sync? I am thinking even though it is only 100 devices, that is enough to make this a pretty convoluted process to provision these.

If you assigned the NTP Profile, it should the time automatically, at least on bootup.

In this case it turned out to be time related, as you suspected. BIOS time on endpoint was way off. Thanks for replies everyone!

Continue reading and comment on the thread ‘ERROR Certificate invalid tryign to update UD Pocket from IGEL OS 11.03.500 via UMS 6.06.100’.  Not a member? Join Here!

Learn more, search the IGEL Knowledge Base

Ask a question or comment on the above message thread?

Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.

Submit a question, or Join Today!

Popular Message Threads

Categories & Tags: