After attempting to deploy the QoE Agent to one of our internet facing servers (Windows 2008 R2) the agent deployment would never complete successfully.
Upon investigation with the Solarwinds support and development team it was discovered that the QoE agent needs to be able to Renegotiate the encrypted SSL session using clear text.
As mentioned the server in question is internet facing and is serving up secure websites and services for our remote workers and after a security audit it was highlighted that clients could renegotiate their SSL sessions insecurely.
So being a Windows Server the following registry entries were put in-place to prevent this and force all clients to renegotiate securely.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\SCHANNEL]
"EventLogging"=dword:00000001
"DisableRenegoOnServer"=dword:00000000
"DisableRenegoOnClient"=dword:00000001
"AllowInsecureRenegoClients"=dword:00000000
"AllowInsecureRenegoServers"=dword:00000000
Because of the above settings it means that the QoE agent does not work on this server. We appreciate that although the QoE Agent is communicating on our internal LAN and security may less of a concern, unfortunately Microsoft does not allow us to differentiate between internal and external traffic for the above registry settings.
I respectfully request that the development team at Solarwinds makes the change necessary so that either both or only secure renegotiation is supported.
(This was logged under: Case: 664461 - QoE Windows Agent Deployment Fails)
Thanks