ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Cloud Enabled Symantec Management Agents unable to receive permanent client certificate.

book

Article ID: 172535

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Symantec Management Agent installed using Cloud Enabled Management installation package unable to register with the Symantec Management Platform.

Symantec Management Platform:
"Certificate can't be loaded from database: serial='AC58C64057CDC833F66CF1AA2EF4065F0EBFF771, thumbprint='3FA8DFB47E72051C6B61B3D792C11D717244B5D0'","Altiris.NS.AgentManagement.AgentCertificateDistributer.ValidateIncomingCertificate","Altiris.NS.dll","47","Warnings"

Symantec Management Agent:
"Master certificate is missing from the responce, CEM certificates request added to queue and is waiting for approval","ConfigServer","AeXNSAgent.exe","1316","Warnings"

"Failed to receive CEM certificates from https://smpserver:443/altiris/NS/Agent/GetClientCertificate.aspx in CEM mode, error: The data is invalid (0x8007000D)","ConfigServer","AeXNSAgent.exe","1316","Warnings"

 

Cause

SMP Server Agent CA certificate resource is missing from the Symantec_CMDB database.
Check for Agent CA certificate resource in the database using the following SQL query.

SELECT
vi.Name
, rk.ResourceGuid
, rk.KeyName
, rk.KeyValue
, dcd.Issuer
, vi.*
, dcd.*
FROM vItem as vi
JOIN ResourceKey as rk
ON rk.ResourceGuid=vi.Guid
JOIN Inv_Digital_Certificate_Details AS dcd
ON dcd.[_ResourceGuid]=rk.ResourceGuid
    WHERE vi.ClassGuid  = 'fa3f86ae-1c53-44b6-8eed-90a312ba2fb3'
    AND vi.Name LIKE '%Agent CA'

Environment

Symantec Management Platform 8.1 RU6/RU7

Resolution

The Agent CA certificate resource can be recreated by running a Reconfigure of the Management Platform Release Update via the Symantec Installation Manager.

1. Run the Symantec Installation Manager.
2. Select Repair installed products.
3. Select Reconfigure installed products and press Next.
4. Select Symantec Management Platform 8.1 RU6/RU7 and press Next.
5. Press Configure.
6. After the reconfiguration is finished, use the above SQL query to confirm that the Agent CA certificate resource was created in the database.