Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Article Number: 000124931

Unable to Activate Agent on Dell Security Management Server Enterprise Using Self-Signed Certificates

Summary: When using a self-signed certificate in Dell Security Management Server Enterprise (formerly Dell Data Protection | Enterprise Edition server unable to activate agent.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Symptoms

Affected Products:

  • Dell Security Management Server
  • Dell Data Protection | Enterprise Edition

Affected Versions:

  • v9.5 - v9.8

If a self-sign certificate is chosen during installation of Dell Security Management Server (formerly Dell Data Protection | Enterprise Edition Server) v9.5 to v9.8.x, agent registrations (Self-Encrypting Drive Management, BitLocker Manager, Advanced Threat Protection, and Threat Protection), it may fail due to an incorrectly set up Dell Management (DM) certificate during install. Agents and policy signing require a secure SSL or TLS for communication. The Dell Management (DM) certificate is used to facilitate this secure communication. The DM certificate may be incorrectly set up in Dell Security Management Server v9.5 to 9.8.x.

Cause

Not Applicable

Resolution

Note: This issue has been resolved in 9.9.2.

To resolve the issue:

  1. Log in to the affected Dell Security Management Server Enterprise.
  2. Right-click the Windows Start Menu and then select Run.

Click Run
Figure 1: (English Only) Click Run

  1. In the Run UI, type services.msc and then click OK.

Type services.msc
Figure 2: (English Only) Type services.msc

  1. Right-click Dell Core Server and then select Stop.

Stop Dell Core Server
Figure 3: (English Only) Stop Dell Core Server

  1. In the Window Search Menu, type and then select Server Configuration Tool.

Run Server Configuration Tool
Figure 4: (English Only) Run Server Configuration Tool

  1. Go to Actions > Configure Certificates.

Go To Configure Certificates
Figure 5: (English Only) Go To Configure Certificates

  1. In the Certificate Configuration, press Next.

Click Next
Figure 6: (English Only) Click Next

  1. Select Express and then press Next.

Select Express
Figure 7: (English Only) Select Express

  1. Press Yes to use the current certificate.

Click Yes
Figure 8: (English Only) Click Yes

Note: This prompt only appears if a self-signed certificate is already present.
  1. Click Finish to close the certificate setup.

Click Finish
Figure 9: (English Only) Click Finish

  1. Right-click the Windows Start Menu and then select Run.

Click Run
Figure 10: (English Only) Click Run

  1. In the Run UI, type mmc and then press OK.

Type mmc
Figure 11: (English Only) Type mmc

  1. In the managed migration utility (MMC) user interface (UI), Select File and then Add/Remove Snap-In.

Click Add/Remove Snap-in
Figure 12: (English Only) Click Add/Remove Snap-in

  1. In the Snap-in UI, select Certificates and then press Add.

Add a Certificate
Figure 13: (English Only) Add a Certificate

  1. Select Computer account and then press Next.

Select Computer account
Figure 14: (English Only) Select Computer account

  1. Select Local computer and then press Finish.

Select Local computer
Figure 15: (English Only) Select Local computer

  1. In the Snap-in UI, press OK.
  2. In the MMC, expand Certificates (Local Computer) > Personal > Certificates

Expand Certificates
Figure 16: (English Only) Expand Certificates

  1. The newly created certificate is listed. Double-click the certificate to check the Expiration Date to ensure that the certificate matches today’s date + 10 years.

Double-click Certificate
Figure 17: (English Only) Double-click Certificate

Verify Expiration
Figure 18: (English Only) Verify Expiration

  1. Right-click the new certificate and select All Tasks > Export.

Click Export
Figure 19: (English Only) Click Export

  1. In the Certificate Export Wizard, select Next.

Click Next
Figure 20: (English Only) Click Next

  1. Select Yes, export the private key, and then press Next.

Select Yes, export the private key
Figure 21: (English Only) Select Yes, export the private key

  1. Leave the default options selected for format and then press Next.

Select Personal Information Exchange -PKCS #12(.PFX)
Figure 22: (English Only) Select Personal Information Exchange -PKCS #12(.PFX)

  1. Check password and set and confirm a password. Once populated, press Next.

Enter Password
Figure 23: (English Only) Enter Password

  1. Browse and select a location for the exported certificate. Once a location is selected, click Next.

Select the certificate to export
Figure 24: (English Only) Select the certificate to export

  1. Click Finish to complete the certificate export.

Click Finish
Figure 25: (English Only) Click Finish

  1. Go back to the Server Configuration Tool and select Actions > Import DM Certificate.

Click Import DM Certificates
Figure 26: (English Only) Click Import DM Certificates

  1. Select the exported certificate (Step 25).
  2. Enter the exported certificate password (Step 24) and then press OK.

Enter password
Figure 27: (English Only) Enter password

  1. If you are using Windows Authentication to reach SQL, enter the information for the service account that has SQL permissions, and then click Next. If you are using SQL Authentication, click Next.

Enter Windows Account information
Figure 28: (English Only) Enter Windows Account information

Note: In the example, we are using Windows authentication. No information is required if using SQL authentication.
  1. Exit the Service Configuration Tool.
  2. Select Yes on prompt to save.

Click Yes
Figure 29: (English Only) Click Yes

  1. In the Services UI, right-click Dell Core Server and then select Start.

Start Dell Core Server
Figure 30: (English Only) Start Dell Core Server

  1. Exit the Services UI.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

 

Article Properties

Affected Product

Dell Encryption

Last Published Date

06 Jul 2023

Version

11

Article Type

Solution

Back to Top