Recent Searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Client validation failed

            Modified on Wed, 10 May 2023 at 01:12 PM

            Effects in Ivanti:
            When selecting a device, ivanti tries to gather feedback e.g. if the device is online or remote control service is available. If this agent feedback is not showing up for an online device or if it takes up to 20 seconds to occur, you should follow the instructions described in this document.


            Effects in the five(9)s Console:
            When a device is selected, you might see "client validation failed" beside the online indicator.
            This validation ensures that the correct agent responds and if it is not successfull, some console actions like Custom Buttons are not allowed to be used.

            What causes this issue?
            Ivanti is increasing the security level for Endpoint Manager. To ensure only code from Ivanti can be executed through the agent on managed devices, all DLLs and executables inside the EPM Agent are digitally signed with a code signing certificate of DigiCert.

            In EPM 2020.1, the digital signature in the file, which is signed with a 3rd party code signing certificate became the “primary” validation, with .sig file as the backup. In 2021.1, the .sig files are gone and the digital signature is the only option to validate the files.

            When Ivanti EPM and five(9)s console access the client to validate the correct agent, the new certificate check will take place: 
            On a regular basis Windows (responsible for the OCSP flow) validates, if the EPM certificate was revoked for some reason. To do this, a DigiCert Certification Service (WEB PKI) will be contacted, which is hosted by the Akamai Content Delivery Network.

            In some scenarios (VPN, special Networks, Proxy Settings,...) this PKI infrastructure is not reachable.
            This might cause delays up to 20 sec in the certificate validation process.

            How to solve the issue:
            If your corporate firewall and/or access control devices are configured to allow only a certain set of IP addresses to be accessed from your network, you need to include the following IP addresses via https and http:

            DigiCert services new dedicated IP addresses:

            • 192.229.211.108 - same as before
            • 192.229.221.95 - updated
            • 152.195.38.76 - same as before
            • 192.16.49.85 - same as before


            Helpfull links:

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select atleast one of the reasons

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0