1. Identify the agents with mismatched certificates.
   1. Go to [Server Path]\PCCSRV\Admin\Utility\CertificateManager.
   2. Execute "CertificateManager.exe -l [Output CSV file full path]". All the agents with a mismatched certificate will be listed in a CSV file.
2. Recover the agent certificate by doing one of the following:
   • Option 1: Copy the IpXfer ([Server Path]\PCCSRV\Admin\Utility\IpXfer) and agent certificate ([Server Path]\PCCSRV\Pccnt\Common\OfcNTCer.dat) to the agent with a mismatched certificate.

     Execute the following command:

     • OfficeScan 11.0: IpXfer.exe/IpXfer_x64.exe -e OfcNTCer.dat
     • OfficeScan XG: IpXfer.exe/IpXfer_x64.exe -e OfcNTCer.dat -pwd [unload password]
      

     Ipxfer parameters vary among versions. Go to the following article for more information: Manually transferring OfficeScan clients/agents using Client Mover I/Ipxfer tool.
   • Option 2: Reinstall the agent.
      

     Administrator can use single or multiple authentication keys across multiple OfficeScan servers in the same organization. View Authentication of Server-initiated Communications for more information.

If the issue persists, please contact Trend Micro Technical Support for assistance.

1. Contact your authorized Trend Micro Technical Support contact.
2. Provide your Customer Licensing Portal (CLP) Account and Apex One as a Service provision URL to Technical Support as well as issue details.
3. Obtain agent certificate from Technical Support.
4. Deploy the certificate to agents that reported this issue.

   Please refer to Manually transferring OfficeScan clients/agents using Client Mover I/Ipxfer tool for details.

As an alternative option, you can also reinstall the agent to fix this issue.