You are seeing the "System Event Code 4206 - Managed PKI Service certificate has expired" on Symantec DLP Enforce (System > Servers and Detectors > Overview).

You have used the DLP Cloud Detection Service (CDS) in the past but are not using it anymore.

Release : 15.8, 16.0, 16.0.x

Component : Cloud Detection Service

This happens because, even though you are no longer using CDS, the certificates are still stored in the Java Keystore file, enforce_keystore.jks.

1. Create a backup of the enforce_keystore.jks
   Windows: C:\ProgramData\Symantec\DataLossPrevention\EnforceServer\<version>\keystore (default)
   Linux: /var/Symantec/DataLossPrevention/EnforceServer/<version>/keystore/
   
   
2. Remove the original enforce_keystore.jks
   An empty one will be created by the SymantecDLPDetectionServerController Service (aka the "MonitorController" on Enforce).
   
   
3. Restart the Enforce services.

For those who are still using the Cloud Service, and seeing this or similar alerts, see related article: MPKI certificate errors in Servers and Detectors Overview for the Enforce Server (broadcom.com)