Text only | Text with Images

NetXMS Support Forum

English Support => General Support => Topic started by: Manuel Schneider on March 09, 2026, 07:11:08 PM

Title: NetXMS Windows-Agent-to-Server Connection broken after Upgrade from 5.2.7 to 6
Post by: Manuel Schneider on March 09, 2026, 07:11:08 PM
Hi all,

I've encountered a strange issue after upgrading from 5.2.7 (if I'm not mistaken) to version 6.

All my Windows-Agent-Proxy-Nodes cannot connect anymore - the tunnel just comes up as unbound and I cannot bind the tunnel to the Node, I cannot bind the tunnel to a new node either.

Is there currently any known issue for windows with the tunnels?

Code Select
Mar 09 18:01:27 netxms.domain.tld netxmsd[6645]: [crypto.cert        ] IssueCertificate: new certificate request (CN override: 2913bfd4-6a5c-4ab5-abaa-17354a97cdab, OU override: f0acdbf0-7240-4699-9ed2-f50e7e5a3ef4)
Mar 09 18:01:27 netxms.domain.tld  netxmsd[6645]: [crypto.cert        ] IssueCertificate: certificate request verification failed
Mar 09 18:01:27 netxms.domain.tld  netxmsd[6645]: [agent.tunnel.11    ] Cannot issue certificate
Mar 09 18:01:27 netxms.domain.tld  netxmsd[6645]: [agent.tunnel.11    ] Certificate cannot be issued: agent error 923 (Encryption error)

Code Select
ServerConnection = netxms.domain.tld
TrustedRootCertificate = C:\NetXMS\NetXMS-CA.crt
VerifyServerCertificate = yes
ZoneUIN = 4711
MasterServers = netxms.domain.tld
ConfigIncludeDir = C:\NetXMS\etc\nxagentd.conf.d
LogFile = {syslog}
FileStore = C:\NetXMS\var
SubAgent = winperf.nsm

EnableProxy = yes
EnableModbusProxy = yes
EnableSNMPProxy = yes
EnableSNMPTrapProxy = yes
EnableSyslogProxy = yes
EnableTCPProxy = yes
EnableWebServiceProxy = yes
SubAgent = ping.nsm

Any help is highly appreciated 😅

Thanks and best wishes,
Manuel
Title: Re: NetXMS Windows-Agent-to-Server Connection broken after Upgrade from 5.2.7 to 6
Post by: Alex Kirhenshtein on March 09, 2026, 07:57:16 PM
That's rather interesting -- there are no similar reports.

Are you on 6.0.4? If not -- please give it a try. If it will not help -- temporary rollback to 5.2.8.

In 6.x we upgraded OpenSSL to mitigate CVE (we are not affected by it, but version scanners still getting triggered), and it might break something.
Title: Re: NetXMS Windows-Agent-to-Server Connection broken after Upgrade from 5.2.7 to 6
Post by: Manuel Schneider on March 10, 2026, 09:31:39 AM
Jep - After seeing, that there was a problem, I've updated two of those Windows-Agents (the one from my deep-dive into Logs is one of them) to 6.0.4, but still doesn't work...
Title: Re: NetXMS Windows-Agent-to-Server Connection broken after Upgrade from 5.2.7 to 6
Post by: Filipp Sudanov on March 10, 2026, 04:16:36 PM
You can add this to agent config for additional debug:

EnableSSLTrace = yes
DebugTags = ssl:8
DebugTags = tunnel:8

Does roll-back to 5.2.8 help (agent protocol is backward and forward compatible, so you can use older agent with newer server).
Text only | Text with Images