Skip to main content
Start a Conversation

Unsolved

Closed

C

calupat

8 Posts

154

28-07-2023 03:00 AM

Permanently remove the CA Validation hook

Hi,

 

Is it possible to permanently remove the CA Validation hook? When newly found Wyse 3040 ThinClients check in at the WMS and I confirm the registration, I cannot make any changes afterwards because the CA Validation checkmark is set again and thus no connection to the WMS server can be established anymore. At the moment we do not use a certificate for the connection. I then have to ask the individual user to remove the check mark so that the firmware updates can run.

 

Regards,

calupat

buffalobound

1 Rookie

 • 

656 Posts

28-07-2023 07:00 AM

If CA Validation is being turned on by default and you do not desire it, then there is a misconfiguration. 

  • Check your DNS/DHCP Settings that hand out settings to thin clients and make sure CA Validation is set to FALSE
  • Check your WMS  policy settings to make sure it isnt being forced on (Send a screenshot of your settings

 

 

buffalobound_0-1690554930899.png

 

buffalobound_1-1690554959332.png

 

  •  

calupat

8 Posts

31-07-2023 03:00 AM

Hello,

thank you for your feedback.

I had unchecked the CA Validation checkbox in the global group settings from the beginning.

Unfortunately, however, it activates automatically on all ThinClients until the clients are fully enrolled by us in WMS.
I have now modified the wnos.ini file and added both the WMS server data and the deactivation of the CA validation. The disadvantage is that this only takes effect once the ThinClients are restarted. I have the hope that I can then add them to our management in WMS.

My only problem is the CA Validation check mark because that prevents all pushes from the WMS server and I have to contact the staff to uncheck it manually.

In the WMS documentation it says that you should create the DNS entry with the value Falsch (German for false). I am not sure if the value has to be "Falsch" or "false" or "False" for a German operating system.

Best regards

 

WMS-DNS-01.png

 

WMS-DNS-02.png

buffalobound

1 Rookie

 • 

656 Posts

31-07-2023 05:00 AM

  • If you are using DNS_SRV records (or DHCP Option tags) to provide the WMS Server, group tag, and CA Validation setting, then there is no need for a WNOS.ini file on a file server.  The legacy INI files are not used by ThinOS 9 at all, and in fact, they cannot read them.
  • The DNS_SRV record for CA_Validation would "False" in english.
  • By default the devices should read the DNS_SRV records provided by discovery and look to WMS
  • You Should NOT have the WMS section completed in your policy at all in WMS. That is only used to redirect the device to a different server or group if needed.  If you provide the WMS server info to the device using DNS_SRV record, that is all that is needed. once the device is registered to WMS, it will stay there.
    • your WMS Section should look like this all the way up the policy tree.  
    • Use the "reset policy" button in every policy up the tree, all the way to the default policy
    • buffalobound_0-1690805777124.png

       

  •  

View More

View More

Top