search cancel

CEM package client fails to communicate with SMP

book

Article ID: 163633

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Symantec Management Agent installed using CEM pacckage fails to communicate with SMP although it successfully connects to Symantec Internet gateway tunnel. HTTP error 500.64 (Client certificate validation error) on SMP IIS logs

Windows Event errors / warnings:
Error    01/09/2016 17:04:11    Schannel    36888    None
The following fatal alert was generated: 10. The internal error state is 1203.
+++++++
Warning    01/09/2016 17:02:02    Schannel    36885    None
When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.

Cause

SMP trusted root CA certificate store had more than 350 certificates, causing windows to trim the list of CA certificates required for validating CEM package temporary client certificate.

Resolution

Remove all extra and not required root CA certificates on SMP trusted root CA certificate store.