Client Management Suite

 View Only

  • 1.  [CMS 7.5 SP1] Agent Installation Failed! HTTPS certificate issues

    Posted Jun 11, 2014 01:23 AM

    Hello everyone

    Just testing the newly SMP 7.5 SP1 and discover that all communication during installation of Altiris Agent is using HTTPS certificates. Because of this, I can't install a altiris agent of any test client. 

    Here's a log, from installation status:

    2014-06-10 23:16:02  INFO InstallService: Initializing...
    2014-06-10 23:16:02  INFO InstallService: Symbolic link between 64 and 32 bit registry views either created or not required.
    2014-06-10 23:16:02  INFO InstallService: Remote Installation Service build: 7.5.3153
    2014-06-10 23:16:02  INFO InstallService: Started as service 'Symantec Management Agent Installation Service'
    2014-06-10 23:16:02  INFO InstallService: Install arguments saved.
        Source URL: https://SMP75.magnatech.local/Altiris/NS/NSCap/Bin/Win32/X86/NS Client Package/AeXNSC.exe
        Legacy Agent Package: 
        Server Name: SMP75.magnatech.local
        NS Web: https://SMP75.magnatech.local/Altiris/
        Server Certificate: 
        Install Path: 
        Download Chunk Size: 102400
        Download Pause Interval: 60000
        Download Retries Number: 10
        Show Tray Icon: YES
        Show Start Menu: NO
        Use Proxy Preconfig: NO
        Register Diagnostics: NO
        Logging Flags: 0x00000007
        Enable "Add/Remove": NO
        Uninstall: NO
        Extra Parameters: 
    2014-06-10 23:16:02  INFO HttpOperations: Sending 'Remote Install Started: Success' message to 'https://SMP75.magnatech.local/Altiris/'.
    2014-06-10 23:16:07 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:07  INFO HttpOperations: Send Event failed: URL HTTPS://SMP75.magnatech.local/Altiris/NS/Agent/PostEvent.asp, error: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:07  INFO HttpOperations: Sending 'Checking Prerequisites: Success' message to 'https://SMP75.magnatech.local/Altiris/'.
    2014-06-10 23:16:07 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:07  INFO HttpOperations: Send Event failed: URL HTTPS://SMP75.magnatech.local/Altiris/NS/Agent/PostEvent.asp, error: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:07  INFO InstallService: Requirements check: 
    Required: Windows XP SP3 (x86), Windows XP SP2 (x64) or above.
    Detected: Windows 7 Ultimate x86 Service Pack 1 (Version 6.1.7601)

    Requirements met OK.
    2014-06-10 23:16:07  INFO HttpOperations: Sending 'Checked Prerequisites: Success' message to 'https://SMP75.magnatech.local/Altiris/'.
    2014-06-10 23:16:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:08  INFO HttpOperations: Send Event failed: URL HTTPS://SMP75.magnatech.local/Altiris/NS/Agent/PostEvent.asp, error: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:08  INFO InstallService: Downloading agent installer from URL: https://SMP75.magnatech.local/Altiris/NS/NSCap/Bin/Win32/X86/NS Client Package/AeXNSC.exe
    2014-06-10 23:16:08  INFO HttpOperations: Sending 'Starting Download: Success' message to 'https://SMP75.magnatech.local/Altiris/'.
    2014-06-10 23:16:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:08  INFO HttpOperations: Send Event failed: URL HTTPS://SMP75.magnatech.local/Altiris/NS/Agent/PostEvent.asp, error: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:16:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:17:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:17:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:18:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:18:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:19:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:19:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:20:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:20:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:21:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:21:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:22:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:22:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:23:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:23:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:24:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:24:08  INFO InstallService: Retrying download after 60 seconds...
    2014-06-10 23:25:08 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:25:08  INFO HttpOperations: Sending 'Finished Download: Failed' message to 'https://SMP75.magnatech.local/Altiris/'.
    2014-06-10 23:25:09 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:25:09  INFO HttpOperations: Send Event failed: URL HTTPS://SMP75.magnatech.local/Altiris/NS/Agent/PostEvent.asp, error: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:25:09 *ERRR InstallService: Failed to download agent installer from URL: https://SMP75.magnatech.local/Altiris/NS/NSCap/Bin/Win32/X86/NS Client Package/AeXNSC.exe
    2014-06-10 23:25:09  INFO HttpOperations: Sending 'Remote Install Finished: Failed' message to 'https://SMP75.magnatech.local/Altiris/'.
    2014-06-10 23:25:09 *ERRR MsCryptoSslDataTransformerImpl: InitializeSecurityContext error while client handshake: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:25:09  INFO HttpOperations: Send Event failed: URL HTTPS://SMP75.magnatech.local/Altiris/NS/Agent/PostEvent.asp, error: The certificate chain was issued by an authority that is not trusted (0x80090325)
    2014-06-10 23:25:09  INFO InstallService: Service work complete

     

    Checking the guide, but not finding much about this info.

    Any ideas?

    Thanks in advance



  • 2.  RE: [CMS 7.5 SP1] Agent Installation Failed! HTTPS certificate issues

    Broadcom Employee
    Posted Jun 12, 2014 11:39 AM

    Hi,

    please check state of issuer certificate of your client certificate on client side in mmc

    CERT_ISSUER.jpg

     

    Also you can check this, using another way:

    • Go to client computer, open I.E and try to open URL of your CMS 7.5 SP1 Server, if there will be certificate error, then click on this error and check issuer state:

    HTTPS://SMP75.magnatech.local/Altiris/Console

     

    Thanks,

    IP.



  • 3.  RE: [CMS 7.5 SP1] Agent Installation Failed! HTTPS certificate issues

    Posted Jun 13, 2014 04:51 AM

    Push install uses whatever parameters are configured in the settings, could be HTTP, could be HTTPS.

    Please click "Settings" button on "Agent Install" page, "Symantec Management Agent Installation Options" window should appear.

    If "Specify different Notification Server" is empty then push should use HTTP, otherwise it will use whatever URL is in there

    You can also check "Install Server certificate to the client machine" if you need push to work over HTTPS



  • 4.  RE: [CMS 7.5 SP1] Agent Installation Failed! HTTPS certificate issues

    Posted Sep 04, 2014 10:30 AM

    I also had the same issue and it was due to an unverified certificate. I may need to post a new topic regarding this question, but I figured I'd ask here first since it is related. Can you point me (us) in the right direction for guidelines on how to get a publicly verified SSL certificate? With that, I also need to be able to use a different URL (such as deploy.example.com) instead of the hostname.

     

    Thanks in advance!
     



  • 5.  RE: [CMS 7.5 SP1] Agent Installation Failed! HTTPS certificate issues

    Posted Sep 09, 2014 05:18 AM

    Our company got same problem that looks certificate lost after upgrading SMP 7.5 HF to SP1. I'm not sure SMP server certificate lost or SMA certificate lost or CEM angent certificate lost or .... CEM agent doesn't work through Internet and these computers can not reach https://SMPserver.company.com There is no any error message during SMP upgrading Any good idea to solve the problem? TIA - Andre