SSC Error "_ServerGroupName_: Generating the new server end-entity certificate for _ServerName_ failed" appears when attempting to move a SAV Parent Server from one Server Group to another.
| Article:TECH103848 | | | Created: 2008-01-04 | | | Updated: 2012-02-02 | | | Article URL http://www.symantec.com/docs/TECH103848 |
Problem
You want to know the meaning of this error message, and what you can do to resolve it.
Symptoms
When you try to move a SAV server from one server group to another, you receive the error "
Cause
This is a sign that there is corruption in the PKI structure on the Primary Server of the target group. The error you are seeing is appearing because a digital certificate cannot be created on the Primary Server as requested by the incoming "Server1".
Solution
Re-apply the PKI structure from backup on the Primary Server of the target group.
If you do not have a backup of the PKI, you can also create a new server group and add all the SAV servers into the new group, starting with a secondary server of the original target group. Remember that after you move the first server into the new group, you need to make it Primary. You can later re-promote the original primary server back to primary once all the servers are moved.
Once that is complete, backup the PKI folder structure on the Primary Server, located here:
\Program Files\Symantec Antivirus\PKI
Technical Information
The “End-Entity” is an entity in the PKI who is requesting a certificate. It sends a CSR (Certificate signing request) to the CA. The CSR contains the Public Key of the End-Entity that is requesting the Digital Certificate. Corruption in the PKI of the Primary server of the destination Server Group prevents this certificate from being generated.
|
|
Legacy ID
2008020413292148
Article URL http://www.symantec.com/docs/TECH103848
Terms of use for this information are found in Legal Notices
Thank you.