There is a new, stronger server authentication feature that ensures the OfficeScan client only accepts data, configuration, and policy from the OfficeScan server.
Sometimes, the OfficeScan client receives system event logs regarding invalid notification. This may be because the server and client have different certificates (OfcNTCer.dat).
To use the PLS-Toolbox in certificate deployment:
- Download and install PLS-Toolbox.
- Prepare the certificate package.
- Generate the config.ini file with following content:
[Attribute]
ID = 704
BinaryName_x86 = IpXfer.exe
BinaryName_x64 = IpXfer_x64.exe
Version = 12.0.0.1354
ReleaseDate = 20140812
PackageMode = 3[Functionality]
CommandOption = -e OfcNTCer.dat -t toolbox
TimeOutAfterExecute = 180Where:
The Version is the File Version and the ReleaseDate is the Date Modified of the IpXfer.exe. IpXfer.exe and IpXfer_x64.exe should have the same File Version and ReleaseDate.
For OfficeScan XG, CommandOption = -e OfcNTCer.dat -pwd <unload password> -t toolbox - Access the PCCSRV\PCCNT\COMMON\ folder of the server machine.
- Copy the OfcNTCer.dat file.
- Go to the OSCE server.
- Proceed to …Admin\utility\ipxfer and access ipxfer.exe and IpXfer_x64.exe files.
- Copy the ipxfer tool (32/64 bits).
- Compress the config.ini, ipxfer.exe, IpXfer_x64.exe, and OfcNTCer.dat files into a .zip file. The .zip file should contain these 4 files directly, without any subfolders.
- Generate the config.ini file with following content:
- Deploy server’s certificate globally to all clients.
- Go to ToolBox management page.
- Select the sub-domain and click Deploy.
- Browse the zip file and deploy it to the client side (i.e. Certificate.zip).
- Go to the ToolBox management console to check the deployment status.
- Verify that the file has been deployed on the client side. The original file will be renamed as a BAK file.