Clients that are connected to the network and communicating with no issues are added to the Cloud-enabled Management (CEM) policy. The clients receive the CEM policy but are not able to connect through CEM. 

Log file on the client show the following errors:

CEM nsagent certificate not found

Attempting CEM client certificate negotiation

requesting nsagent certificate from server

WARNING: Unexpected response from URL 'https:/<smpserver>.example.local:443/Altiris/NS/Agent/GetClientCertificateMIG.aspx': Unable to get the client certificate response XML associated with the specified request (Exception: The caller is unauthorized to request a new client certificate.)

ITMS 8.x

The Application Identity had been set to use the long domain name instead of the short domain name.  

To set the Application Identity to use the short domain name:

1. Go to the console in Setting>All Settings>Notification Server>Notification Server Settings.
2. Change the value from DOMAIN.local\smpservice to DOMAIN\smpservice.

This will be fixed in a future release to handle both the long and short domain name.

Also check the following:

• Open IIS and on the default web site check the Altiris\NS\Agent location and make sure that the ssl settings are set to Require SSL and Client Certificates are set to Accept.
• You may see this error if Client certificates are set to ignore.