After upgrading SEPM to 14.3 RU8 software, replication is not working.
SEPM sites running 14.3 RU8 and replicating with a CA-issued certificate that does not include IP addresses in the SAN (Subject Alternative Name) of the certficate.
During replication setup you see an error:
Failed to connect to the specified replication partner server. Verify that the server name and port are correct.
or
HREAD 28 WARNING: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address xx.xx.xx.xx found
It is caused by the new system check introduced and documented in:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/upgrading-to-a-new-release-v14510472-d27e6/ru8-server-login-failed-server-certificate-not-validated.html
This issue is fixed in release 14.3 RU9. Upgrade to resolve this issue.
If you are unable to upgrade, please follow these steps:
In case of issue revert the jar
Updated scm-server.jar file is not publicly available. Please reach out to Broadcom support for this file.