Hi,
I just upgraded my first test device to OS 12 (UD3 LX 60) via USB install.
When I try to join it to UMS via ICG (both version 12) I get an error message “could not manage your device because of an internal error #37” (see screenshot)
OS 11 worked fine on the device.
Any Ideas ? 😄
Cheers
Michael
Hi! Are you using Universal Management Suite 12?
If so which IGEL Cloud Gateway version?
Could you test this instead? kb.igel.com/howtocosmos/en/onboarding-igel-os-12-devices-77865898.html kb.igel.com/howtocosmos/en/onboarding-igel-os-12-devices-77865898.html
ICG: 12.01.100
UMS: 12.01.110
The KB article behind the link is more or less what I tried to do 😄 “Alternative Onboarding Method: Registering Devices with the UMS Using the One-Time Password”
Basically how it was done with OS 11
Are you entering the Universal Management Suite or IGEL Cloud Gateway address?
ICG address. Until the upgrade from 11 to 12 it was registered via ICG to the UMS and worked fine.
Did you delete the device from UMS, Recycle Bin ?
Do I have to? I reinstalled my test devices countless times and never did. 😄
But I gimme a sec.. I will try.
Nope, Same error (kicked the device from “devices tree” and from the recycle bin)
Here is COSMOS FAQ
igel-community.github.io/IGEL-Docs-v02/Docs/HOWTO-COSMOS/
See this item
You may have to create a new endpoint web certificate that has all the IP addresses, Fully Qualified Domain Names, and short names that the device can connect to. Steps:
• Start `UMS Console`
• Open `UMS Administration`
• Select `Global Configuration` > `Certificate Management` > `Web`
• Add new endpoint web certificate with all the IP addresses, fully qualified domain names (FQDN), and short names that the device can connect to
NOTE: `Web Certificates`
• The web certificate is used for the web server port (Default port: 8443)
• This port is used for transferring files to the device, all WebDav actions, interserver communication, the IMI, and the `UMS Web App`.
37 means that either A the certificate doesn’t have the UMS Name, FQDN, or IP (depending on how it’s connecting) or that it cannot reach UMS and it thinks it is disconnected.
I would recommend rebooting UMS and ICG and validating that it shows connected. Then check your certs and make sure all the names look correct.
Hi! Before I reinstalled my test client with OS12 it was running OS11 and it was connected via the very same ICG and working fine 😄
ICG shows “connected” and I created a new cert that has got the FQDN of my ICG, my UMS and the external and internal IP address included -> Same Errror.
I will check with one of my other test clients…
Just to be sure, you deleted the OS 11 device out of UMS completely and emptied the recycle bin right?
Here is a note on removing …
igel-community.github.io/IGEL-Docs-v02/Docs/HOWTO-Remove-IGEL-Device-License/
OK, so I fired up ye olde test laptop (OS 11.08.236) and it instantaneously connected to the ICG. Reset it to factory defaults, made sure that it wasn’t in recycle bin anymore, rebooted it and connected it back to UMS via ICG agent setup wizard.
Can we agree that ICG+UMS are not the issue? 😅
I would open a ticket with IGEL support since you have confirmed all that I can think of…
All my things to do looks like you have done:
• NTP time service is running on all devices
• The UMS Web Cert has the FQDN, names, and IPs
hm. ok, will do 🙂
But thanks a lot anyways !!
The fix for error #37 for me was removing the ICG certificate even though it had correct name, FQDN, and IPs. Found out you have to delete the icg cert previously created in OS 11 and generate a new one in OS 12 (I wish the KB article would tell you this). You’ll need to generate new first time authentications since the finger prints will change after new ICG root certificate is generated.
On to the next issue which is our remote OS 11 endpoints were not successful at receiving new the ICG root certificate :rolling_on_the_floor_laughing:
Odd…that wasn’t required for mine, but I was using a wildcard certificate
Support kept telling me that they didn’t have issues when standing up a new UMS with OS12 and ICG 12, but when they performed an upgrade from UMS 11 to UMS 12 and ICG 11 to ICG 12, they were able to reproduce the issue (error #37) but they couldn’t figure out why… after a week without a resolution and getting my support ticket escalated a couple of times, I thought I’d just generate a new ICG cert in UMS 12.
That’s odd though. Something must have been wrong with the chain, or the cipher?
At least I know I am not the only one with this issue 😄
Next time I am in office I will try to create a whole new cert for the ICG 😄
FYI, im having this EXACT issue, @member, will try your fix and report back. Been driving me BONKERS after upgrading 2.05 to 12 and OS11 works but OS12 does not.
here’s a journal log of the issue. i also know i have my CA, int and primary cert all working on the ICG 😄
@member using the SAME certificate (created a new chain) and pushed it to ICG, immediately allowed my ICG with 12 (upgraded from 2.05) to communicate with my OS12 device, no error.
@member and I just connected and looked at his. Apparently you simply have to remove the cert chain from UMS completely, reboot the ICG’s and then reconnect to them from UMS. Something must be getting lost in the update for some users.
@member, if you still have your old chain can you give that a try? If it fixes it can you update the case with that information?
@member I tried creating a new cert using the same root certificate yesterday and was able to update the keystore but ICG wouldn’t connect to UMS even after rebooting ICG. Today I did the exact thing, but this time I rebooted the UMS server instead, now ICG is connected to UMS. 😅 I’ll update the case with this information.
Hi! So finally my OS 12 Client is connected. Last time I replaced the UMS web cert and that didn’t help. Replacing the ICG web server cert and rebooting also did not help. In the end I had to create a new ICG root CA cert and from there create a new ICG web server cert.
As all my OS 11 devices worked fine before and the new cert has the same specs as the old one (SHA256, 4096) I guess there musst be a bug in OS12 ?
@member Have updated link for ICG
igel-community.github.io/IGEL-Docs-v02/Docs/HOWTO-COSMOS/#faq-icg-12
“A: Remove the cert chain from UMS completely, reboot the ICG’s and then reconnect to them from UMS. Generate a new ICG certificate in UMS 12.”
IMHO this is a little bit misleading. If this is not a test lab you would have to create a new ICG root CA, reboot all the connected OS 11 devices (to make sure they know the new CA) then create a new ICG web server cert, and then assign it to the icg (that hopefully tells you that all devices are ready to connect to the new cert)
If you delete the old cert right away you would disconnect all the existing clients, wouln’t you? :thinking_face:
Q: I upgraded my UMS and ICG to 12 and I am now getting `Could not manage your device because of an internal error (#37)` when trying to connect OS 12 devices. What are the steps to fix this item?
A: Remove the cert chain from UMS completely, reboot the ICG’s and then reconnect to them from UMS. ~Generate a new ICG certificate in UMS 12~.
kb.igel.com/igelicg-2.05/en/renewing-a-signed-certificate-for-the-icg-57324428.html
Continue reading and comment on the thread ‘I get an error message “could not manage your device because of an internal error #37”’. Not a member? Join Here!
Learn more, search the IGEL Knowledge Base
Ask a question or comment on the above message thread?
Join or log in to the IGEL Community to ask us anything and meet other IGEL customers, partners, and EUC enthusiasts.Submit a question, or Join Today!