search cancel

Clients fail to retrieve CEM permenant certificate.


Article ID: 163550


Updated On:


IT Management Suite


Managed clients fail to retrieve CEM permenant certificate. While using CEM package works. "8/16/2016 3:34:29 AM","Unable to process request from: /POST/8.0.2548.0 (The caller is unauthorized to request client certificate., 5)","GetClientCertificateMig","w3wp.exe","109","Verbose"



ITMS 7.5, 7.6, 8.0


"Default Web Site\Altiris\NS\Agent\GetClientCertificateMig.aspx" which is called by managed clients to download CEM permenant certificate validates the connection either via package access credentials or via client temporary certificate, the second option is used by CEM package, while the package access credential validation works for already managed clients.

If the page is called anonymously, or IIS requires SSL client certificate, the error message above will be displayed in SMP verbose logs.
NB. The page must be called via Altiris client using SSL


- Open IIS logs and insure that the GetClientCertificateMig.aspx is called with credentials (package access credentials shall be visible just after the port)

- SSL settings for "Default Web Site\Altiris\NS\Agent" should be (Accept)

review C:\Windows\System32\inetsrv\config\ApplicationHost.config
this file should override the mentioned URL to force Windows authentication