Authentication failed because a certificate was not found on the remote computer

Version 3

    Verified Product Versions

    LANDESK Management Suite 9.6

    Issue

     

    Getting error "Authentication failed because a certificate was not found on the remote computer" when remote controlling

     

    Cause


    The new server has a different set of certificates than the old server had, so the clients cannot communicate with the new core server.  The new core server certificate has the same name as the old server, so it is necessary to reinstall the server with a different certificate name and then copy the certificate files from the old core to the new


    Resolution

     

    Copying certificate/private key files among core servers


    An alternative to deploying certificates (<hash>.0) to devices is to copy certificate/private key sets among cores. Cores can contain multiple certificate/private key files. As long as a device can authenticate with one of the keys on a core, it can communicate with that core

     

    When using certificate-based remote control, target devices must be in the core database.

     

    If you're using certificate-based remote control security with devices, you can only remote control devices that have an inventory record in the core database that you're connected to. Before contacting a node to launch remote control, the core looks in the database to ensure the requesting party has the right to view the device. If the device isn't in the database, the core denied the request.

     

    To copy a certificate/private key set from one core server to another

     

    1. At the source core server, go to the \Program Files\LANDesk\Shared Files\Keys folder.

    2. Back up the source server's <keyname>.key, <keyname>.crt, and <hash>.0 files.

    3. At the destination core server, copy the files from the source core server to the same folder (\Program Files\LANDesk\Shared Files\Keys).
    The keys take effect immediately.   Care should be taken to make sure that the private key <keyname>.key is not compromised. The core server uses this file to authenticate devices, and any computer with the <keyname>.key file can perform remote executions and file transfer to a Management Suite device.

    4. In addition the .0 file from the old core should be copied to the LDLOGON share on the new server.