After migrating your Enterprise Console to a new server, all managed endpoints fail to report into the new Enterprise Console. On the Enterprise Console server you will see a similar error to this in the Agent log.
Windows 2000/XP/2003: \Documents and Settings\All Users\Application Data\Sophos\Remote Management System\3\Agent\logs\ Windows Vista and above: \ProgramData\Sophos\Remote Management System\3\Agent\logs\
E Response received from CM is a failure response. E Failure reason: failed to validate certificate subject's purported identity. E std::exception: Caught CertRequesterLib::InternalErrorException (Certificate request failed. Failure reason: failed to validate certificate subject's purported identity.) ClientConnection::Reconnect()
First seen in
Enterprise Console 5.0.0
This is caused when the certificates from the old server is either imported incorrectly or not imported at all.
There are a number of different scenarios that can cause the same symptoms, each has been detailed below. This guide assumes you have knowledge on uninstalling applications as well as using the registry.
If the certificates were not imported during the migration process the client devices will fail authentication when communicating with the Enterprise Console server.
Certificates Imported After Installation
The order in which the certificates are imported is very important. If they are imported too late in the migration procedure, new certificates will already have been issued and assigned to various components on the server.
Certificates Not Updated For Your Platform
When moving from a 32-bit to 64-bit platform you need to update the registry entries to reflect Microsoft's new registry path used by 64-bit operating systems.
Every comment submitted here is read (by a human) but we do not reply to specific technical questions. If you need technical support please post a question to our community. Alternatively for licensed products open a support ticket.