When Deep Security Agents try to communicate with Smart Protection Server, the agents fail and the following error shows in Deep Security Manager (DSM) console:
Failed to connect to a Smart Protection Server. This could be due to a configuration issue, or due to network connectivity.
Description: Disconnected from Smart Protection Server: https://ds96.icrc.trendmicro.com/tmcss/? : Error message=536870919[0x20000007](ICRC_HTTP_ERROR), 60[0x3c](Peer certificate cannot be authenticated with given CA certificates)
The error indicates that the agent recognizes an invalid or untrusted certificate. This happens when there is a proxy server in between that decrypts HTTPS traffic. The said proxy server sends its own certificate to the agent, which the agent does not trust.
To resolve the issue, exclude the Smart Protection Server's URL (https://ds96.icrc.trendmicro.com/tmcss) from the HTTPS scanning list of the proxy server.