An issue exists with SSL certificates where if a Certificate is the Subject Alternative Name (SAN) type SSL certificate, the Site Server Communication Profile is populated with all systems in the SAN, by FQDN, instead of a single Site Server's FQDN.  Having multiple systems in the list causes the agent to not connect to the correct Site Server, affecting DS imaging as agents pick different Site Server, and also external Cloud Enabled Management (CEM) connected agents not being able to connect to Internal Site Servers.

Periodically when the Site Server communicates with the NS the Site Server Profile is automatically updated, so any changes that are made by the Admin are removed.

ITMS 8.x

When the Site Server communicates with the NS, the Profile is updated, so any changes that are made by the Admin are removed.

Starting with ITMS 8.0 HF5 Release, there is a new Core Setting: DisableSiteServerProfileCertificateHostsPopulation which can be set to Enabled so that the Site Server Profiles can be manually edited.  In order to create the Setting, please edit the option in NSConfigurator under Site Server:

Use NSconfigurator "C:\Program Files\Altiris\Notification Server\Bin\Tools\NSConfigurator.exe" on the NS and Enable the "DisableSiteServerProfileCertificateHostsPopulation" option.  This creates the entry in the CoreSettings.Config file:

<customSetting key="DisableSiteServerProfileCertificateHostsPopulation" type="local" value="1" />

Note: 

Change DisableSiteServerProfileCertificateHostsPopulation to ENABLED / 1

After saving the change, run the "NS.Site Server Profiles Syncronization" in Windows Task Scheduler to process the change.

If the Site Server Communication Profiles are not generating properly, set DisableSiteServerProfileCertificateHostsPopulation to ENABLED and then edit Site Server Communication Profile as needed.  These changes will then be saved.