Affected Products:
- Dell Security Management Server
- Dell Data Protection | Enterprise Edition
Affected Versions:
If a self-sign certificate is chosen during installation of Dell Security Management Server (formerly Dell Data Protection | Enterprise Edition Server) v9.5 to v9.8.x, agent registrations (Self-Encrypting Drive Management, BitLocker Manager, Advanced Threat Protection, and Threat Protection), it may fail due to an incorrectly set up Dell Management (DM) certificate during install. Agents and policy signing require a secure SSL or TLS for communication. The Dell Management (DM) certificate is used to facilitate this secure communication. The DM certificate may be incorrectly set up in Dell Security Management Server v9.5 to 9.8.x.
Note: This issue has been resolved in 9.9.2.
To resolve the issue:
- Log in to the affected Dell Security Management Server Enterprise.
- Right-click the Windows Start Menu and then select Run.
Figure 1: (English Only) Click Run
- In the Run UI, type services.msc and then click OK.
Figure 2: (English Only) Type services.msc
- Right-click Dell Core Server and then select Stop.
Figure 3: (English Only) Stop Dell Core Server
- In the Window Search Menu, type and then select Server Configuration Tool.
Figure 4: (English Only) Run Server Configuration Tool
- Go to Actions > Configure Certificates.
Figure 5: (English Only) Go To Configure Certificates
- In the Certificate Configuration, press Next.
Figure 6: (English Only) Click Next
- Select Express and then press Next.
Figure 7: (English Only) Select Express
- Press Yes to use the current certificate.
Figure 8: (English Only) Click Yes
Note: This prompt only appears if a self-signed certificate is already present.
- Click Finish to close the certificate setup.
Figure 9: (English Only) Click Finish
- Right-click the Windows Start Menu and then select Run.
Figure 10: (English Only) Click Run
- In the Run UI, type mmc and then press OK.
Figure 11: (English Only) Type mmc
- In the managed migration utility (MMC) user interface (UI), Select File and then Add/Remove Snap-In.
Figure 12: (English Only) Click Add/Remove Snap-in
- In the Snap-in UI, select Certificates and then press Add.
Figure 13: (English Only) Add a Certificate
- Select Computer account and then press Next.
Figure 14: (English Only) Select Computer account
- Select Local computer and then press Finish.
Figure 15: (English Only) Select Local computer
- In the Snap-in UI, press OK.
- In the MMC, expand Certificates (Local Computer) > Personal > Certificates
Figure 16: (English Only) Expand Certificates
- The newly created certificate is listed. Double-click the certificate to check the Expiration Date to ensure that the certificate matches today’s date + 10 years.
Figure 17: (English Only) Double-click Certificate
Figure 18: (English Only) Verify Expiration
- Right-click the new certificate and select All Tasks > Export.
Figure 19: (English Only) Click Export
- In the Certificate Export Wizard, select Next.
Figure 20: (English Only) Click Next
- Select Yes, export the private key, and then press Next.
Figure 21: (English Only) Select Yes, export the private key
- Leave the default options selected for format and then press Next.
Figure 22: (English Only) Select Personal Information Exchange -PKCS #12(.PFX)
- Check password and set and confirm a password. Once populated, press Next.
Figure 23: (English Only) Enter Password
- Browse and select a location for the exported certificate. Once a location is selected, click Next.
Figure 24: (English Only) Select the certificate to export
- Click Finish to complete the certificate export.
Figure 25: (English Only) Click Finish
- Go back to the Server Configuration Tool and select Actions > Import DM Certificate.
Figure 26: (English Only) Click Import DM Certificates
- Select the exported certificate (Step 25).
- Enter the exported certificate password (Step 24) and then press OK.
Figure 27: (English Only) Enter password
- If you are using Windows Authentication to reach SQL, enter the information for the service account that has SQL permissions, and then click Next. If you are using SQL Authentication, click Next.
Figure 28: (English Only) Enter Windows Account information
Note: In the example, we are using Windows authentication. No information is required if using SQL authentication.
- Exit the Service Configuration Tool.
- Select Yes on prompt to save.
Figure 29: (English Only) Click Yes
- In the Services UI, right-click Dell Core Server and then select Start.
Figure 30: (English Only) Start Dell Core Server
- Exit the Services UI.
To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.