Technical Tip: Persistent Agent message stating names do not match
Description
This article describes an issue with Persistent Agent which is not able to scan or send messages to the end station. On the end station, the following message is displayed:
"Peer name "hostname1" doesn't match "hostname2"
Log example:
2025-01-27 11:51:23 UTC :: Wildcard Cert!
2025-01-27 11:51:23 UTC :: Checking Peer name fortinac.lab.local against Common or Subject-alternative-name entry testlab.com
2025-01-27 11:51:23 UTC :: Peer name "fortinac.lab.local" doesn't match "testlab.com" <-------------------------Name Does Not Match
2025-01-27 11:51:23 UTC :: Refusing to connect to trust_DISTRUSTED fortinac.lab.local|*.testlab.com|a0:da:d3:56:a5:64:98:51:66:2c:0a:04 <-------------------------Connection refused
2025-01-27 11:51:23 UTC :: Connection failed! 1
This message will appear when the agent is using a name to communicate with NAC (hostname2) that is not identical to the name on the SSL Certificate installed on NAC (hostname1). To view the name on the certificate installed for the Persistent Agent communication, navigate to System > Settings > Certificate Management in the Administration UI.
Scope
FortiNAC v 8.x.
Solution
Make the necessary changes so these names match:
- If the name associated with the SSL certificate is incorrect, a new certificate will need to be installed.
- If the name the agent is using is incorrect, update the applicable Persistent Agent settings. Refer to the related document below regarding Persistent Agent configuration.
Related article: