Unable to install Agents on Windows XP, Server 2003 and Server 2008 R2 Gold after installing Patch for Windows Server 9.3+

Version 6

    Purpose


    This article provides answers why you are unable to install agents on Windows XP, Server 2003, and Server 2008 R2 Gold machines after installing Ivanti Patch for Windows Servers 9.3+.

     

    Cause

     

    The following platforms are no longer supported for use with agents as of 9.3:

     

    • Windows XP
    • Windows Server 2003
    • Windows Server 2008 R2 Gold

     

    Description

     

    The change is due to a movement in the industry to migrate from the use of SHA-1 certificates to SHA-2 certificates. Ivanti started participating in this movement and at the end of 2016 we began requiring the use of SHA-2 certificates for communication between Ivanti Patch for Windows® Servers agents and the Ivanti Patch for Windows® Servers console. The three operating systems listed above do not support SHA-2 certificates, and so are no longer valid agent platforms.

    Windows XP, Windows Server 2003, and Windows Server 2008 R2 Gold are still supported for agentless scans.

     

    Additional Notes

     

    Running the hotfix below from Microsoft may help with the issue.

    https://support.microsoft.com/en-us/help/938397/applications-that-use-the-cryptography-api-cannot-validate-an-x-509-ce

     

    Affected Product(s)

     

    Ivanti Patch for Windows Servers 9.3+