Error during Endpoint Protection Manager upgrade due to expired certificate
Article ID: 231381
Updated On:
Products
Issue/Introduction
Below error appears while upgrading Symantec Endpoint Protection Manager (SEPM).
Error :
The upgrade wizard cannot upgrade your embedded database to a Microsoft SQL Server express database. Either the destination drive does not have enough available disk space, or the certificate is expired or will expire within 10 days. Make sure there is at least x of free disk space and that the certificate is current to continue.
Environment
SEPM 14.x
Cause
SEPM certificate expired.
SEPM certificate can be validated using below PowerShell command.
New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\apache\conf\ssl\server.crt" | Format-List
Resolution
1. Validate the SEPM certificate using below PowerShell command:
New-Object System.Security.Cryptography.X509Certificates.X509Certificate2 "<SEPM_INSTALL>\apache\conf\ssl\server.crt" | Format-List
Expected Output:
Subject : CN=SEPMsvr, OU=ESG, O=Broadcom Inc, L=San Jose, S=CA, C=US
Issuer : CN=SEPMsvr, OU=ESG, O=Broadcom Inc, L=San Jose, S=CA, C=US
Thumbprint : 87BF91CECCDD6D67ED58A2063BA92AC54E96B0CB
FriendlyName :
NotBefore : 11/27/2021 6:04:18 AM
NotAfter : 12/25/2031 6:04:18 AM
Extensions : {System.Security.Cryptography.Oid, System.Security.Cryptography.Oid, System.Security.Cryptography.Oid}
In the above output "NotBefore" and "NotAfter" are the start and end date of server certificate.
2. Re-generate certificate if the certificate is expired. Refer below article.
Updating or restoring a server certificate
3. After server certificate update restart all SEPM services/re-boot and perform the upgrade.
Feedback
