encutilcmd server command returns timeout error
search cancel

encutilcmd server command returns timeout error


Article ID: 245748


Updated On:


CA Client Automation - IT Client Manager CA Client Automation


encutilcmd server
returns error
A timeout occured.
In TRC_CF_ENCUTILCMD_.log there are these lines :
encUtilCmd|CcnfAgentApi|CCcnfAgentApi.cpp|001804|DETAIL | GetParameterValueInt(itrm/common/enc/general, revocationpolicy, ..., NULL) successfully completed. Parameter value: 1
encUtilCmd|encauthent |win32sspi.cpp|002303|INFO   | EncCheckForRevocation. Remote Peer Certificate subject name = <x509cert://[TLS-SCHANNEL]/CN=name1,DC=broadcom,DC=com> serial number <11AABBE27026A241ED9A54544388E9F9A7>
encUtilCmd|encauthent |win32sspi.cpp|002312|NOTIFY | EncCheckForRevocation. Successfully created the non default chain engine
encUtilCmd|encauthent |win32sspi.cpp|002337|NOTIFY | EncCheckForRevocation. Certificate chain has been created successfully
encUtilCmd|encauthent |win32sspi.cpp|002363|NOTIFY | EncCheckForRevocation. Certificate Trust status 64, Last error 0
encUtilCmd|encAuditAPI|encAuditAPI  |000000|WARNING| CENCAuditAPI::log: ID IDS_REMOTE_PEER_CERT: not in config
encUtilCmd|encAuditAPI|encAuditAPI  |000000|ERROR  | ENC-TLS: Remote Peer Certificate
Subject: 'x509cert://[TLS-SCHANNEL]/CN=name1,DC=broadcom,DC=com'
Serial number: '11AABBE27026A241ED9A54544388E9F9A7'
Revocation Status: 'FAILED'
encUtilCmd|                |                    |000000|DETAIL | CENCAuditAPI::log: returned: 4010
encUtilCmd|                |                    |000000|DETAIL | EncAuditLog: returned: 4010
encUtilCmd|communicatorLib |communicatorLib     |000000|DETAIL | Timed out negotitating TLS encryption
encUtilCmd|communicatorLib |communicatorLib     |000000|ERROR  | CF1SocketCommunicator::DoConnect: Negotiation of encryption failed: error: 3007: ENC_TIMEOUT: A timeout occured


Client Automation - All Versions


This error could occur if parameter "Enable certificate revocation check" is set to True

DSM/Common Components/ENC Gateway/General/Enable certificate revocation check = True


1- Unseal the configuration policy and update it like this :
DSM/Common Components/ENC Gateway/General/Enable certificate revocation check = False
2- Seal the policy and wait it is applied on the machines
3- Check if problem is resolved.
If machine has problem to receive the configuration policy we could force it with this command :
ccnfcmda -cmd SetParameterValue -ps itrm/common/enc/general -pn revocationmode -v 0 -manager