The FRS connection and Webpulse connection system health tests fail in Security Analytics.

One of the tests in the FRS and Webpulse connection tests uses OCSP for network certificate authentication.  If this is enabled, and there is a proxy server configured that does not support OCSP, these two tests will fail.  They will also fail if DNS is not configured properly or the date is not correct due to ntp misconfiguration.

OCSP is not well supported on the web or in networks in general.  If the proxy server does not support OCSP, these tests will fail when it is enabled.

To disable OCSP, select Settings -> Security and in the PKI and SSL section, deselect "Perform certificate revocation check for Symantec" and select Save.

You will then need to re-run the System Health tests again to verify the results.

First, be sure that the DNS servers and ntp servers are configured properly and that their health tests pass.