While renewing a certificate, its status is stuck on 'Replacement in Progress'
search cancel

While renewing a certificate, its status is stuck on 'Replacement in Progress'

book

Article ID: 275362

calendar_today

Updated On:

Products

IT Management Suite

Issue/Introduction

When trying to renew the Internet Gateway certificate (in the SMP Console under Settings > All Settings > Notification Server > Certificate Management) used by the Internet Gateway for NS Reporting. After clicking on "Renew" button, the status just stayed in "Replacement in progress" as shown here:

Environment

ITMS 8.x

Cause

The status "replacing" must go away as soon as the Internet Gateway (IG) can report its inventory to the Notification Server specifying a new certificate usage. 

Resolution

Go to the Internet Gateway:

  1. Open the Symantec Management Platform Internet Gateway Manager
  2. Under Servers tab, remove and re-add the SMP Server to the list
  3. After the SMP Server has been added back, make sure that "Status Report" is "Enabled"

Note: If while trying to "Enable" the "Status Report" in the Servers tab you get a message like this in the gateway logs:

Web exception occurred while getting status report certificate - The underlying connection was closed: An unexpected error occurred on a receive..

Check if the SMP server certificate is a valid one. You should be able to see a log entry just like the one here just below the one for the error message above:

Trying to enable status reporting for server 'https://<SMPSERVER>.example.com:4726'...

If you click on the link, it should try to reach the SMP Server and if there is a problem with the certificate, you can click to view the certificate properties and confirm if it is a valid one or not:

In case you need to remove an old SMP server certificate reference, try this (if removing and re-adding the SMP Server from the Servers tab in the Gateway UI doesn't do it):

  1. Remove the SMP Server from the Servers list on the Internet Gateway
  2. Stop the Internet Gateway service for a moment
  3. Then, look for the old SMP server certificate in MMC and delete it
  4. After this, then go to ...\Program Files\Symantec\SMP Internet Gateway and open the file called "allowed_certs.txt" and see if the old SMP server certificate is listed there. If so, delete the line for it.
  5. Then, go to ...\Program Files\Symantec\SMP Internet Gateway\certs and open the "server" cert and see if it is the old SMP server certificate. If so, cut it out of this folder and place it somewhere else in the meantime.
  6. Also, check under ...\Program Files\Symantec\SMP Internet Gateway\clients for any reference to the old SMP server cert
  7. Restart the Internet Gateway service.
  8. Add the SMP Server again and then try to enable reporting.
Powered by Wolken Software