Scenario 1: Certificate Validation Failed
Option 1: Update the DNS record.
- The FQDN of the SEPM must be discoverable with a forward and a reverse DNS lookup. You must have a complete DNS record for the FQDN.
- Verify that the DNS record has the correct IP address. Use the nslookup command from the command line interface of EDR. Confirm that the expected IP address is returned.
- Verify the DNS record has the correct record for a reverse DNS lookup. Use the nslookup command from the CLI of EDR and use the IP address from the previous step to verify the reverse lookup displays the expected FQDN.
- If the record does not display the correct IP address then the DNS record must be updated.
- If the incorrect FQDN is displayed when performing the reverse DNS lookup then the record must be updated so it includes the correct FQDN.
Option 2: Re-issue the certificate.
- Re-issue the certificate for the SEPM with an FQDN or IP address which does not have an incomplete or incorrect DNS record.
- Re-issue the SEPM's certificate and include the IP address of the SEPM server as an entry in the Subject Alternative Name (SAN) list.
- You may also re-issue the certificate and include the FQDN being used on the DNS record for the reverse DNS lookup.
- The FQDN on the reverse DNS lookup must be listed as an entry on the SAN list of your certificate.
NOTE: If the certificate does not currently have the correct SAN entries this will be required. Otherwise you must proceed with Option 1.
Scenario 2: The username or password is incorrect or the account is locked.
- Verify the service account you created for EDR is not locked or expired according to the SEPM.
- Go to Admin > Administrators > Select the user from the list.
IMPORTANT: Support recommends having a dedicated user account for EDR on the SEPM.
Scenario 3: The SEPM domain is incorrect.
- Verify that the SEPM domain being used to configure the SEPM connection is correct.
- Go to Admin > Domains and verify the domain you are using is listed here.