search cancel

Unable to add a child Notification Server (NS) into a hierarchy


Article ID: 201213


Updated On:


Client Management Suite


When trying to add a new child Notification Server (NS) to a hierarchy, we are getting a message saying:

  • 'https://<NS MANE>/Altiris/Console/' is not a valid NS web site. Reason: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel..
  • 'http://<NS MANE>/Altiris/Console/' is not a valid NS web site. Reason: The remote server returned an error: (403) Forbidden..





Parent and Child NSs are missing certificates


To solve this issue you need (if both servers have the same TLS versions enabled already):

  • The Child NS must have the Parent's certificate
  • The Parent NS must have the Child's certificate


In the Parent NS, open MMC

  • Click on File > Add/Remove Snap-in... > Add Certificates to the "Selected Snap-ins"
  • Select "Computer account" and click Next
  • Select "Local computer..." then click Finish and Okay
  • In the Microsoft Management Console go to: Root > Trusted Root Certification Authority > Certificates you should find a certificate with the NS name on it
  • Select the one that says "Server Authentication", right-click > All Tasks > Export
  • Select "No, do not export the private key"
  • Save it to a location and copy it to the Child NS
  • Access the Child NS and open the MMC
  • Add the Certificate snap-in (as previously instructed)
  • Go to Console Root > Trusted Root Certification Authority > Certificates, and right-click in the Certificates folder
  • Select "All Tasks > Import", and import the Parent NS certificate that you copied to the Child NS


Follow the same process to copy the Child NS Certificate to the Parent NS.