Your agents receive event ID 907 (The certificate provided by the collector does not match the locally cached certificate)

Article ID: 308
Category: Collector Service
Applies to: 3.2 and newer
Updated: 2018-11-08

This can happen if you reset your collector certificate without pushing the new configuration within 1 week, or by migrating the EventSentry server to a new machine after the collector was previously used. You can fix this by clicking Reset Certificate in the collector settings and pushing the new configuration to all of your agents and then restarting the collector service.

If this error is only occurring on some of your hosts, and the error is not resolved by pushing the current configuration to the affected hosts and restarting their agents, you can manually allow the affected hosts to accept the current collector certificate by following these steps:

1) Generate a unix timestamp that is not more than 1 day in the future. You can use the "Human date to timestamp" function on this website: https://www.epochconverter.com/

2) Log onto the affected hosts and open the registry editor. Select the following registry folder:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\netikus.net\EventSentry\Collector

3) On the right side of the registry editor, locate the "cert_change_allowed_until" item and double-click it

4) Select the "decimal" setting and then paste the unix timestamp from step 1, click OK

5) Restart the agent