In SEP 14.3 RU1 or later, administrators will receive an email from the Symantec Endpoint Protection Manager (SEPM) 30 days before the SQL Server Certificate will expire. An email will also be sent when the certificate expires. After the certificate expires, you'll no longer be able to login to the SEPM.
The 30 day notification will have the subject line.
The Symantec Endpoint Protection Manager's SQL Server Certificate expires within 30 days
If the certificate has expired, the notification will contain the following text.
Subject: The Symantec Endpoint Protection Manager can not connect to the Database
Body:
Message from
Server name: <name>
Server IP: <IP>
Symantec Endpoint Protection Manager (SEPM) cannot connect to the Microsoft SQL Server database because SQL Server uses a certificate that Windows does not trust. Therefore, you must import the certificate that SQL Server uses into the Local Machine Certificate Store (Trusted Root Certification Authorities) of the Windows system where the management server is installed and restart the management server service.
14.3 RU1 and later.
SQL Server Certificate is 30 days from expiring or has already expired
If the certificate is still valid, but you've received the 30 day notification, please update the server certificate and run the Management Server Configuration Wizard after that is completed to update the certificate in SQL. Do not use a recovery file! Steps 8-10 below outlines this process, the other steps would not be needed if it has not already expired.
If the certificate has already expired, the following steps can be taken to correct the issue with either a self-signed, or custom (CA) certificate.