Agents can't connect to the Symantec Management Platform when when connecting over CEM
Error type: TLS Handshake error
Error code: The certificate chain was issued by an authority that is not trusted (0x80090325)
Error note: 'IP Address of Server' server's certificate is not valid, thumbprint mismatch
Gateway HTTPS connection info:
Cryptographic protocol: TLS 1.2
Cipher suite: TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384
Cipher algorithm: AES
Cipher key length: 256
Hash algorithm: SHA384
Hash length: 384
Key exchange algorithm: ECDH
Key length: 256
The gateway had been removed and reinstalled. The gateway was installed with a new thumbprint. The new thumbprint did not match the thumbprint that was listed in the CEM policy on the SMP server.
Copied the thumbprint from the new server and placed it in the CEM policy. However, please note that this will break currently installed CEM machines. They would have to connect internally to get a new CEM policy. It would be a better option if you could find the original Certificate that the gateway was using and install it on the CEM gateway.
Subscribing will provide email updates when this Article is updated. Login is required.