You can't add the SMP server to the Internet Gateway Server list.

When you try, you get this message:

"The underlying connection was closed: An unexpected error occurred on a send.."

You have two Internet Gateways. In the other Internet Gateway, the SMP server is listed but when you try to refresh it, you get the same message. 

Now, no CEM clients can connect to the SMP server.

The Internet Gateway logs show these entries (with Trace verbosity turned on):

Entry 1:
Adding SMP server 'https://SMPServer.example.com:4726'...
-----------------------------------------------------------------------------------------------------
Date: 7/16/2020 12:46:04 PM, Tick Count: 0 (00:00:00), Size: 300 B
Process: InternetGatewayManager (4992), Thread ID: 14, Module: InternetGatewayManager.exe

Entry 2:
Trying to get Web certificate. Request: https://SMPserver.example.com:4726/Altiris
-----------------------------------------------------------------------------------------------------
Date: 7/16/2020 12:46:04 PM, Tick Count: 0 (00:00:00), Size: 325 B
Process: InternetGatewayManager (4992), Thread ID: 14, Module: InternetGatewayManager.exe

Entry 3:
Failed to validate server certificate.
-----------------------------------------------------------------------------------------------------
Date: 7/16/2020 12:46:04 PM, Tick Count: 0 (00:00:00), Size: 279 B
Process: InternetGatewayManager (4992), Thread ID: 14, Module: InternetGatewayManager.exe

Entry 4:
Trying to get Server certificate. Request: https://SMPserver.example.com:4726/Altiris/NS/Agent/GetServerCertificate.aspx?CRL=False&Version=8.5.5032.0&Guid=[GUID]
-----------------------------------------------------------------------------------------------------
Date: 7/16/2020 12:46:04 PM, Tick Count: 0 (00:00:00), Size: 434 B
Process: InternetGatewayManager (4992), Thread ID: 14, Module: InternetGatewayManager.exe

Entry 5:
Web exception occurred during Server certificate request - The underlying connection was closed: An unexpected error occurred on a send.. 
-----------------------------------------------------------------------------------------------------
Date: 7/16/2020 12:46:04 PM, Tick Count: 0 (00:00:00), Size: 379 B
Process: InternetGatewayManager (4992), Thread ID: 14, Module: InternetGatewayManager.exe

Your Internet Gateway was up-to-date and TLS 1.0, 1.1, 1.2 were enabled. The SMP had TLS 1.1 and 1.2 enabled. 

When you try the referenced URL from the gateway logs, we get the expected response:

https://SMPServer.example.com:4726/Altiris/NS/Agent/GetServerCertificate.aspx

----BEGIN CERTIFICATE---- THUMBPRINT....RlRxynNc O26A2F6JoYJ6kJ+WozmMWMlxD4Q1pSzoJWVmAnQ6qrbGdOjQKuWz0pQp7zxnkjGWFdoBPoKW9WIb ...

----END CERTIFICATE----  

ITMS 8.5, 8.6

TLS version mismatch between both servers. Since the SMP server didn't have TLS 1.0 enabled and the Internet Gateway had it turned on, the Internet Gateway was trying to communicate using TLS 1.0 first.

There was a problem with Gateway web API on Internet Gateway that always uses TLS 1.0. .Net Core API uses the first available TLS version, and can't be configured to use a particular one.

Make sure TLS versions match on both servers.

Either you enable TLS 1.0 on the SMP server (so it can match with the Internet Gateway since it was enabled) or disable TLS 1.0 on the Internet Gateway so TLS 1.0 and 1.2 are the only one active.

Note:

In another instance of this issue, the customer worked with his network team. The issue was a misconfiguration on their firewall. They had to make the following change:

"Create a firewall rule to allow tcp/4726 explicitly, it was originally missing this rule."

176372 "Can't add SMP server to the gateway"