Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Windows XPe Machines Not Connecting

Windows XPe Machines Not Connecting



XPe no longer connect to the server after upgrading to 7.2.1


Connection tests to server pass.

Trace.bt9 shows the following error:


Server Communication: WaitForResponse End: m_bIsSleeping[0] IsSleeping[0] GetHttpStatus[0] GetWinHttpError[2] GetSslError[-2147483648] DataAvailable[0]

Server Communication: WaitForResponse: WAIT_OBJECT_DATA_AVAILABLE_EVENT

Server Communication: WinHTTP communication error: 12175

Windows XPe is unable to accept the SHA256 algorithm of the new certificates. There are security concerns with the SHA1 algorithm that XPe accepts.


A new server certificate using SHA1 will need to be created manually. To do this, perform the following:


1) Obtain a copy of the Microsoft Windows SDK on the Bit9 Server (Windows version specific)

2) Install only the .NET Development Tools

3) Copy the "makecert.exe" and "pvk2pfx.exe" from c:\Program Files (x86)\Windows Kits\*\bin\x64 and place them in new folder. (* OS version)


4) Create a self-signed certificate as follows – create the cert

a. makecert -n "CN=<Bit9 Server FQDN>,E=<Admin Email Address>,OU=<Org Dept>,O=<Company Name>,L=<City>,S=<State>,C=<CountryCode>" -pe -a sha1 -cy authority -r -sky exchange -eku -sv B9srv-new.pvk -sr LocalMachine -ss Root B9srv-new.cer

b. You will be prompted for passwords to protect the keys and cert – recommend using the same one for each

5) Convert it to a PKCS12 format (.PFX):

pvk2pfx.exe -pvk B9srv-new.pvk -spc B9srv-new.cer -pfx B9srv-new.pfx -po <password>

Note: -po creates password, it is recommended to use the same as step 4.

6) Install the certificate into the Bit9 server via the console (Administration -> System Configuration -> Security ->Import Server Certificate from PKCS12 file), then select the newly created .PFX file.

Tags (3)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: