Article ID: 53927
Article Type: Troubleshooting
Last Modified:
CommServe host connections fail because CommServe root CA certificate is not present or issued by an unknown or invalid certificate authority
Error most likely occurs after updating CommServe software.
Java Console and qlogin connection attempts fails with error "Failure while getting Encoded public key for CommServer".
EvMgrS log shows "verify trust for file - D:\Progam Files\Commvault\Simpana\Base\cvsecurityn.dll failed - reason: an internal certificate has failed".
Windows Event log shows Windows Error 12045 (ERROR_INTERNET_INVALID_CA)
CommVault uses Entrust as its Certification Authority (CA). Entrust is in Microsoft's root certification program. Windows update system automatically downloads and installs root certificates of all CA's that are in the root certification program. This is on by default.
Failure to download and install root certificates can occur when user turns off root certificate update option in the Local Group Policy's Computer Configuration settings.
Turn on Automatic Root Certificates Update for Local Group Policy on the CommServe Host.
On the CommServe host desktop
If the User Account Control dialog box appears, confirm that the action it displays is what you want, and click Continue.
The policy setting should be Not Configuredor Disabled. If you enable this setting and you are presented with a certificate issued by an untrusted root authority, your computer will not contact the Windows Update web site to see if Microsoft has added the CA to its list of trusted authorities.
For more info on Windows Error 12045 see http://support.microsoft.com/kb/182888
For more info on downloading and installing Entrust Certificate Authority see http://www.entrust.net/knowledge-base/technote.cfm?tn=8140
For more info on CommVault's use of root certificates see http://documentation.commvault.com/commvault/v10/article?p=products/content_index/security.htm