search cancel

ITMS 8.0 with Check Point firewall between client and gateway client has the error: The specified data could not be decrypted. (0x80090330)

book

Article ID: 163225

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

ITMS 8.0 agent is trying to connect over CEM with a Check Point firewall installed between the agent and the gateway.  The agent cannot connect. This issue has only shown up so far when using Check Point firewalls.

From the agent you will see an error like the following:

EAP: InitializeSecurityContext error while client handshake: The specified data could not be decrypted. (0x80090330)

 

From the gateway logs you will see messages like the following with a negative serial number:

Client 192.168.2.21: Certificate Verification: Error (7): certificate signature failure (proto:TLSv1; certCN:/CN=Test.EPM.com; 
serial:-441F672A6D813FF50965EEB22AC147A00270865; issuer:/CN=SMP SMP-W2K8-01.EPM.com A)

Cause

ITMS 8.0 had a bug that would allow a serial number to have a negative integer.  

Resolution

A fix for this was created and is in 8.0 HF1.   You will need to create a new CEM package after applying the hot fix and apply it to the CEM machine which should generate a new certificate with a positive serial number.