Windows Server 2003 will not validate the certificate used to communicate with the ESM
A Traps agent installed on a Windows Server 2003 endpoint is unable to communicate with the ESM over SSL, but other agents on other operating systems can connect.
The service logs on the affected endpoint show an SSL error when trying to reach the ESM: “The remote certificate is invalid according to the validation procedure.”
2015-12-30 11:29:01.6332 ERROR CyveraService(13) IServerStatus (Safe Proxy) Error calling server! System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'esmserver:2125'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.
When the certificate details are viewed from a browser on the affected endpoint, the following error is displayed: “This certificate has a invalid digital signature.”
The Certutil tool can be used to check if a certificate will pass validation on the server. The -verify command should return a success message. More information on Certutil can be found at https://technet.microsoft.com/en-us/library/cc732443.aspx.
Affected versions: 3.1.x, 3.2.x
Windows Server 2003 does not support certain implementations of SHA2 and RC4 encryption, which are addressed in updates by Microsoft.
Install the following hotfixes to the Windows Server 2003 machine: