Symantec Endpoint Protection client is unable to download content from a LiveUpdate Administrator distribution point which uses self-signed SSL certificate.

book

Article ID: 156020

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) clients are configured to download definitions from a LiveUpdate Administrator (LUA) 2.x Distribution Center (DC) which has been configured to use HTTPS with a self-signed SSL certificate.

The Log.Lue file from the SEP client contains the following lines:

* Failed to connect to HTTPS server
* Error statement: 
 >> Server certificate does not chain to a valid trusted root in certificate store.
* Error code 0x00000008, File: minitri.flg
  Server selection failed for server HTTPS://<address of distribution point>/ on port 443.
* Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue.
* Server Selection Failed.
* Error downloading files. Error Code: 0x8D04802A

Cause

Internet security settings in the environment prohibit the trust of self-signed SSL certificates.

Resolution

One solution known to resolve the issue is to manually import the self-signed SSL certificate into the certificate store of the impacted clients. Information on how to do this is covered in the following Microsoft Article:

https://technet.microsoft.com/en-us/library/cc754489(v=ws.11).aspx

Another solution would be to use an SSL certificate signed by a Certificate Authority (CA), rather than a self-signed certificate.

 

Applies To

LUA Distribution Point (using HTTP) running on IIS, configured with a self-signed SSL certificate.