The following sections contain additional information:
The Management Service automatically distributes credentials to each Endpoint Security Client when it is installed and checks in to the Management Service for the first time. After this credential is distributed, the Endpoint Security Client is permitted to receive policies from the Policy Distribution Service, and provide reporting data to the Reporting Service.
Cryptographic best practices dictate that the KMK be renewed at regular intervals to prevent certain cryptographic attacks from being practical. This need only take place on a relatively long cycle: typically on the order of once every year, and should not be done too frequently because the change-over does involve some effort and bandwidth costs.
To renew the KMK, perform the following steps:
Open the Communications Console on the Management Service (
).NOTE:Running the Communications Console causes the Management Service to lose user and log data; however, policy data is not deleted.
Allow the Communications Console to run a complete check.
Have all end users authenticate to the Management Service (either via VPN or while inside the appropriate firewall), by right-clicking the Endpoint Security Client taskbar icon, then clicking
.The Management Console automatically passes the new KMK credentials down. In some cases, the user must authenticate to the domain (username and password).
Until the endpoints renew their KMK, they will not be able to communicate with the Policy Distribution Service.