Error code 0x00000010 when Endpoint Protection client tries to download from LiveUpdate Administrator over HTTPS

book

Article ID: 223774

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) clients are configured to download definitions from a LiveUpdate Administrator (LUA) over HTTPS. The downloads fail with:

* Failed to connect to HTTPS server
* Error statement: 
 >> Server certificate CN was invalid.
* Error code 0x00000010, File: minitri.flg
  Server selection failed for server HTTPS://<Server>/clu-prod on port 7073.

Cause

The SSL certificate on the LUA server does not have a Subject or SAN that matches the specified internal LiveUpdate server configured in the policy. For example: The policy uses an FQDN, but the certificate only has the short hostname.

Environment

Release : 14.2.1+

Resolution

Reconfigure the LiveUpdate settings policy to use a hostname, FQDN, or IP that matches one of the entries defined in the Subject or SAN of the LUA's SSL certificate.