Actifile agent fails to communicate with service – SSL errors

Problem Description #

Actifile agent’s install is successful. Agent starts but doesn’t show up in the installed devices list.

A look at the logs (C:\program files(x86)\Actifile Agent\Logs) shows this message repeating itself:

11:47:01 AM|main|Authenticate request …
11:47:02 AM|main|Warning: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
11:47:02 AM|main|Exception occured: Exception: Switching to offline mode failed. Can't login offline. Maybe Agent never logged online on this device
at AFAgentEngine.Helpers.UserHelper.AuthenticateOffline(String username, String password, String agentKey, Boolean useAgentkey, String deviceName, String macAddress)
at AFAgentEngine.AgentEngine.InternalStart(Boolean first)
11:47:02 AM|main|Processing stop …

This indicates that the SSL traffic was intercepted by an SSL deep packet inspection tool which resulted in the Agent refusing to work with a suspected MITM (man-in-the-middle) transport hijack.

Here is an example of one such implementation/configuration from SonicWall:

Resolution #

The Actifile agent’s traffic must be excluded from the SSL-DPI tool. As an example, following is an example of the procedure for SonicWall’s firewall devices:

Powered by BetterDocs