Create a CEM package and install the agent on a computer.   The agent fails to register and the agent logs show the following error:

HTTP status 403: The client does not have sufficient access rights

Operation 'Direct: Head' failed. Protocol: HTTPS Host: TestMachine:443 Path: /altiris/NS/Agent/GetClientCertificate.aspx Id: 10.4696 Error type: HTTP error Error code: HTTP status 403: The client does not have sufficient access rights (0x8FA10193) Error note: 403 Forbidden

ITMS 8.x

This is caused by having non self-signed certificates in the trusted root certificate store on the SMP server.

Use the Microsoft Management Console with the certificate snap-in loaded to review the certificates in the Trusted Root Certificate store.   If you have any intermediate certificates in the folder they should be moved to the Intermediate Certificate store.

When reviewing a certificate you can open the certificate and look at the general tab.  If the Issued to: and the Issued by: are from the same name then it is a self signed root certificate.  If the Issued to: and the Issued by: are not the same name then it is not a root certificate and should be moved to the appropriate certificate store.