After entering the Organisation Code and Registration Code into the RM Unify AD Sync Configuration Tool, you select Save, then Register, and receive one of the following errors: 

• "Unable to connect to RM Unify - review service log for more information".
• "Unable to connect to RM Unify through the proxy server provided".

When you review the service log (%Program Files%/RM/RM Unify AD Sync Service/Logfiles/<date+time>.csv), you may find the following entry:

System.ServiceModel.Security.SecurityNegotiationException: Could not establish trust relationship for the SSL/TLS secure channel with authority 'api.platform.rmunify.com'. ---> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.

Registration has failed because at least one of the following conditions exist:

• The server's date and\or time are incorrect.
• There is an issue with one or more of the root certificates on the server.

• If incorrect, adjust and rerun the RM Unify AD Sync Configuration Tool.
• If correct follow the 'Check root certificates' and 'Download and install a certificate' procedures below.

1. Open an Internet browser session on the affected server and access the following URL: https://api.platform.rmunify.com.
2. If you are presented with a warning page "There is a problem with this website's security certificate" then you have a root certificate issue.
   Note: Please also refer to the More Information section below.
3. Identifying which root certificate has an issue will depend on the browser used. Here are instructions for Windows Internet Explorer® and Mozilla® Firefox®.

Instructions for Internet Explorer:

1. On the warning page, click the 'Pad lock' icon shown next to the URL in the browser bar.
2. Click View Certificates.
3. Click the Certification Path tab.
4. You should see three certificates:
   • Thawte (also known as Thawte Primary Root CA).
   • Thawte SSL CA.
   • api.platform.rmunify.com.
5. One of the Thawte certificates will be missing or corrupt.
6. If all three certificates are present, click each one to check their status and identify the corrupt certificate.

Instructions for Mozila Firefox:

1. On the warning page, click the 'Pad lock' icon shown next to the URL in the browser bar.
2. Click More Information, View Certificate.
3. Click the Details tab.
4. You should see three certificates:
   • Thawte Primary Root CA.
   • Thawte SSL CA.
   • api.platform.rmunify.com.
5. One of the Thawte certificates will be missing or corrupt.
6. If all three certificates are present, click each one to check their status and identify the corrupt certificate.

The following instructions are for installing the Thawte Primary Root CA certificate on Windows Server 2008® R2. Please adjust the instructions depending on the missing certificate and your server's operating system.

Download a certificate

1. From your RM Unify AD Sync server, browse to: https://www.thawte.com/roots/index.html.
2. Scroll down to the section 'Root 1 Thawte Primary Root CA'.
3. Right-click the Download Root Now link and select Save Target As.
4. Choose a suitable temporary location to save the thawte_Primary_Root_CA.pem file.

Install a certificate

1. On your RM Unify AD Sync server, click Start, Run.
2. Type mmc.ext and click OK.
3. Click File, 'Add/Remove Snap-in'.
4. Select Certificates and click Add.
5. Click Computer Account and Next.
6. Click Local Computer and Finish.
7. Click OK.
8. In the Console window, expand Certificates (Local Computer).
9. Right-click Trusted Root Certification Authorities.
10. Select All Tasks, Import (to launch the Certificate Import Wizard).
11. In the Wizard, click Next.
12. Click Browse.
13. Select the .pem file you saved in step 4 in the 'Download a certificate' section above and click Open.
14. Click Next.
15. Click 'Place all certificates in the following store' and select the Trusted Root Certification Authorities store.
16. Click Next, Finish.
17. Click OK to the successful message.

Once you have resolved the certificates issue, please rerun the RM Unify AD Sync Configuration Tool.

If you complete the above steps and RM Unify registration still fails, you may be missing a required Windows Update. The Windows Update mechanism can be used to check for any required or pending updates to the server's root certificates. Visit http://windowsupdate.microsoft.com for more information.

Note: Please consult with your network support provider before applying any updates to your server.

After completing any required Windows Updates, please restart the server and run the RM Unify AD Sync Configuration Tool.

If the issue persists, please log a call with RM Support for further investigation.

When accessing the URL: https://api.platform.rmunify.com you may see a "403 - Forbidden: Access is Denied" error page, either before or after the certificate warning page. This 403 error page is expected behaviour and does not constitute a further issue.