000032231 - All endpoint agents' status went to error with “Certificate Renewal Pending” in RSA DLP

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000032231
Applies ToRSA Product Set: DLP
RSA Product/Service Type: Datacenter
RSA Version/Condition: 9.6 SP2
Platform: Windows
IssueAll DLP endpoint agents' status went to the error  “Certificate Renewal Pending” as displayed in the EM UI -> Admin -> Endpoint -> Agent Management Panel.
User-added image
User-added image
CauseThe Endpoint Agent certificate has expired.  Under a normal system they will be issued by the Root Endpoint Coordinator.
ResolutionTo resolve the issue, log on to the Root Endpoint Coordinator and stop and start the RSA DLP Join Service. (This is the service through which EP Agent acquires a certificate.)
Once done,  restart one of the endpoint agents. The Root EPC will issue a new cert to the Endpoint Agent.
Once the Agent has a new certificate, it will send status update messages to the EM.
NotesIf the RSA DLP Join Service does not start up, then change the account to run under local system.