CEM package client fails to communicate with SMP
Article ID: 163633
Updated On:
Products
IT Management Suite
Issue/Introduction
Symantec Management Agent installed using CEM pacckage fails to communicate with SMP although it successfully connects to Symantec Internet gateway tunnel.
HTTP error 500.64 (Client certificate validation error) on SMP IIS logs
Windows Event errors / warnings:
Error 01/09/2016 17:04:11 Schannel 36888 None
The following fatal alert was generated: 10. The internal error state is 1203.
+++++++
Warning 01/09/2016 17:02:02 Schannel 36885 None
When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.
Windows Event errors / warnings:
Error 01/09/2016 17:04:11 Schannel 36888 None
The following fatal alert was generated: 10. The internal error state is 1203.
+++++++
Warning 01/09/2016 17:02:02 Schannel 36885 None
When asking for client authentication, this server sends a list of trusted certificate authorities to the client. The client uses this list to choose a client certificate that is trusted by the server. Currently, this server trusts so many certificate authorities that the list has grown too long. This list has thus been truncated. The administrator of this machine should review the certificate authorities trusted for client authentication and remove those that do not really need to be trusted.
Cause
SMP trusted root CA certificate store had more than 350 certificates, causing windows to trim the list of CA certificates required for validating CEM package temporary client certificate.
Resolution
Remove all extra and not required root CA certificates on SMP trusted root CA certificate store.
Feedback
Yes
No
Powered by
