CEM web site certificate expired causing error: "The certificate validation failed. The caller is not authorized to perform the requested operation (0x80076004)"
Article ID: 219701
Updated On:
Products
Issue/Introduction
The CEM web certificate expired and was replaced through the Certificate Management page in the SMP Console. All CEM-enabled agents are unable to get the new certificate even though they each have VPN access. The common error seen in all clients with this issue is:
The certificate validation failed. The caller is not authorized to perform the requested operation (0x80076004)
The Communication Profiles (NS and Site Server) are all updated with the new certificate as are the IIS bindings and the following behavior is seen:
- Newly staged machines are getting the correct certificates when connected locally to the SMP and they work fine in CEM mode
- The problematic machines are not getting the new certificate information when connected via VPN and doing an update configuration
- The problematic machines can only be fixed by creating a new CEM Agent Install Package and applying it to the CEM-enabled agents
Environment
ITMS 8.x
Resolution
The CEM-enabled machines can be forced to upgrade their certificates by using the "Certificate by Thumbprint" report, selecting the client(s), and right-clicking & selecting "Renew Certificate". You can group select a larger number of machines to do this concurrently.
NOTE: This change needs to occur in the database first and then the CEM-enabled agents will update their certificates the next time they do a configuration update. In some environments, this can take some time, so verify that this works on a machine or two, then test it with a reasonably small group of machines, and once you are comfortable with it you can increase the quantity of machines you want to make this change on.
Feedback
