Certificate mismatch after restoring old certificates to existing replication partners


Article ID: 156291


Updated On:


Endpoint Protection


Certificate mismatch errors are displayed in the Console after restoring previous encryption certificates to existing Symantec Endpoint Protection Manager (SEPM) servers.


This issue is most likely to occur after a disaster recovery is performed on one or more SEPM replication partners and a replication occurs before the encryption certificates are restored.

The encryption certificate information stored in the SEPM database about its replication partner does not match the replication partner's current certificate. When the certificate is manually accepted, it is stored in memory. It is not updated in the database until a replication occurs between the two sites.


To ensure both SEPM Sites trust each other's certificates, first ensure that both certificates have been manually trusted, then immediately perform a replication to ensure the latest certificate information is stored in each site's database.