Error 800B0109 when enrolling Endpoint Protection Manager to the cloud with a proxy

book

Article ID: 171322

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When you configure the Symantec Endpoint Protection Manager (SEPM) (14.0.RU1 or later) to connect through a proxy to the cloud, the cloud enrollment for Symantec Endpoint Protection Manager fails with error 800B0109.

The debug log shows messages similar to the following:

mm/dd/yyyy 16:23:36 [4352:7688] [WARNING] Notice: Certificate verification[2] returns 0x800B0109
mm/dd/yyyy 16:23:36 [4352:7688] [WARNING] Certificate verification fails for server ncs-spoc-int1.norton.com: 0x800B0109
mm/dd/yyyy 16:23:43 [4352:7688] [WARNING] Notice: Certificate verification[2] returns 0x800B0109
mm/dd/yyyy 16:23:43 [4352:7688] [WARNING] Certificate verification fails for server aws.amazon.com: 0x800B0109
mm/dd/yyyy 16:28:54 [4352:7688] [WARNING] Notice: Certificate verification[2] returns 0x800B0109
mm/dd/yyyy 16:28:54 [4352:7688] [WARNING] Certificate verification fails for server usea1.r3.securitycloud.symantec.com: 0x800B0109

Cause

The root certificate for each of these sites are missing:

  • aws.amazon.com
  • ncs-spoc-int1.norton.com
  • usea1.r3.securitycloud.symantec.com/*
  • *.s3.amazonaws.com

Resolution

Manually download the root certificates for all of the above mentioned sites and add them to the LocalComputer\Trusted Root Certification Authorities, using the following steps as a guideline.

Export the certificate

  1. Open Firefox and go to the site from which you need the certificate, such as https://securitycloud.symantec.com/cc/#/landing.
     
  2. Click the lock in the address bar.
    ‚Äč
     
  3. Click the > next to Symantec Corporation.

     
  4. Click More Information.

     
  5. Click View Certificate.

     
  6. Click Details tab. In Certificate Hierarchy, select the certificate you need, and then click Export. In this example, it's Verisign Universal Root Certification Authority.
  7. Save the file to your computer in a location you can easily find, such as C:\temp\VeriSignUniversalRootCertificationAuthority.crt.

Import the certificate

  1. Open Internet Explorer > Internet Options > Content > Certificates.
     
  2. In Internet Explorer, select Trusted Root Certification Authorities. Scroll down.
     
  3. If the certificate you need is missing in the list, click Import > Next.
     
  4. Select the file that you just exported.

     
  5. Click Next > Browse.

     
  6. Check Show physical stores, select Trusted Root Certification Authorities > Local Computer, and then click OK.

     
  7. Click Next > Finish.

Attachments