Unable to add a child Notification Server (NS) into a hierarchy
Article ID: 201213
Updated On:
Products
Client Management Suite
Issue/Introduction
When trying to add a new child Notification Server (NS) to a hierarchy, you are getting a message saying:
'https://<NS NAME>/Altiris/Console/' is not a valid NS website. Reason: The underlying connection was closed: Could not establish a trust relationship for the SSL/TLS secure channel..
'http://<NS NAME>/Altiris/Console/' is not a valid NS website. Reason: The remote server returned an error: (403) Forbidden..
Environment
ITMS 8.X
Cause
Both the Parent and Child NSs are missing certificates
Resolution
To solve this issue you need to verify the following (if both servers have the same TLS versions enabled already):
- The Child NS must have the Parent's certificate
- The Parent NS must have the Child's certificate
In the Parent NS, open MMC:
- Click on File > Add/Remove Snap-in... > Add Certificates to the "Selected Snap-ins"
- Select "Computer account" and click Next:
- Select "Local computer..." then click Finish and Okay:
- In the Microsoft Management Console go to: Root > Trusted Root Certification Authority > Certificates you should find a certificate with the NS name on it
- Select the one that says "Server Authentication", right-click > All Tasks > Export:
- Select "No, do not export the private key"
- Save it to a location and copy it to the Child NS
- Access the Child NS and open the MMC
- Add the Certificate snap-in (as previously instructed)
- Go to Console Root > Trusted Root Certification Authority > Certificates, and right-click in the Certificates folder
- Select "All Tasks > Import", and import the Parent NS certificate that you copied to the Child NS:
NOTE: Follow the same process to copy the Child NS Certificate to the Parent NS.
Feedback
Yes
No
Powered by
