Overview 💥
Inspectors running on Self-Managed Agents may occasionally fail with the error:
“Failed to send payload during inspection”
This error can occur even after Inspector-specific troubleshooting has been completed successfully. In most confirmed cases, the root cause is a system time mismatch between the Self-Managed Agent host machine and the Liongard platform.
Because Self-Managed Agents rely on time-sensitive authentication, any significant clock skew can cause secure requests to be rejected.
Symptoms 🤒
You may observe one or more of the following:
Inspector fails with “Failed to send payload”
Inspection does not progress past execution
No credential or connectivity errors are shown
Issue persists across multiple inspection runs
On-Demand Inspectors for the same environment work normally
‼️ This issue only affects Self-Managed Agents. On-Demand Agents are not impacted.
Why Does This Happen? 🤔
Self-Managed Agents authenticate requests to Liongard’s platform using time-based request signing.
If the system clock on the Agent host differs from Liongard’s platform time (UTC) by more than 15 minutes (900,000 milliseconds), the platform rejects the request for security reasons.
This results in a 403 authentication failure, surfaced in the Inspector UI as Failed to send payload.
Key Technical Details 🙌
Item | Value |
Max allowed clock skew | 15 minutes (900,000 ms) |
Authentication type | Time-sensitive signed requests |
Affected agent type | Self-Managed Agent only |
Common cause | NTP misconfiguration, paused time sync, VM drift |
Steps to Resolve 👨💻
1️⃣ Initial Troubleshooting (Always Start Here)
Before reviewing logs, perform these baseline steps:
➡ Run Inspector in Debug + Clear Cache Mode
Navigate to the affected Inspector
Select Run → Debug + Clear Cache
➡ Restart the Liongard Agent Service
Open Services.msc on the Agent host
Locate Liongard Agent
Right-click → Restart
➡ Reinstall the Agent (If Needed)
Uninstall the existing agent
Download the latest agent installer
Reinstall and re-register the agent
✅ If the issue persists after these steps, continue to log verification.
2️⃣ Confirm Time Skew via Agent Logs
On the Agent host machine, navigate to:
C:\Program Files (x86)\Liongard\LiongardInc\logs
Open the most recent error.log file and search for entries similar to the example below.
Sample Error Message
{ "$fault": "client", "$metadata": { "httpStatusCode": 403 }, "Code": "RequestTimeTooSkewed", "MaxAllowedSkewMilliseconds": "900000", "RequestTime": "20250411T132358Z", "ServerTime": "2025-04-11T14:23:59Z", "level": "error", "message": "The difference between the request time and the current time is too large.", "name": "RequestTimeTooSkewed", "stack": "RequestTimeTooSkewed: The difference between the request time and the current time is too large." }🛑 This confirms a system time mismatch between the Agent and the Liongard platform.
3️⃣ Correct System Time on the Agent Host
➡ Option 1: Command Line Time Sync (Recommended)
Open Command Prompt as Administrator and run:
w32tm /resync
If the command fails, restart the Windows Time service:
net stop w32time
net start w32time
w32tm /resync
➡ Option 2: Windows Settings Time Sync
Go to Settings → Time & Language → Date & Time
Enable Set time automatically
Click Sync now
🔒 Ensure the system can reach a valid NTP source (e.g., time.windows.com).
4️⃣ Rerun the Inspector
Once system time is corrected:
Navigate back to the Inspector
Run Debug + Clear Cache again
Confirm the inspection completes successfully
Environment-Specific Considerations 🧑🏫
Domain-Joined Systems
Self-Managed Agents typically inherit time from Domain Controllers
Verify the DC itself is syncing with a reliable external NTP source
A misconfigured DC will propagate incorrect time to all domain members
Virtual Machines
VM clock drift is common if host time sync is disabled or paused
Ensure hypervisor time synchronization is enabled
Restricted / Air-Gapped Networks
Configure synchronization to an internal NTP server
Ensure consistent time across all infrastructure components
Best Practices 🤩
Enforce time synchronization via Group Policy
Monitor NTP health on Domain Controllers
Periodically validate system time on Agent hosts
Avoid manual time configuration on Agent systems
FAQ's 🙋♂️
Q: Does reinstalling the Agent fix this issue?
Not if system time remains incorrect. Time sync must be fixed first.
Q: Can firewall or proxy issues cause this error?
No. This error specifically indicates authentication rejection due to time skew.
Q: Will this affect all inspectors on the agent?
Yes. Any inspection using that Self-Managed Agent may fail until time is corrected.
When to Contact Support 🦁
If the issue continues after correcting system time, contact Liongard Support.
Please include the following when opening a ticket:
Agent OS version
Agent version installed
Inspector type(s) affected
Screenshot of the Inspector error
Relevant error.log entries
Confirmation that system time is synced and current
Summary 🌟
“Failed to send payload” on Self-Managed Agents is commonly caused by system time skew
Liongard enforces a 15-minute maximum clock difference
Logs will show RequestTimeTooSkewed (403) when this occurs
Correcting system time resolves the issue
Enforcing reliable NTP sync prevents recurrence