search cancel

ITMS 8.0 with Check Point firewall between client and gateway client has the error: The specified data could not be decrypted. (0x80090330)


Article ID: 163225


Updated On:


IT Management Suite


ITMS 8.0 agent is trying to connect over CEM with a Check Point firewall installed between the agent and the gateway.  The agent cannot connect. This issue has only shown up so far when using Check Point firewalls.

From the agent you will see an error like the following:

EAP: InitializeSecurityContext error while client handshake: The specified data could not be decrypted. (0x80090330)


From the gateway logs you will see messages like the following with a negative serial number:

Client Certificate Verification: Error (7): certificate signature failure (proto:TLSv1; certCN:/; 
serial:-441F672A6D813FF50965EEB22AC147A00270865; issuer:/CN=SMP A)


ITMS 8.0 had a bug that would allow a serial number to have a negative integer.  


A fix for this was created and is in 8.0 HF1.   You will need to create a new CEM package after applying the hot fix and apply it to the CEM machine which should generate a new certificate with a positive serial number.