Symantec Management Platform (Notification Server)

Hello,

I'm setting up a gateway and have been batteling SSL issues.

Server hostname is gateway1 and not joined to domain.

I created the dns suffix of gateway1.symantec.com

I modified the openssl.cnf file to include the Subject Alternative Names of

[v3_req]
basicConstraints                        = CA:FALSE
extendedKeyUsage      = serverAuth
subjectAltName = @alt_names

[alt_names]
DNS.1 = gateway1
DNS.2 = gateway1@symantec.com
IP.1 = 192.168.33.58

this resolved the "RSA server certificate CommonName (CN) `icbmss' does NOT match server name!?" errors in the logs.

Installed C:\Program Files\Symantec\SMP Internet Gateway\Apache\certs\server.crt in Trusted Root Certification Authorities

but I still receive this error:

Init: Oops, you want to request client authentication, but no CAs are known for verification!? [Hint: SSLCACertificate*]

-----------------------------------------------------------------------------------------------------

Date: 2/16/2015 12:30:53 PM, Tick Count: 6497281 (01:48:17.2810000), Host Name: gateway1, Size: 356 B

Process: httpd.exe (16124), Thread ID: 15448, Module: InternetGateway

Priority: 2, Source: InternetGateway.Status

File: C:\Program Files\Symantec\SMP Internet Gateway\Apache\logs\Error.log

Hi lotsill,

1. If you will add "Notification Server" and restart CEM Gateway, then this warning message will doesn't appear in log, when CEM Gateway service restarts.

Oops, you want to request client authentication, but no CAs are known for verification!?

Empty notification servers list. Status post disabled.

2. You need to specify correct ServerName in C:\Program Files\Symantec\SMP Internet Gateway\Apache\conf\httpd.conf,  then this warning message will doesn't appear in log, when CEM gateway service restarts

RSA server certificate CommonName (CN) `CommonName2` does NOT match server name!?

Thanks,

IP.

Igor,

Once the firewall was opened for 4726 and I was able to add the SMP the error went away.  Have any ideas on this error when trying to switch to the gateway. 

<event date='02/17/2015 12:48:49.9800000 -05:00' severity='1' hostName='WIN-RMV2KB5D6LE' source='NetworkOperation' module='AeXNetComms.dll' process='AeXNSAgent.exe' pid='3448' thread='3808' tickCount='5903202' >
  <![CDATA[Operation 'Connect' failed.
Protocol: http
Host: gateway1.symantec.com
Port: 4726
Path: /
Http status: 0
Secure: Yes
Id: {80E9C95C-972A-4D1E-8295-ABFB5CC8C7B3}
Error type: Connection error
Error result: 0x80072751
Error code: 0
Error note: Unable to connect via secure gateway
Error message: A socket operation was attempted to an unreachable host]]>
</event>

Attachment(s)

log_51.txt   95 KB 1 version

You can check this link where some cases of troubleshooting are described

• https://www-secure.symantec.com/connect/articles/about-different-cases-troubleshooting-cem-functionality

Seems like your client pc is unable to resolve CEM Gateway address "gateway1.symantec.com", therefore I don't see any information about attempt to establish connection via tunnel, from attached log.

Review your network settings between CEM gateway and Client pc.

Thanks,

IP.

It was a multiple issues consisting of firewall rules and DNS.

Otherwise, now it works and agent communicates through CEM gateway with SMP server?

If everything is OK now, then please close this thread.