ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Can't add SMP Server to gateway. Get an error "Unable to get the server certificate response XML associated with the specified request"

book

Article ID: 172212

calendar_today

Updated On:

Products

Management Platform (Formerly known as Notification Server)

Issue/Introduction

Trying to add a SMP server to the CEM Gateway. It fails trying to GetServerCertificate.aspx.

The gateway (no even on the SMP itself) can't get the proper response from :

https://smpserver.domain.local/Altiris/ns/agent/GetServerCertificate.aspx

We should be getting a response like this one when accessing this page:

Unable to get the server certificate response XML associated with the specified request {Exception: System.ArgumentNullException: Value cannot be null.

Error entry:

Unable to get the server certificate response XML associated with the specified request (Exception: System.ArgumentNullException: Value cannot be null.
Parameter name: certificate
   at Altiris.NS.Security.Cryptography.CertificateManager.GetCertificateAsPEM(X509Certificate2 certificate)
   at Altiris.Web.NS.Agent.GetServerCertificate.GetLegacyResponse(Boolean getCrlHash, Boolean getCrl)
   at Altiris.Web.NS.Agent.GetServerCertificate.GetResponse()
   at Altiris.Web.NS.Agent.GetServerCertificate.GetServerCertificateXml())
-----------------------------------------------------------------------------------------------------
Date: 7/27/2018 3:38:34 PM, Tick Count: 13271078 (03:41:11.0780000), Size: 790 B
Process: w3wp (7312), Thread ID: 113, Module: w3wp.exe
Priority: 1, Source: Altiris.Web.NS.Agent.GetServerCertificate.GetServerCertificateXml

Cause

The Certificate for the Agent CA on the notification server was missing the private key.

Environment

ITMS 8.1 RU6

Resolution

The customer had a backup copy of the Agent CA.  The certicate was imported with the private key into the "Trusted Root Certification Authorities" store on the SMP itself.

Attachments