This can happen if you reset your collector certificate without pushing the new configuration within 1 week, or by migrating the EventSentry server to a new machine after the collector was previously used. If you reset the certificate without pushing the configuration in time, or these errors were caused by a migration of your EventSentry server, you can fix this by clicking Reset Certificate in the collector settings and pushing the new configuration to all of your agents and then restarting the collector service. You should not click Reset Certificate in the collector settings outside of these circumstances.
If this error is only occurring on some of your hosts or was not caused by resetting the certificate or migrating the EventSentry server, please do Push Configuration to all of the affected machines and then do Restart Agent (not reboot) on all of the affected machines. If that does not resolve the problem, you can manually allow the affected hosts to accept the current collector certificate by following these steps:
1) Generate a unix timestamp that is at least 1 day in the future. You can use the "Human date to timestamp" function on this website: https://www.epochconverter.com/
2) Log onto the affected hosts and open the registry editor. Select the following registry folder:
3) On the right side of the registry editor, locate the "cert_change_allowed_until" item and double-click it
4) Select the "decimal" setting and then paste the unix timestamp from step 1, click OK
5) Restart the agent on the affected machine, it is not necessary to reboot.
Option B: If you have this problem on many machines and Push Configuration is not available or fails due to permission errors:
1B) Generate a unit timestamp using step 1 above
2B) On the EventSentry server, close the EventSentry console and use the registry editor to select the following registry folder:
3B) On the right side of the registry editor, locate the "cert_change_allowed_until" item and double-click it
4B) Select the "decimal" setting and then paste the unix timestamp from step 1, click OK
5B) Open the EventSentry console and click Groups > Agent Deployment, choose Configuration
6B) Name the file "eventsentry_svc.zip" without quotes, any other file name will be unsuccessful
7B) Transfer the eventsentry_svc.zip file into the "c:\windows\system32\eventsentry" folder on all the affected machines
8B) Restart the "EventSentry" service on all the affected machines