000039476 - Config Service Not Reachable during RSA Vendor Portal Installation in Archer

Document created by RSA Customer Support Employee on Dec 11, 2020
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000039476
Applies ToProduct Set: Archer
IssueDuring the installation and after verifying that all pre-requisites are set and installed appropriately, you are still seeing this error:

User-added image
Config service not reachable. Please verify service url and the certificate.
CauseInitially you may believe that the issue is with the RSA Configuration Certificate but this is not the case. The cause may be due to another CA issued certificate that exists in the Trusted Root Store. This cert can also exist in the Intermediate root store. The reason that this cert is in both locations is because the issued to and issued by are different. However this causes a problem for the Vendor Portal installation. 
ResolutionOn the server that you are attempting the installation on, run the following command in powershell. 
This command will export an output file at the location on the end of the command. You may update this to export the output file to a different location.

 Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Format-List * | Out-File “c:\computer_filtered.txt"

Verify that the output file is not empty and look for the thumbprint of the certificate near the bottom area of the file.

Next, Open up the certificate store and go to the trusted root store. 

To narrow it down, locate certificates that have a different "issued by" and "issued to" 

Next, verify that the thumbprint matches what the output file has.

Then go to the immediate root certificate store. Then verify if the certificate exists there as well.
  • If the certificate DOES exist in the intermediate certificate root store, validate that the thumbprint matches the certificate that is in the trusted root store. 
  • If it does match, you can safely delete the certificate that is in the Trusted Root store.
  • If the certificate DOES NOT exist in the intermediate certificate store, Copy the certificate from the Trusted Root and paste/move it to the intermediate certificate store.

Once one of the above is performed, re-run the command above and verify that the newly exported output file is blank. If it is blank, you are safe to re-run the installer and you should be able to get beyond the point where the error message appeared.

Attachments

    Outcomes