ITMS 8.0 agent is trying to connect over CEM with a Check Point firewall installed between the agent and the gateway.  The agent cannot connect. This issue has only shown up so far when using Check Point firewalls.

From the agent you will see an error like the following:

EAP: InitializeSecurityContext error while client handshake: The specified data could not be decrypted. (0x80090330)

From the gateway logs you will see messages like the following with a negative serial number:

Client 192.168.2.21: Certificate Verification: Error (7): certificate signature failure (proto:TLSv1; certCN:/CN=Test.EPM.com; 
serial:-441F672A6D813FF50965EEB22AC147A00270865; issuer:/CN=SMP SMP-W2K8-01.EPM.com A)

ITMS 8.0 had a bug that would allow a serial number to have a negative integer.  

A fix for this was created and is in 8.0 HF1.   You will need to create a new CEM package after applying the hot fix and apply it to the CEM machine which should generate a new certificate with a positive serial number.