ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Attempted CEM nsagent certificate negotiation failed

book

Article ID: 161495

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Clients that are connected to the network and communicating with no issues are added to the CEM policy.   The clients receive the CEM policy but are not able to connect through CEM.

Error message on Server logs 

Unable to get the client certificate response XML associated with the specified request (Request: , Exception: Altiris.NS.Exceptions.NSComException (0x00000005): The caller is unauthorized to request a new client certificate. 

at Altiris.Web.NS.Agent.GetClientCertificateBase.GetClientCertificateXml()) 

Message on Client log: 

 

WARNING: Unexpected response from URL 'https:/SMP:443/Altiris/NS/Agent/GetClientCertificateMIG.aspx': Unable to get the client certificate response XML associated with the specified request (Exception: The caller is unauthorized to request a new client certificate.)

Cause

SMA is accessing "https://SMP/Altiris/NS/Agent/GetClientCertificateMig.aspx" anonymously

Resolution

When accessing the link https://SMP/Altiris/NS/Agent/GetClientCertificateMig.aspx

Getting HTTP error 401: Access is denied.

 

Authentication Settings of default Website on IIS should be:

 

Disabled the Anonymous Authentication for GetClientCertificateMig.aspx keeping Windows Authentication enabled.

Require SSL checked and Ignore Client Certificates 


Applies To

ITMS 7.5