Clients fail to retrieve CEM permenant certificate.
search cancel

Clients fail to retrieve CEM permenant certificate.


Article ID: 163550


Updated On:


IT Management Suite


Managed clients fail to retrieve CEM permenant certificate. While using CEM package works. "8/16/2016 3:34:29 AM","Unable to process request from: ###.###.###.### /POST/8.0.2548.0 (The caller is unauthorized to request client certificate., 5)","GetClientCertificateMig","w3wp.exe","109","Verbose"


ITMS 8.x


"Default Web Site\Altiris\NS\Agent\GetClientCertificateMig.aspx" which is called by managed clients to download CEM permanent certificate and validates the connection either via package access credentials or via client temporary certificate, the second option is used by CEM packages, while the package access credential validation works for already managed clients.

If the page is called anonymously, or IIS requires SSL client certificates, the error message above will be displayed in SMP verbose logs.

NB: The page must be called via Altiris client using SSL


Open IIS logs and insure that the GetClientCertificateMig.aspx is called with credentials (package access credentials shall be visible just after the port)

SSL settings for "Default Web Site\Altiris\NS\Agent" should be "Accept"

Review C:\Windows\System32\inetsrv\config\ApplicationHost.config - this file should override the mentioned URL to force Windows authentication