Certificate mismatch after restoring old certificates to existing replication partners

book

Article ID: 156291

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Certificate mismatch errors are displayed in the Console after restoring previous encryption certificates to existing Symantec Endpoint Protection Manager (SEPM) servers.

Cause

This issue is most likely to occur after a disaster recovery is performed on one or more SEPM replication partners and a replication occurs before the encryption certificates are restored.

The encryption certificate information stored in the SEPM database about its replication partner does not match the replication partner's current certificate. When the certificate is manually accepted, it is stored in memory. It is not updated in the database until a replication occurs between the two sites.

Resolution

To ensure both SEPM Sites trust each other's certificates, first ensure that both certificates have been manually trusted, then immediately perform a replication to ensure the latest certificate information is stored in each site's database.