Customer updated hardware on a SMP server. This causes a problem for CEM (Cloud-enabled Management) agents since the SMP (Symantec Management Platform) agent CA certificate from the original server signs the permanent agent certificates that are used by the agents when using CEM.   If these certificates are changed CEM agents will not be able to communicate with the SMP.

The SMP Agent CA and SMP Server CA certificates were copied from the old server and imported into the trusted root certificate store. After restoring the certificates they edited the registry and cut and pasted the certificates into the registry on the SMP at the following locations

HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\CA\Agent\Thumbprint
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\CA\Server\Thumbprint

Failed to contact the server and retrieve the certificate details.

The problem was caused by the cut and paste of the thumbprint into the registry. This introduced some unicode characters. Even though the registry looked correct it was causing problems.

The solution was to modify the entries in the registry and type the thumbprint in manually in both locations below.

HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\CA\Agent\Thumbprint
HKEY_LOCAL_MACHINE\SOFTWARE\Altiris\eXpress\Notification Server\CA\Server\Thumbprint