Endpoint Protection

 View Only
Back to discussions
Expand all | Collapse all

Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

  • 1.  Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

    Posted Apr 12, 2017 11:51 AM

    I'm trying to update the server certificate on my SEPM 14 server with a certificate signed by my organizations CA and running into this issue.

    The certificate is valid in the webserver on all browsers. I've exported the certificate with the private key into a password protected pfx, which seems to import correctly in SEPM. I've followed these instructions: https://support.symantec.com/en_US/article.HOWTO81061.html#v57845489​ , but after restarting the SEPM services, I get the titular 'server certificate is not validated' error and cannot log in.

    I've been resolving this by running the management server configuration wizard and loading a recovery zip file with the old key in it.

    Has anyone run into this before? Is there any gotchas to creating the certificate/request? Here is a snip from my scm-ui err file in %TEMP%:

    Apr 12, 2017 11:31:39 AM  STDERR: java.io.FileNotFoundException: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\conf\server.xml (Access is denied)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.io.FileInputStream.open0(Native Method)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.io.FileInputStream.open(FileInputStream.java:195)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.io.FileInputStream.<init>(FileInputStream.java:138)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.io.FileInputStream.<init>(FileInputStream.java:93)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.util.XmlParser.readXmlFile(XmlParser.java:51)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.ServerCertUtil.ReadCreateStorePasswd(ServerCertUtil.java:74)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.ServerCertUtil.getCertificate(ServerCertUtil.java:162)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.CertificateHelper$DefaultCertHelper.getDefaultServerCertificate(CertificateHelper.java:60)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.ConsoleSSLSocketFactory.loadCertificate(ConsoleSSLSocketFactory.java:207)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.GUIManager.setupCommunicator(GUIManager.java:4476)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.GUIManager.login(GUIManager.java:2266)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.DataobjectManager.login(DataobjectManager.java:2766)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.handler.Manager.doLogin(Manager.java:119)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.handler.Manager.doLogin(Manager.java:100)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.ui.LoginPanel.login(LoginPanel.java:897)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.ui.LoginPanel$7$1.construct(LoginPanel.java:660)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:159)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.lang.Thread.run(Thread.java:745)
    Apr 12, 2017 11:31:39 AM  STDERR: java.lang.NullPointerException
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.ServerCertUtil.ReadCreateStorePasswd(ServerCertUtil.java:77)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.ServerCertUtil.getCertificate(ServerCertUtil.java:162)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.CertificateHelper$DefaultCertHelper.getDefaultServerCertificate(CertificateHelper.java:60)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.ConsoleSSLSocketFactory.loadCertificate(ConsoleSSLSocketFactory.java:207)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.GUIManager.setupCommunicator(GUIManager.java:4476)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.GUIManager.login(GUIManager.java:2266)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.DataobjectManager.login(DataobjectManager.java:2766)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.handler.Manager.doLogin(Manager.java:119)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.handler.Manager.doLogin(Manager.java:100)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.ui.LoginPanel.login(LoginPanel.java:897)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.ui.LoginPanel$7$1.construct(LoginPanel.java:660)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:159)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.lang.Thread.run(Thread.java:745)
    Apr 12, 2017 11:31:39 AM  STDERR: java.io.FileNotFoundException: D:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\keystore.jks (Access is denied)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.io.FileInputStream.open0(Native Method)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.io.FileInputStream.open(FileInputStream.java:195)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.io.FileInputStream.<init>(FileInputStream.java:138)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.io.FileInputStream.<init>(FileInputStream.java:93)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.ServerCertUtil.getCertificate(ServerCertUtil.java:169)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.CertificateHelper$DefaultCertHelper.getDefaultServerCertificate(CertificateHelper.java:60)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.ConsoleSSLSocketFactory.loadCertificate(ConsoleSSLSocketFactory.java:207)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.GUIManager.setupCommunicator(GUIManager.java:4476)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.GUIManager.login(GUIManager.java:2266)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.util.DataobjectManager.login(DataobjectManager.java:2766)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.handler.Manager.doLogin(Manager.java:119)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.handler.Manager.doLogin(Manager.java:100)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.ui.LoginPanel.login(LoginPanel.java:897)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.console.ui.LoginPanel$7$1.construct(LoginPanel.java:660)
    Apr 12, 2017 11:31:39 AM  STDERR:  at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:159)
    Apr 12, 2017 11:31:39 AM  STDERR:  at java.lang.Thread.run(Thread.java:745)
    Apr 12, 2017 11:31:42 AM  STDERR: com.sygate.scm.console.util.ConsoleException: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000
    Apr 12, 2017 11:31:42 AM  STDERR:  at com.sygate.scm.console.util.GUIManager.constructConsoleException(GUIManager.java:2618)
    Apr 12, 2017 11:31:42 AM  STDERR:  at com.sygate.scm.console.util.GUIManager.login(GUIManager.java:2397)
    Apr 12, 2017 11:31:42 AM  STDERR:  at com.sygate.scm.console.util.DataobjectManager.login(DataobjectManager.java:2766)
    Apr 12, 2017 11:31:42 AM  STDERR:  at com.sygate.scm.console.handler.Manager.doLogin(Manager.java:119)
    Apr 12, 2017 11:31:42 AM  STDERR:  at com.sygate.scm.console.handler.Manager.doLogin(Manager.java:100)
    Apr 12, 2017 11:31:42 AM  STDERR:  at com.sygate.scm.console.ui.LoginPanel.login(LoginPanel.java:897)
    Apr 12, 2017 11:31:42 AM  STDERR:  at com.sygate.scm.console.ui.LoginPanel$7$1.construct(LoginPanel.java:660)
    Apr 12, 2017 11:31:42 AM  STDERR:  at com.sygate.scm.util.SwingWorker$2.run(SwingWorker.java:159)
    Apr 12, 2017 11:31:42 AM  STDERR:  at java.lang.Thread.run(Thread.java:745)

