When trying to create a CEM package, the package creation fails specifying "cannot issue certificate at this time because there is no registered master certificate with the specified name."
Failed to generate package. Cannot issue certificate at this time because there is no registered master certificate with the specified name
The agent CA is missing from the trusted root certificate store. See the following screenshots
When the server is installed and configured an agent CA certificate is created. If you have a backup copy of this certificate you can restore it and make sure that the thumbprint in the certificate matches the thumbprint stored in the registry. You can view the thumbprint in the certificate using the Microsoft Management Console and loading the certificate snap-in. Open the certificate and look at the details tab and validate the thumbprint matches the one in the registry location below.
The thumbprint in the registry should match the thumbprint of the Agent CA certificate located in the trusted root certificate store. If the certificate is missing from the store you will see the error. If you have a backup of the certificate you can restore it and it should work. If you dont, you will have to run aexconfig and reconfigure the server to generate a new one. This will create a new certificate. However, If this is an existing environment you will have to put this new certificate on any existing machines. Any existing CEM machines would have the old certificate and will to have this updated certificate.
The certificate you restore should match the one in the registry.
It is a good practice to backup and store in a safe place the the following certficates with the private keys after installing an SMP
SMP-"Your SMP's FQDN name"-Agent CA
SMP-"Your SMP's FQDN name"- Server CA
Any certficates bound to the default and symantec agent website.
ITMS 7.5 SP1
Imported Document ID: TECH226923
Subscribing will provide email updates when this Article is updated. Login is required.