ENC Client fails to connect to the ENC Server during verification process
search cancel

ENC Client fails to connect to the ENC Server during verification process

book

Article ID: 50097

calendar_today

Updated On:

Products

CA Client Automation - IT Client Manager CA Client Automation

Issue/Introduction

The ENC client fails to connect to the ENC Server during the verification process. Even though the required ports are open bidirectional, when we execute the 'ENCCLIENT STATUS' command, the error message "the client has rejected the server certificate" is displayed.

Environment

Client Automation - All Versions

Cause

The TRC_CF_ENCCLIENT_x.log file, shows the following messages even though the required certificates are valid and in place:

INFO | Created security context for <notreal.madeup.com>
ERROR | CSRS::listen: no SRS connection
ERROR | CConnectMgr::initListen: failed to listen on port 4728
INFO | CClient::sendListenResp[id=604]: sending listen response(3003)
DETAIL | CConnectMgr::workerThread: exit
INFO | InitializeSecurityContext(1) returned <80090318>
INFO | Expected data from InitializeSecurityContext(1) but got none.
ERROR | EncInitializeSecurityContext: Catastrophic failure

Note: You can find the ENC logs in the %sdroot%\..\logs folder.

Resolution

This failure can happen when there are multiple certificates registered to the ENC Manager. In this situation, when the ENC Manager transmits the list of certificates to the ENC client, and when the list exceeds the maximum file size that Microsoft allows for this action (16384 bytes), the certificate verification may fail. To correct this situation, do the following:

  • Delete the unwanted certificates from the ENC Manager computer and try again.
  • Disable the default auto-update/auto-enroll certificates function on the operating system. Disabling the function will help prevent this situation from occurring in the future, provided the number of certificates does not exceed the allowable transmission buffer.

You can refer to the steps on how to configure Auto-enroll certificates on Windows using the following link:


http://technet.microsoft.com/en-us/library/cc737159%28WS.10%29.aspx


http://www.tech-faq.com/the-certificate-enrollment-process.html

Additional Information

The content of the pages in the links above is for general information/use. Broadcom does not take responsibility of any incorrect information, if any, published on these pages.

Powered by Wolken Software