MP has rejected registration request due to failure in client certificate
Issue:- We have System Center Configuration Manager 2012 R2 deployed on Windows Server 2008R2 host. Recently we have moved our Certification Authority to Windows Server 2012 , renewed Root CA Certificate and intermediate Certificates also migrated Hashing algorithm from 'sha1' to 'sha2' . New Root CA and intermediate CA also present on client machines and on SCCM. However, i have discovered these errors on MP:
MP has rejected registration request due to failure in client certificate (Subject Name: ) chain validation. If this is a valid client,
Even though Newly imaged machines are getting SCCM client installed but won't see all the client cycle under 'Actions tab' and also 'client certificate shows "None".
The operating system reported error 2148204809: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider.
Solution:-
Register new Certificate of Root CA under SCCM2012 (Administration --> Site Configuration --> Site Properties) this is posible that when you move the Root CA this generate a new root certificate and this not are register in the SCCM.
If the certificates don't match, register de new Root CA if the certificate are emited to the same subject only can have one certificate registered and all your machines clients with this Root Certificated.
Server Side
Client Side Certificate (MMC)
All ConfigMgr certificates and machine certificates on clients were re-enrolled. IIS Certificate for :443 and Root Authority certificates were specified in SCCM2012 Site settings
Reference:- 1. http://blogs.technet.com/b/configurationmgr/archive/2014/01/15/taking-a-closer-look-at-configmgr-client-registration-failure-when-the-site-server-is-configured-for-https-only.aspx
2. https://social.technet.microsoft.com/Forums/en-US/8d98726d-4f8f-4866-a91a-724c4ffbfdd1/mp-has-rejected-registration-request-due-to-failure-in-client-certificate
Reference:- 1. http://blogs.technet.com/b/configurationmgr/archive/2014/01/15/taking-a-closer-look-at-configmgr-client-registration-failure-when-the-site-server-is-configured-for-https-only.aspx
2. https://social.technet.microsoft.com/Forums/en-US/8d98726d-4f8f-4866-a91a-724c4ffbfdd1/mp-has-rejected-registration-request-due-to-failure-in-client-certificate
Comments
Post a Comment