Attempted CEM nsagent certificate negotiation fails

book

Article ID: 159127

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Clients that are connected to the network and communicating with no issues are added to the Cloud-enabled Management (CEM) policy. The clients receive the CEM policy but are not able to connect through CEM. 

Log file on the client show the following errors:

CEM nsagent certificate not found

Attempting CEM client certificate negotiation

requesting nsagent certificate from server

WARNING: Unexpected response from URL 'https:/smp.EPM.local:443/Altiris/NS/Agent/GetClientCertificateMIG.aspx': Unable to get the client certificate response XML associated with the specified request (Exception: The caller is unauthorized to request a new client certificate.)

Cause

The Application Identity had been set to use the long domain name instead of the short domain name.  

Resolution

To set the Application Identity to use the short domain name:

  1. Go to the console in Setting>All Settings>Notification Server>Notification Server Settings.
  2. Change the value from EPM.local\smpservice to EPM\smpservice.

This will be fixed in a future release to handle both the long and short domain name.

Also check the following:

  • Open IIS and on the default web site check the Altiris\NS\Agent location and make sure that the ssl settings are set to Require SSL and Client Certificates are set to Accept.
  • You may see this error if Client certificates are set to ignore.

Applies To

ITMS 7.5