After updating CEM policy with new certificate thumbprint, agents may lose old thumbprint before it's replaced on the Gateway
search cancel

After updating CEM policy with new certificate thumbprint, agents may lose old thumbprint before it's replaced on the Gateway

book

Article ID: 373973

calendar_today

Updated On:

Products

IT Management Suite Client Management Suite

Issue/Introduction

There is a need to push out a new certificate thumbprint for CEM agents. After following directions in KB article 164263, agents are losing the replaced thumbprint before it expires and before it is replaced on the actual Gateway/s.

This can be verified on client machines by checking the following registry entry:

HKLM\Software\Altiris\Communications\Secure Gateways\{GUID of gateway} DWORD "Cert Thumbprint"

Environment

ITMS 8.7.2

Cause

The cause of this issue is currently being investigated by Broadcom developers. A permanent fix is planned for the next release, ITMS 8.7.3.

 

Resolution

As a workaround until the next release, instead of replacing the original expiring thumbprint in the CEM policy, add an additional entry for the gateway by external IP address with the new replacement thumbprint as shown here:

To verify the external IP address of your internet gateway(s), run the following command from a computer disconnected from the corporate network but connected to the internet:

Command prompt:

nslookup gateway.fqdn.com

NOTE: The entries in the screenshot above are examples only and should not be used in production.