- Access exclusive content
- Connect with peers
- Share your expertise
- Find support resources
Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
03-09-2021 06:19 AM - edited 03-09-2021 06:19 AM
Hello everybody,
I'm trying to connect an old Windows Server 2003 (service pack 2, 32 bits) to the traps management service. I know that I have to use an old version of the agent (I've installed 5.0.10), but the agent fails to check into the TMS. The problem is related to a certificate that the agent fails to validate. I installed all the required hot fixes listed here: https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClPRCA0
and then followed the steps described here: https://docs.paloaltonetworks.com/cortex/cortex-xdr/cortex-xdr-pro-admin/get-started-with-cortex-xdr...
But I'm unable to find the third certificate in the list at Step 3 (GlobalSign (Google)).
Has anyone succeded in this kind of setup?
Thank you in advance.
03-09-2021 10:00 AM
I was able to make most of mine work with just two. i got them through help desk inquiry and imported with certificates add-in mmc and they worked fine. Not sure what they google one is for. What i did note though was on about 3 of 20 servers they connected and showed in management but they remained red on endpoint. Looking at traps log though they appeared to be working anyway.
03-09-2021 10:00 AM
I was able to make most of mine work with just two. i got them through help desk inquiry and imported with certificates add-in mmc and they worked fine. Not sure what they google one is for. What i did note though was on about 3 of 20 servers they connected and showed in management but they remained red on endpoint. Looking at traps log though they appeared to be working anyway.
03-09-2021 01:07 PM
Hi Grenzi,
On your machine or other machine that is working, you can do mmc-->add or remove snap-ins and select Certificates then select computer account. Once loaded, you can go to Trusted Root Certification Authorities-->Certificates then try to find the GlobalSign cert with the correct thumbprint per step 3, then you can export it and import it to the server where its missing this certificate.
03-09-2021 01:09 PM
Have you tried restarting the cortex xdr service? or is it still red even after the server reboot/restart?
03-10-2021 01:48 AM
Thank you. I had to import all the CA certificate using the MMC as well. Now the agent seems to work, but with the strange behavior as described by @JohnSmith7732: on the host, the agent shows that is not connected, but in the Endpoint Administration page on Cortex XDR the client shows as connected.
03-10-2021 07:11 AM
@JohnSmith7732 wrote:I was able to make most of mine work with just two. i got them through help desk inquiry and imported with certificates add-in mmc and they worked fine. Not sure what they google one is for. What i did note though was on about 3 of 20 servers they connected and showed in management but they remained red on endpoint. Looking at traps log though they appeared to be working anyway.
Hi @JohnSmith7732 , the support confirmed that all three certificates are required (I exported them from another machine, as suggested by @jcandelaria ), as well as the patch KB2868626 for the operating system to support SHA256. Now my agents are connected successfully.
03-10-2021 08:34 AM
@grenzi Have you tried restarting the xdr service? or is it the same even after you restarted the server itself?
03-10-2021 08:47 AM
@jcandelaria wrote:@grenzi Have you tried restarting the xdr service? or is it the same even after you restarted the server itself?
No need to restart the server or the service itself after installing the patch and the CA certificates.
03-10-2021 09:09 AM
I have to go back and visit the 3 again. Thanks for the suggestion
03-10-2021 12:59 PM
@grenzi good to know that the agent is working and connected..
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!