The following error is shown in the Sophos Remote Management (RMS) Router log:
[DATE] [TIME] E Router::Start: Caught Certificate request refused by certification manager, subject identity not proven
First seen in
Enterprise Console 5.2.1 R2
The message router does not have a certificate.
What To Do
The three identity keys held in the endpoint's registry must be present and match the the server's keys. The table in the section 'Cross reference of registry values to configuration values' below provides information that will allow you to cross reference the registry keys to the values in the mrinit.conf file.
If you determine that the values do not match, or are unsure if they match/the problem continues, perform the following:
- Re-protect the endpoint computer from the central distribution share (e.g., via a manual install). Check if the problem has corrected itself. If not continue to step two.
- Create an RMS re-initialization script (reinit) using article 116737 and run on the endpoint computer.
Cross reference of registry values to configuration values
|MRInit.conf value ||Corresponding registry key |
|DelegatedManagerCertIdentityKey ||HKLM\SOFTWARE\Wow6432Node\Sophos\Remote Management System\ManagementAgent\Private | CertificationIdentityKey |
|ManagedAppCertIdentityKey ||HKLM\SOFTWARE\Wow6432Node\Sophos\Remote Management System\CertificationIdentityKeys | ManagedApplication |
|RouterCertIdentityKey ||HKLM\SOFTWARE\Wow6432Node\Sophos\Messaging System\CertificationIdentityKeys | CertificationIdentityKey |
Example of checking the RouterCertIdentityKey: