Unable to Activate Agent on Dell Security Management Server Enterprise Using Self-Signed Certificates

Affected Products:

• Dell Security Management Server
• Dell Data Protection | Enterprise Edition

Affected Versions:

• v9.5 - v9.8

If a self-sign certificate is chosen during installation of Dell Security Management Server (formerly Dell Data Protection | Enterprise Edition Server) v9.5 to v9.8.x, agent registrations (Self-Encrypting Drive Management, BitLocker Manager, Advanced Threat Protection, and Threat Protection), it may fail due to an incorrectly set up Dell Management (DM) certificate during install. Agents and policy signing require a secure SSL or TLS for communication. The Dell Management (DM) certificate is used to facilitate this secure communication. The DM certificate may be incorrectly set up in Dell Security Management Server v9.5 to 9.8.x.

Not Applicable

To resolve the issue:

1. Log in to the affected Dell Security Management Server Enterprise.
2. Right-click the Windows Start Menu and then select Run.
   
3. In the Run UI, type services.msc and then click OK.
   
4. Right-click Dell Core Server and then select Stop.
   
5. In the Window Search Menu, type and then select Server Configuration Tool.
   
6. Go to Actions > Configure Certificates.
   
7. In the Certificate Configuration, press Next.
   
8. Select Express and then press Next.
   
9. Press Yes to use the current certificate.
   
   Note: This prompt only appears if a self-signed certificate is already present.
10. Click Finish to close the certificate setup.
    
11. Right-click the Windows Start Menu and then select Run.
    
12. In the Run UI, type mmc and then press OK.
    
13. In the managed migration utility (MMC) user interface (UI), Select File and then Add/Remove Snap-In.
    
14. In the Snap-in UI, select Certificates and then press Add.
    
15. Select Computer account and then press Next.
    
16. Select Local computer and then press Finish.
    
17. In the Snap-in UI, press OK.
18. In the MMC, expand Certificates (Local Computer) > Personal > Certificates
    
19. The newly created certificate is listed. Double-click the certificate to check the Expiration Date to ensure that the certificate matches today’s date +10 years.
    
    
20. Right-click the new certificate and select All Tasks > Export.
    
21. In the Certificate Export Wizard, select Next.
    
22. Select Yes, export the private key, and then press Next.
    
23. Leave the default options selected for format and then press Next.
    
24. Check the password and set and confirm a password. Once populated, press Next.
    
25. Browse and select a location for the exported certificate. Once a location is selected, click Next.
    
26. Click Finish to complete the certificate export.
    
27. Go back to the Server Configuration Tool and select Actions > Import DM Certificate.
    
28. Select the exported certificate (Step 25).
29. Enter the exported certificate password (Step 24) and then press OK.
    
30. If you are using Windows Authentication to reach SQL, enter the information for the service account that has SQL permissions, and then click Next. If you are using SQL Authentication, click Next.
    
    Note: In the example, we are using Windows authentication. No information is required if using SQL authentication.
31. Exit the Service Configuration Tool.
32. Select Yes on the prompt to save.
    
33. In the Services UI, right-click Dell Core Server and then select Start.
    
34. Exit the Services UI.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.