SSC Error "_ServerGroupName_: Generating the new server end-entity certificate for _ServerName_ failed" appears when attempting to move a SAV Parent Server from one Server Group to another.
|Article:TECH103848|||||Created: 2008-01-04|||||Updated: 2012-02-02|||||Article URL http://www.symantec.com/docs/TECH103848|
You want to know the meaning of this error message, and what you can do to resolve it.
When you try to move a SAV server from one server group to another, you receive the error "
This is a sign that there is corruption in the PKI structure on the Primary Server of the target group. The error you are seeing is appearing because a digital certificate cannot be created on the Primary Server as requested by the incoming "Server1".
Re-apply the PKI structure from backup on the Primary Server of the target group.
If you do not have a backup of the PKI, you can also create a new server group and add all the SAV servers into the new group, starting with a secondary server of the original target group. Remember that after you move the first server into the new group, you need to make it Primary. You can later re-promote the original primary server back to primary once all the servers are moved.
Once that is complete, backup the PKI folder structure on the Primary Server, located here:
\Program Files\Symantec Antivirus\PKI
The “End-Entity” is an entity in the PKI who is requesting a certificate. It sends a CSR (Certificate signing request) to the CA. The CSR contains the Public Key of the End-Entity that is requesting the Digital Certificate. Corruption in the PKI of the Primary server of the destination Server Group prevents this certificate from being generated.
Article URL http://www.symantec.com/docs/TECH103848