Updated hardware on a Symantec Management Platform (SMP) server. This causes a problem for CEM (Cloud-enabled Management) agents since the SMP (Symantec Management Platform) agent CA certificate from the original server signs the permanent agent certificates that are used by the agents when using CEM. If these certificates are changed the the CEM agents will not be able to communicate with the SMP.
The SMP Agent CA and SMP Server CA certificates were copied from the old server and imported into the trusted root certificate store. After restoring the certificates were edited in the registry and the certificates were cut-and-pasted into the registry on the SMP at the following locations:
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\CA\Agent\Thumbprint
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\CA\Server\Thumbprint
The following error was seen:
Failed to contact the server and retrieve the certificate details.
ITMS 8.x
The problem was caused by the cut-and-paste of the thumbprint into the registry. This introduced some unicode characters, and even though the registry looked correct it was causing problems.
The solution was to modify the entries in the registry and type the thumbprint in manually in both locations below:
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\CA\Agent\Thumbprint
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\CA\Server\Thumbprint