Unable to add a child Notification Server (NS) into a hierarchy
Article ID: 201213
Client Management Suite
When trying to add a new child Notification Server (NS) to a hierarchy, we are getting a message saying:
- 'https://<NS MANE>/Altiris/Console/' is not a valid NS web site. Reason: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel..
- 'http://<NS MANE>/Altiris/Console/' is not a valid NS web site. Reason: The remote server returned an error: (403) Forbidden..
Parent and Child NSs are missing certificates
To solve this issue you need (if both servers have the same TLS versions enabled already):
- The Child NS must have the Parent's certificate
- The Parent NS must have the Child's certificate
In the Parent NS, open MMC
- Click on File > Add/Remove Snap-in... > Add Certificates to the "Selected Snap-ins"
- Select "Computer account" and click Next
- Select "Local computer..." then click Finish and Okay
- In the Microsoft Management Console go to: Root > Trusted Root Certification Authority > Certificates you should find a certificate with the NS name on it
- Select the one that says "Server Authentication", right-click > All Tasks > Export
- Select "No, do not export the private key"
- Save it to a location and copy it to the Child NS
- Access the Child NS and open the MMC
- Add the Certificate snap-in (as previously instructed)
- Go to Console Root > Trusted Root Certification Authority > Certificates, and right-click in the Certificates folder
- Select "All Tasks > Import", and import the Parent NS certificate that you copied to the Child NS
Follow the same process to copy the Child NS Certificate to the Parent NS.