Following an upgrade of an Encryption Management Server cluster, duplicate entries appear in the management console when navigating to Keys / Trusted Keys.
Trusted Keys are root and intermediate TLS certificates. Some are included with Encryption Management Server by default and others will have been imported by an administrator.
The root certificate and intermediate certificate(s) associated with any TLS certificates assigned to the network interfaces of Encryption Management Server must be present in Keys / Trusted Keys.
The root certificate and intermediate certificate(s) associated with any S/MIME messages processed by Encryption Management Server should also be present in Keys / Trusted Keys.
Duplicates only appear after an "incremental" replication scan has completed. This scan synchronizes data between cluster members. It runs at 23:00 every day for a maximum of 4 hours. Depending on the size of the database, server performance and network speed, it may not complete within a single 4 hour session. If it only partially completes in a session, it will continue from where it left off the next time it runs.
Symantec Encryption Management Server release 10.5 and above.
Duplicate Trusted Keys do not appear to affect performance but they can be deleted by doing the following from the administration console:
Broadcom is committed to product quality and satisfied customers. This issue is currently being considered by Broadcom to be addressed in a forthcoming version or Maintenance Pack of the product. Please be sure to refer back to this article periodically as any changes to the status of the issue will be reflected here.
To subscribe to notifications about future releases please refer to article 142615.