According to Alfred Reynolds, via the HLDS mailing list, a fix for secure servers that spontaneously drop their secure status is in the works.
Thanks for everyone that responded to my request, the information that I got allowed me to track down the problem. There is a bug on startup that can cause a server to go insecure that we are working on a fix for (if the server fails to connect to the VAC2 backend on its first attempt then the server is wrongly forced into insecure mode even if it can later connect).This is certainly some good news to those server admins that have come across this bug.
Comment