14.3 RU1 Manager upgrade fails the SQL Express Migration precheck when the certificate is not actually expired.

book

Article ID: 210426

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

When attempting to upgrade an Endpoint Protection Manager (SEPM) using an embedded database to 14.3 RU1 or later, the upgrade fails with the following warning: 

This upgrade fails even though the SEPM has enough disk space and the certificate is not about to expire. 

Cause

The upgrade runs the following Powershell command to determine when the SEPM's certificate is about to expire:

New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "C:\Users\...\server.crt" | Format-List

If the date format the Powershell command outputs for the expiration date is not in month/day/year format, the certificate expiration will be read incorrectly.  For example:

NotBefore    : 03/04/2020 21:00:00
NotAfter     : 02/05/2021 20:59:59

If these dates are supposed to be April 4th and May 2nd, then the upgrade will fail because the powershell command is providing the date in an unexpected format.  The upgrade will read the certificate expiration as February 5th and not May 2nd. 

Resolution

Symantec is currently investigating this issue. 

Additional Information

ESCRT-6447

Attachments