After upgrading SEPM to 14.3 RU8 software, replication is not working.
SEPM sites running 14.3 RU8 and replicating with a CA-issued certificate that does not include IP addresses in the SAN (Subject Alternative Name) of the certficate.
During replication setup you see an error:
Failed to connect to the specified replication partner server. Verify that the server name and port are correct.
or
HREAD 28 WARNING: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address xx.xx.xx.xx found
It is caused by the new system check introduced and documented in:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/upgrading-to-a-new-release-v14510472-d27e6/ru8-server-login-failed-server-certificate-not-validated.html
1. Before starting do DB backup on both sites
2. Go to <SEPM_INSTALL>\tomcat\webapps\ROOT\WEB-INF\lib folder and back up scm-server.jar to desktop
3. Stop SEPM services
4. Replace the jars on both site SEPMs after back with attached signed jar
5. Start SEPM services
6. Delete and re-add replication partners
7. You can see the hostname instead of IP address on SEPM UI as well
8. Run replication from any SEPM
In case of issue revert the jar.
Updated scm-server.jar file is not publicly available. Please reach out to Broadcom support for this file.