Symantec Endpoint Protection 12.1 client is unable to download content from a LiveUpdate Administrator distribution point which uses self-signed SSL certificate.
| Article:TECH183115 | | | Created: 2012-03-06 | | | Updated: 2012-05-31 | | | Article URL http://www.symantec.com/docs/TECH183115 |
Problem
Symantec Endpoint Protection (SEP) 12.1 clients are configured to download definitions from a LiveUpdate Administrator (LUA) 2.x Distribution Center (DC) which has been configured to use HTTPS with a self-signed SSL certificate.
Error
The Log.Lue file from the SEP client contains the following lines:
* Failed to connect to HTTPS server * Error statement: >> Server certificate does not chain to a valid trusted root in certificate store. * Error code 0x00000008, File: minitri.flg Server selection failed for server HTTPS://<address of distribution point>/ on port 443. * Download Error for minitri.flg. SERVER DOES NOT EXIST or some network issue. * Server Selection Failed. * Error downloading files. Error Code: 0x8D04802A
Environment
SEP 12.1 RU1
LUA 2.x
LUA Distribution Point (using HTTP) running on IIS, configured with a self-signed SSL certificate.
Cause
Internet security settings in the environment prohibit the trust of self-signed SSL certificates.
Solution
One solution known to resolve the issue is to manually import the self-signed SSL certificate into the certificate store of the impacted clients. Information on how to do this is covered in the following Microsoft Article:
http://windows.microsoft.com/en-US/windows-vista/Import-or-export-certificates-and-private-keys
Another solution would be to use an SSL certificate signed by a Certificate Authority (CA), rather than a self-signed certificate.
Please Note: This article pertains to SEP 12.1. It is not supported for SEP 11 clients to retrieve content from a LUA DC that uses HTTPS.
|
|
Article URL http://www.symantec.com/docs/TECH183115
Terms of use for this information are found in Legal Notices
Thank you.