The Symantec Unified Agent cannot connect to the Internet. In the GUI you see the error, "Not Connected to ThreatPulse - Failure Mode (Closed)."
Error: Not Connected to ThreatPulse - Failure Mode (Closed)
Error: Server's certificate failed validation at depth: 1, CN = Entrust Certification Authority - L1C, error = unable to get local issuer certificate
Error: Switching to DENY mode since the certificate was invalid
To resolve the issue, install the Entrust CA (2048) root certificate onto the workstation. You can manually download the certificate from Entrust's site, or you can download the latest Microsoft root certificate update from Microsoft's website. This document includes both ways of updating the client.
NOTE: The workstation is effectively shut down and cannot reach the Internet. You can download the necessary updates to a USB stick and install it onto the affected workstation from the USB drive. If that is not possible to do, then uninstall the client, install the Entrust CA (2048) certificate using one of the methods below, and reinstall the Unified Agent.
DOWNLOADING THE ENTRUST CA (2048) ROOT CERTIFICATE FROM ENTRUST.NET
Select Entrust.net Certificate Authority (2048) (file download entrust_2048_ca.cer). You can also download the file directly.
Double click on the downloaded root certificate and install it into the workstations root certificate store.
If the client is still installed on the workstation, reboot the workstation. Once the certificate is properly installed, then the errors go away. If a single reboot doesn't remedy the problem, you may want to try another reboot.
NOTE: On some workstations that have not been updated in a long time, or workstations that do not have any patches beyond Windows XP SP3, that even with the Entrust Root CA (2048) installed, the client continues to return the L1C error as described in the problem description. The work-around it is to go to https://support.microsoft.com/kb/931125 and download and install the latest root certificate update patch. Even with a workstation that has Windows XP SP3 unpatched beyond SP3, installing the root cert update from KB931125 is sufficient to get the client installed and working. Symantec does not recommend that customers run with computers that far out of date. Computer operating systems that are out of date can be exposed to security vulnerabilities in the operating system.
DOWNLOADING ROOT CERTIFICATES FROM MICROSOFT
For Windows XP users, about once per quarter, Microsoft updates their root certificates. Symantec recommends that the latest root certificate update is installed on the workstation via Windows Update under the "Optional" downloads section. Microsoft KB931125 (http://support.microsoft.com/kb/931125) documents the process for the various Windows OSes.
Right-click on the Unified Agent icon in the system tray and select Status > Advanced > Show File. Search the log file for "Entrust Certification Authority" to see if the log contains the error in the problem that is described above. If so, then download the Entrust CA (2048) certificate and install it on the workstation.
Unified Agent uses the Entrust CA (2048) root certificate. This error occurs when the Entrust CA (2048) root certificate is not installed on the workstation. When the client is installed in interactive mode, it detects if the root certificate is installed. If the Entrust CA (2048) is not installed, then the client installation fails. However, when the client is run in non-interactive mode (/quiet switch used), then the root certificate check is not performed and the client installs. Clients newer than 1.4.12000.0 checks for the Entrust Root CA (2048) in both interactive and non-interactive mode. Unified Agent always checks for the Entrust certificate before install. If you experience a problem with the client not checking for the Entrust root cert, go to https://portal.threatpulse.com/ and download the latest version of the client and rerun your test. If it continues to be an issue, then please contact Symantec Technical Support and open a service request.
Subscribing will provide email updates when this Article is updated. Login is required.