Endpoint Protection

One of our admins replaced the IIS certificate on our SEPM server because it expires in a couple weeks (this was being done on lots of machines due to the expiration).  Since then, the vast majority of clients stopped reporting their status and stopped getting definitions updates.  Honestly, I only think new clients are the ones that are working properly.  I have about 4,000 clients not getting updates and 10 or so that are.

I'm contemplating restoring the old certificate, but we only have a couple weeks to figure out how to do this properly, since the cert expires.  Of course, there is the possibility the certificate change had nothing to do with this, but it seems too coincidental to have been something else.

I've tried a few things I found on the forum, like deleting the client out, but it does not solve the problem, best I can tell. Replacing the sylink.xml file on the machines doesn't seem to help either.

The sylink.log shows this entry:

<mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content..

Any help or ideas would be appreciated. In case it matters, the new IIS certificate is a is a wildcard cert.

based on the message check if this link helps to resolve your issue

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111311223900
 

Learned a bit more info, turns out the admin did change the cert inside SEPM as well.   Now this all makes sense.  I'm going to restore the previous cert, but I am wondering what is the proper procedure for replacing a certificate that is going to expire.

And restoring the old cert in SEPM fixed it.  The IIS cert replacement doesn't seem to matter to SEP/SEPM.  So now, the big question actually is, how do you replace the certificate in SEPM if it is going to expire?

Whether you tried by reconfiguring the server after replacing the cert.?