search cancel

HTTPS communication with certificate verification cannot complete between Endpoint Protection AWS instances

book

Article ID: 162885

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

In the Management Server List, you enable HTTPS communications with certificate verification, which verifies the server hostname on which it originated. Your installation of Symantec Endpoint Protection Manager (SEPM) is on one Amazon Web Services (AWS) instance, and a Symantec Endpoint Protection client is on another. However, client-server communication fails.

The client computer does not display the green dot indicating communication with the manager. When you check the Sylink log, you see the following messages, after the date and time stamps:

HH:MM:SS=>HTTP REQUEST sent
<GetIndexFileRequest>Send Request failed.. Error Code = 12007
<ParseErrorCode:> 12007=>The Server name could not be resolved.

Cause

The AWS-provided DNS service does not resolve the virtual machine's hostname to an IP, but instead, resolves its Amazon Private DNS name to its IP. The Symantec Endpoint Protection Manager certificate is based on the hostname on which it is installed. Therefore, when the client attempts to connect to it, the hostname does not resolve to an IP, and the connection fails as the certificate cannot be authenticated.

Resolution

Symantec is aware of this issue and will update this document as needed. Please subscribe to this article to be notified of any updates.

If you require HTTPS with certificate verification, you can work around this issue by purchasing or setting up a standard DNS server in your Amazon Web Services Virtual Private Cloud (AWS VPC).