Traps on the Endpoint Security Manager Loses sslcert Binding

Traps on the Endpoint Security Manager Loses sslcert Binding

Created On 09/25/18 18:19 PM - Last Modified 12/16/19 18:56 PM

Traps Agents are unable to connect to the Endpoint Security Manager (ESM) through SSL after working previously.

The following error in the Traps Agent Service.log file appears:
Error calling server! System.ServiceModel.CommunicationException: An error occurred while making the HTTP request to https://cyveraserver:2125/CyveraServer/ This could be due to the fact that the server certificate is not configured properly with HTTP.SYS in the HTTPS case. This could also be caused by a mismatch of the security binding between the client and the server. ---> System.Net.WebException: The underlying connection was closed: An unexpected error occurred on a send.

  1. On the ESM, open a command prompt and enter "netsh http show sslcert". An output like the following will appear:
netsh output.PNG


SSL Certificate bindings:

IP:port                :
Certificate Hash        : 4d4aa7933cd002449ad76dd3bca2a05f375a700d
Application ID          : {935e55e3-8b9d-4b95-954c-423626f887f9}
Certificate Store Name  : (null)
Verify Client Certificate Revocation    : Enabled
Verify Revocation Using Cached Client Certificate Only    : Disabled
Usage Check    : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout  : 0
Ctl Identifier          : (null)
Ctl Store Name          : (null)
DS Mapper Usage    : Disabled
Negotiate Client Certificate    : Enabled


  1. Save a copy of the IP:port and Certificate Hash information.
  2. In the CMD window, enter:
    netsh http delete sslcert ipport=
  3. Open the Server Manager and navigate to Roles > Web Server (IIS) > Internet Information Services (IIS) Manager
  4. Choose the server and open Server Certificates
  5. Remove the certificate matching the hash from step 1.
  6. Right click on Import and select the certificate.
Import Certificate.PNG
  1. Go back to the CMD window and enter:
netsh http add sslcert ipport= certhash=CERTIFICATE_HASH_HERE appid={935e55e3-8b9d-4b95-954c-423626f887f9} clientcertnegotiation=enable

netsh re-add cert.PNG
  1. Test connectivity between Traps Agents and ESM.

  • Print
  • Copy Link

Choose Language