The condition that contributes to a certificate mismatch during installation and how to resolve the problem.
During installation the following error messages are experienced:
Error 1: "key values mismatch (class CertificateDoesNotMatchPrivateKey)"
Error 2: "License.pvk does not match the license certificate"
Error 3: "Certificate Mismatch"
These error messages might indicate an old or partial installation of IEM has left behind old license remnants on the server or database causing old references to be used. This corrupts the attempt to install the new license.crt generated during installation.
Resolving the problem
Take the following steps to fix this problem:
- Run the IEM Remove Tool (https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/TEM%20Remove%20Utility)
- Run the CleanupIEMRegistryKeys script (https://www.ibm.com/developerworks/community/wikis/home?lang=en#!/wiki/Tivoli%20Endpoint%20Manager/page/CleanupIEMRegistryKeys)
- Verify all BigFix / Tivoli Endpoint Manager / IBM Endpoint Manager files, directorys and registry keys have been deleted.
- Verify that BigFix/TEM/IEM services are no longer running on the server
- Search through the entire Windows registry on the server through registry and deleted every key and value that contains the string "BigFix" in it.
- Login to the database and drop the BFEnterprise and BESReporting databases.
- Delete the old ODBC DSN's found on the System DSN tab. For a 64 bit server OS, you will need to remove these entries through the 32 bit ODBC editor located at C:\Windows\SysWOW64\odbcad32.exe (DSN's to remove: bes_bfenterprise, bes_EnterpriseServer, enterprise_setup, and LocalBESReporting Server)
- Deleted all files in the C:\Windows\Temp folder.
- Restart the server machine.
- Download the production installers again here: http://support.bigfix.com/bes/install/downloadbes.html
- You will need a new license authorization file. Please contact TEM@dk.ibm.com and explain that you need a new license authorization file because the license.crt was corrupted during the last installation attempt.
- Use the new license authorization file provided by Licensing to perform a new installation.
Note: This operation throws away all data in the database and starts the deployment over as a new fresh deployment. The operation is typically performed after a customer was using their server machine at one point in time to run a deployment that is no longer needed; however they failed to properly do a clean uninstall of the IEM software, leaving behind remnants.