Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 1 subscriber
  • Views 6942 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

RMS LOGs HELP!!!!

Flik

20.11.2013 03:27:59 264C I Sent certificate request to CM.
20.11.2013 03:28:00 264C I Received certification response with correct correlation ID.
20.11.2013 03:28:00 264C E Response received from CM is a failure response.
20.11.2013 03:28:00 264C E Failure reason: failed to validate certificate subject's purported identity.
20.11.2013 03:28:00 264C E std::exception: Caught CertRequesterLib::InternalErrorException (Certificate request failed. Failure reason: failed to validate certificate subject's purported identity.) ClientConnection::Reconnect()

I had found this in my RMS logs in my console server.

Can someone tell me what is happening?

:45189


This thread was automatically locked due to age.
  • 0

    HI,

    "E Failure reason: failed to validate certificate subject's purported identity." is the problem.

    The first thing I would check is that the server and client  are using the same certificates/identity keys.

    As a quick test the following should align between server and client:

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\RouterKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Messaging System\CertificationIdentityKeys\CertificationIdentityKey

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\ManagedAppKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Remote Management System\CertificationIdentityKeys\ManagedApplication

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\DelegatedManagerKey

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\[Wow6432Node]\Sophos\Remote Management System\ManagementAgent\Private\CertificationIdentityKey

    Server:

    HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Certification Manager\CertAuthStore\cac

    Client:

    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System\cac

    If the entries in the file mrinit.conf in the CID (well all mrinit.conf files on the server should match) should match the identities in the certauthstore keys.  


    Making sure the CID mrinit.conf and the values in CertAuthStore are the same is the first thing to do.

    Problem like this occur typically during migrations, a comon problem is importing the certauthstore after installing rather than before.

    Regards,

    Jak

    :45199
  • 0

    Thanks!! I go check the mrinit file and give you a response.

    :45335