Microsoft Secure Tech Accelerator
Apr 03 2024, 07:00 AM - 11:00 AM (PDT)
Microsoft Tech Community
SOLVED

Device Discovery Network Scanner Certificate expires soon

Copper Contributor

Hello Community

 

The installation of Device Discovery Scanner Agent installs a certificate named "MDATPNetworkScanAgent" valid for 1 year. On a Customer site, that certificate expires in about 3 weeks.

 

Will that certificate be renewed automatically? If yes, when will it happen?

I couldn't find anything about that topic.

 

Thanks for any help.

Joerg

3 Replies
Hello @JoRe_LAG,
The certificate should get updated 120 days before it's expiry.
Now, why is the certificate not getting renewed?
1) Make sure that the MDE client (MSSense.exe) is up to date. e.g. Microsoft Updates (aka Windows Update)
2) Network connectivity problems with the CRL URL's. The MDE URL's including CRL URL's are in https://download.microsoft.com/download/6/b/f/6bfff670-47c3-4e45-b01b-64a2610eaefa/mde-urls-commerci... Reference: https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/configure-proxy-internet?v...

If both check out, please open a Microsoft support ticket (case).

Thanks,
Yong Rhee - MSFT
best response confirmed by Yong Rhee (Microsoft)
Solution

@Yong Rhee 

Hello Yong
Thanks for your reply.
Outgoing Internet is all open and Windows Updates are all installed on that device.
I've downloaded the last MdatpScanAgentSetup.msi and run it again, without uninstalling the last installation. The certificate got renewed and is valid for another year.

I thought I try this first, before going through the time-consuming process of a Microsoft Support Case. Fortunately it helped, but the reason why the certificate didn't automatically renew is a mystery.

Thanks,
Joerg Renggli - LAG

Thx @JoRe_LAG for closing the loop. I have passed on, the info to the devs.
Yong Rhee - MSFT
1 best response

Accepted Solutions
best response confirmed by Yong Rhee (Microsoft)
Solution

@Yong Rhee 

Hello Yong
Thanks for your reply.
Outgoing Internet is all open and Windows Updates are all installed on that device.
I've downloaded the last MdatpScanAgentSetup.msi and run it again, without uninstalling the last installation. The certificate got renewed and is valid for another year.

I thought I try this first, before going through the time-consuming process of a Microsoft Support Case. Fortunately it helped, but the reason why the certificate didn't automatically renew is a mystery.

Thanks,
Joerg Renggli - LAG

View solution in original post