Replication error after upgrade SEPM to Ru8 when using a FQDN only certificate.
Article ID: 274734
Updated On:
Products
Issue/Introduction
After upgrading SEPM to 14.3 RU8 software, replication is not working.
Environment
SEPM sites running 14.3 RU8 and replicating with a CA-issued certificate that does not include IP addresses in the SAN (Subject Alternative Name) of the certficate.
During replication setup you see an error:
Failed to connect to the specified replication partner server. Verify that the server name and port are correct.
or
HREAD 28 WARNING: javax.net.ssl.SSLHandshakeException: No subject alternative names matching IP address xx.xx.xx.xx found
Cause
It is caused by the new system check introduced and documented in:
https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/upgrading-to-a-new-release-v14510472-d27e6/ru8-server-login-failed-server-certificate-not-validated.html
Resolution
1. Before starting do DB backup on both sites
2. Go to <SEPM_INSTALL>\tomcat\webapps\ROOT\WEB-INF\lib folder and back up scm-server.jar to desktop
3. Stop SEPM services
4. Replace the jars on both site SEPMs after back with attached signed jar
5. Start SEPM services
6. Delete and re-add replication partners
7. You can see the hostname instead of IP address on SEPM UI as well
8. Run replication from any SEPM
In case of issue revert the jar.
Additional Information
Updated scm-server.jar file is not publicly available. Please reach out to Broadcom support for this file.
Feedback
