search cancel

Cloud Enabled Symantec Management Agents unable to receive permanent client certificate.

book

Article ID: 172535

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

Symantec Management Agent installed using Cloud Enabled Management installation package unable to register with the Symantec Management Platform.

Symantec Management Platform:
"Certificate can't be loaded from database: serial='AC58C64057CDC833F66CF1AA2EF4065F0EBFF771, thumbprint='3FA8DFB47E72051C6B61B3D792C11D717244B5D0'","Altiris.NS.AgentManagement.AgentCertificateDistributer.ValidateIncomingCertificate","Altiris.NS.dll","47","Warnings"

Symantec Management Agent:
"Master certificate is missing from the responce, CEM certificates request added to queue and is waiting for approval","ConfigServer","AeXNSAgent.exe","1316","Warnings"

"Failed to receive CEM certificates from https://smpserver:443/altiris/NS/Agent/GetClientCertificate.aspx in CEM mode, error: The data is invalid (0x8007000D)","ConfigServer","AeXNSAgent.exe","1316","Warnings"

 

Cause

SMP Server Agent CA certificate resource is missing from the Symantec_CMDB database.
Check for Agent CA certificate resource in the database using the following SQL query.

SELECT
vi.Name
, rk.ResourceGuid
, rk.KeyName
, rk.KeyValue
, dcd.Issuer
, vi.*
, dcd.*
FROM vItem as vi
JOIN ResourceKey as rk
ON rk.ResourceGuid=vi.Guid
JOIN Inv_Digital_Certificate_Details AS dcd
ON dcd.[_ResourceGuid]=rk.ResourceGuid
    WHERE vi.ClassGuid  = 'fa3f86ae-1c53-44b6-8eed-90a312ba2fb3'
    AND vi.Name LIKE '%Agent CA'

Environment

Symantec Management Platform 8.x

Resolution

The Agent CA certificate resource can be recreated by running a Reconfigure of the Management Platform Release Update via the Symantec Installation Manager.

1. Run the Symantec Installation Manager.
2. Select Repair installed products.
3. Select Reconfigure installed products and press Next.
4. Select Symantec Management Platform 8.x RUx and press Next.
5. Press Configure.
6. After the reconfiguration is finished, use the above SQL query to confirm that the Agent CA certificate resource was created in the database.