browse
Overview
You notice that the Umbrella Connector service is displaying an error status on the Dashboard and when looking in the logs you see these errors:
1/30/2014 8:39:44 PM: Failed to sync! Response: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel.
Note:
The connector logs are located here:
C:\Program Files (x86)\OpenDNS Connector\v1.x.x\OpenDNSAuditClient.log
Explanation
This error is related to network connectivity, either a firewall blocking the traffic, or another packet inspection system that may require an exception putting in place to exempt the traffic from the connector. Below is an overview of the likely destinations that will need to be opened up:
1 - The API
This is the main destination which the connector communicates with and is used for registration during installation, as well as health checks and updates.
2 - OCSP (Online Certificate Status Protocol) validation
Make sure port 443 TCP is opened and if you have specific rules allowing/denying access by IP addresses that all addresses related to ocsp.digicert.com are opened as well.
Port 80/TCP
- ocsp.digicert.com
- crl4.digicert.com
- crl3.digicert.com
TLS and .NET
See https://support.umbrella.com/hc/en-us/articles/115005871543-Requirements-for-forcing-TLS-1-2-on-the-Connector-and-Roaming-Client for more information on .NET and TLS failing. Messages may include "an unexpected error occurred on a receive".
Further information
Full details of all required destinations as well as an explanation of what they are required for can be found here:
https://docs.umbrella.com/product/umbrella/appx-a-communication-flow-and-troubleshooting/