ClientMRInit log shows 'New and old CA certificates do not match. Upgrading CA certificates is not allowed, uninstall RMS first.'

  • Article ID: 53739
  • Rating:
  • 4 customers rated this article 4.0 out of 6
  • Updated: 09 Oct 2013

Issue

One of the following errors is recorded in the latest ClientMRInit.exe (a program used by Sophos' Remote Management System (RMS)) log file (ClientMRInit-DATE-TIME.log) which located in the C:\Windows\Temp\ directory shows the following error:

  • New and old CA certificates do not match. Upgrading CA certificates is not allowed, uninstall RMS first.
  • Message Router identity key do not match. Upgrading to new key.
  • Managed Application identity key do not match. Upgrading to new key.
  • Management Agent identity key do not match. Upgrading to new key.

First seen in

Sophos Anti-Virus for Windows 2000+

Cause

There is a mismatch between the mrinit.conf file, and/or cac.pem and what is currently set in the registry of the computer.

What To Do

Warning: Only perform the steps below on an endpoint computer.  Do not perform them on the computer hosting your Sophos Management Server.

  1. If the Sophos Remote Management System (RMS) is installed on the endpoint computer (i.e., listed in Add/Remove Programs), uninstall it.
  2. Once RMS is uninstalled, remove the following registry keys:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Messaging System
    • HKEY_LOCAL_MACHINE\SOFTWARE\Sophos\Remote Management System\
      For 64 bit OS the keys will be under
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Messaging System
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Sophos\Remote Management System
  3. Reprotect the client.
RMS should now install correctly.

 
If you need more information or guidance, then please contact technical support.

Rate this article

Very poor Excellent

Comments