Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Problem: If an agent is experiencing a timeout issue. then the following steps should be done on the client’s machine for troubleshooting.

Steps:

Step 1 - Confirm the service is running?

Step 2 - Is the port open for communication to the Greenstone secure gateway?

  • Validate with your IT team if the port (8080) is open for the agent to communicate with the internet. If it is not open, please ask to add a rule to open the port through the firewall.

Step 3 - Is the application whitelisted?

Step 4 - Security applications within your network or firewall

  • Check if a security application is running on the agent machine and turn it off and test connectivity.

  • Review if your company has installed a security application like Windows Defender that can refuse the communication. If that is the case, please turn it off and try again.

  • If the situation continues now check your company's firewall security devices to ensure the traffic is identified and available.

Step 5 - Is Agent behind a load balancer

  • Is the agent behind a load balancer? If that's the case, Ask the IT to configure a sticky session in the load balancer of the agent and try again.

Step 6 - Verify if there is a Proxy used on the agent server

If you do use a proxy, it should be able to access this URL : Mygrower.culturatech.com as a proxy on agent server. Make sure it is a valid URL.

Step 9 - Verify that zero network configurations have changed on agent server

Check if new server patch has been installed or network configuration has changed like DNS or authentication changes or even patches have changed on client server.

The last April 9, 2024, the patch KB5036896 was released by Microsoft. My recommendation is to be careful to install this Windows Update on Agent machines since it is causing potential connectivity issues when establishing a valid session between the Gateway and Agent machines. The KB5036896 is affecting badly NTLM authentication especially when Kerberos is not available in the target machine, and consequently, the connectivity is being interrupted at some point between Agent and Gateway generating unexpected behavior or server unavailable issues. Besides that, this patch is also affecting DC (Domain Controllers) and VPN connections. 

 

If you notice interruptions in the connectivity, please check if the KB5036896 is installed in the Agent machine, and if so, please uninstall it and reboot the machine to get rid of issues caused by the patch. Don't install it until Microsoft released a patch that fixes the issues mentioned above.

 

A list of other possible patches causing issues per Windows editions here:

 

  • Windows Server 2022 (KB5036909)

  • Windows Server 2019 (KB5036896)

  • Windows Server 2016 (KB5036899)

  • Windows Server 2012 R2 (KB5036960)

  • Windows Server 2012 (KB5036969)

  • Windows Server 2008 R2 (KB5036967)

  • Windows Server 2008 (KB5036932)

 

For more information about known issues related to this patch, please visit the following links:

 

https://support.microsoft.com/en-us/topic/april-9-2024-kb5036896-os-build-17763-5696-efb580f1-2ce4-4695-b76c-d2068a00fb92

https://www.windowslatest.com/2024/05/05/microsoft-confirms-kb5036909-issues-in-windows-server-with-ntlm-traffic-lsass/