Half of clients report: MP has rejected registration request due to failure in client certificate - SCCM 2012 R2

Reference - http://windowsitpro.com/security/q-there-easy-way-automatically-re-enroll-certificate-holders-received-certificate-old-ca-ne
https://social.technet.microsoft.com/Forums/en-US/8d98726d-4f8f-4866-a91a-724c4ffbfdd1/mp-has-rejected-registration-request-due-to-failure-in-client-certificate 
Recently we moved our Certification Authority to Windows Server 2012 , subsequently migrating hashing algorithm from sha1 to sha2. After some days we started witnessing above issue on SMS_MP_Control_Manager componet. Even though we had replaced the New Root CA cert on sccm site settings.

Error:- MP has rejected registration request due to failure in client certificate

Solution :- All ConfigMgr certificates and machine certificates on clients were supposed to re-enrolled.
 To force all holders of a particular certificate to automatically enroll for a replacement certificate issued by a CA , used the Reenroll all Certificate Holders feature of the Certificate Templates MMC snap-in. All you need to do is right-click the certificate templates you want to reenroll and select Reenroll All Certificate Holders from the context menu, as shown here.

Comments

Popular posts from this blog

The install4j wizard could not find a Java Runtime Environment on your system. Please locate a suitable JRE...

Clients Unable to update - "Cached cookie has expired or new PID is available"

Java Control Panel Icon "Application Not Found"