When accessing the SMP Console and the Software Portal you are getting a prompt to "Select a Certificate" as seen here:

If the prompt is canceled or if one of the options is selected the normal NTLM logon prompt appears.  This happens each time you start a new session to open the SMP Console or to open the Software Portal. It lists whatever “client authentication” certificates are present on the machine, in the current user’s Personal > Certificates folder.

This has been seen to happen with Firefox, Chrome, IE, etc., and for all users.

ITMS 8.x

In one case (Option 1), Negotiate Client Certificate is Enabled when viewed in netsh.

In another case (Option 2) there seemed to be some type of corruption with the binding in IIS.

Option 1:

Run “netsh http show sslcert” on the NS produced:

IP:port                      : 0.0.0.0:443
Negotiate Client Certificate : Enabled

IP:port                      : 0.0.0.0:4726
Negotiate Client Certificate : Enabled

If the above shows as Enabled, then run these commands to remove the bindings in IIS:

netsh http delete sslcert ipport=0.0.0.0:443
netsh http delete sslcert ipport=0.0.0.0:4726

Go into IIS Manager and manually re-bind 443 and 4726 to * (any IP) with the appropriate Certificate.

Then run “netsh http show sslcert” again and validate that Negotiate Client Certificate is now Disabled as seen here:

IP:port                      : 0.0.0.0:443
Negotiate Client Certificate : Disabled

IP:port                      : 0.0.0.0:4726
Negotiate Client Certificate : Disabled

Option 2:

Go into IIS Manager and remove the binding for port 443 on the Console and Software Portal pages and then manually re-bind the binding to port 443 (any IP) with the appropriate Certificate; and these are found in IIS Manager under:

• Default Web Site > Altiris > Console
• Default Web Site > Altiris > SoftwarePortal

Additional details may be found in the following articles:

IIS requesting certificates even though set to ignore

How to: Configure a Port with an SSL Certificate