We installed a new CSM server. The old one was 4.4 on Windows Server 2008. The new one is 4.8 on Windows Server 2012. I imported devices only, using the csv export/import. The previous server had a internal address that was translated to an extranet address for units across the state. The configuration now uses the extranet address natively. I worked through the certificate expires and connectivity issues to discover the devices, but now I have an odd situation:
I deleted the old certificate in the IPS units for the CSM and generated a new one for the allowed address. I tried to retrieve the IPS certificate for all of the units (35) but all say nonretrievable. I can manually put the thumbprint in and then under Device Properties > Credentials > Test Connection it passes. However, the Retrieve from device stills fails with an IO error. I brought the 4.4 back up to check it and it still works. How can I have verified connectivity and recognition of https from the browser on the server, but not be able to retrieve this certificate?