     

     



  • 2.  RE: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

    Posted Apr 12, 2017 12:16 PM

    I don't know if you've seen this:

    http://www.symantec.com/docs/TECH234616

    ...but it was the closest I could find in Symantec's KB.



  • 3.  RE: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

    Posted Apr 12, 2017 12:32 PM
    Hi, I have found an article, let us know if this helps you - https://www.symantec.com/connect/articles/sep121-creating-and-using-3rd-party-ca-signed-cert-client-communications


  • 4.  RE: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

    Posted Apr 12, 2017 12:34 PM

    That certainly looks close. I do get the Java prompt to accept the certificate when I attempt to log in. The certificate that is presented in the java prompt does not have the Subject or Issuer CN, OU or O filled in (Though the SANs are listed correctly), listing the values as 'Unknown'. However, if I go to https://hostname.domain.com:8443, the certificate and all the properties are correct and the certificate is trusted.



  • 5.  RE: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

    Posted Apr 12, 2017 12:36 PM

    Have you tried the first solution presented in the KB article?



  • 6.  RE: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

    Posted Apr 12, 2017 01:15 PM

    Hi please see my response to Brian above.



  • 7.  RE: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

    Posted Apr 12, 2017 01:15 PM

    Running as Admin does not correct the issue. I tried​ nThakare's solution of using openssl to export the crt and key but I am having hte same issue. i was not directly overwriting the items in ../apache/conf/ssl, but using the Update Server Certificate in the SEPM manager and selecting the crt and key, rather than PFX. I verified that the new cert and key is correctly placed in ../apache/conf/ssl and that the webserver verifies the cert is good.

    When logging into the SEPM manager, Java no longer prompts to trust the key, but I still get the same "Your server certificate is not validated. If you trust the server, you must accept the certificate." error.

    Here is a scm-ui.log to go with teh scm-ui.err file:

    Apr 12, 2017 1:08:40 PM  STDOUT: Is Windows 8 famliy OS:false
    Apr 12, 2017 1:08:40 PM  STDOUT: English
    Apr 12, 2017 1:08:40 PM  STDOUT: Server FIPS mode: false
    Apr 12, 2017 1:08:40 PM  STDOUT: Check for AjaxSwing running
    Apr 12, 2017 1:08:40 PM  STDOUT: Performing interactive login.
    Apr 12, 2017 1:08:41 PM  STDOUT: Re-fetching Console Option File...
    Apr 12, 2017 1:08:41 PM  STDOUT: Console Option File path:C:\Users\USERNAME\AppData\Roaming\Symantec\Symantec Endpoint Protection Manager\sesm.xml
    Apr 12, 2017 1:08:41 PM  STDOUT: LoginPanel->getLoginAttr:  file: C:\Users\USERNAME\AppData\Roaming\Symantec\Symantec Endpoint Protection Manager\sesm.xml file exists: true
    Apr 12, 2017 1:08:41 PM  STDOUT: 1492016921461 LoginPanel->getOptionButton option = more
    Apr 12, 2017 1:08:41 PM  STDOUT: preparePostRequestHttpURLConnectionForLogin begin...
    Apr 12, 2017 1:08:41 PM GUIManager INFO: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000
    Apr 12, 2017 1:08:48 PM  STDOUT: 1492016928787
    ############# Begin Login ###############
    Apr 12, 2017 1:08:48 PM  STDOUT: 1492016928818 @@@@@@@ Enter login
    Apr 12, 2017 1:08:48 PM  STDOUT: 1492016928833 @@@@@@@ Got port 8443
    Apr 12, 2017 1:08:48 PM  STDOUT: 1492016928849 @@@@@@@ Progress updated to 20
    Apr 12, 2017 1:08:48 PM  STDOUT: UserCertStoreUtil.updateLastAccessTime(). Cert store file does exist. last access time updated
    Apr 12, 2017 1:08:48 PM GUIManager INFO: login: After session got cleaned up!
    Apr 12, 2017 1:08:48 PM GUIManager INFO: Stopping all background threads in console...
    Apr 12, 2017 1:08:48 PM  STDOUT: Wed Apr 12 13:08:48 EDT 2017: KeepAlive: Not Tracking User Interaction Any Longer
    Apr 12, 2017 1:08:48 PM  STDOUT: Wed Apr 12 13:08:48 EDT 2017: Not Monitoring Server System Log Any More
    Apr 12, 2017 1:08:50 PM  STDOUT: 1492016930164
    ############# Enter finished method ###############
    Apr 12, 2017 1:09:00 PM  STDOUT: 1492016940644
    ############# Begin Login ###############
    Apr 12, 2017 1:09:00 PM  STDOUT: 1492016940659 @@@@@@@ Enter login
    Apr 12, 2017 1:09:00 PM  STDOUT: 1492016940659 @@@@@@@ Got port 8443
    Apr 12, 2017 1:09:00 PM  STDOUT: 1492016940659 @@@@@@@ Progress updated to 20
    Apr 12, 2017 1:09:00 PM  STDOUT: UserCertStoreUtil.updateLastAccessTime(). Cert store file does exist. last access time updated
    Apr 12, 2017 1:09:00 PM GUIManager INFO: login: After session got cleaned up!
    Apr 12, 2017 1:09:00 PM GUIManager INFO: Stopping all background threads in console...
    Apr 12, 2017 1:09:00 PM  STDOUT: Wed Apr 12 13:09:00 EDT 2017: KeepAlive: Not Tracking User Interaction Any Longer
    Apr 12, 2017 1:09:00 PM  STDOUT: Wed Apr 12 13:09:00 EDT 2017: Not Monitoring Server System Log Any More


  • 8.  RE: Your server certificate is not validated. If you trust the server, you must accept the certificate. Log in again and if the error persists, contact your administrator. ErrorCode: 0x12910000

    Posted Apr 12, 2017 02:10 PM
    I will recommend to go for support.