ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Not able to register with a Task Server: The certificate's CN name does not match the passed value (0x800B010F)

book

Article ID: 236973

calendar_today

Updated On:

Products

Client Management Suite IT Management Suite

Issue/Introduction

Systems are not able to register with a Task Server.

Environment: NS has a Certificate Registered to NS.Domain.net.  The actual FQDN of the NS is SMP.ext.us.Domain.net.  Agents register with the SMP and interact with NS.Domain.net just fine over HTTPS.  The issue occurs when Task Servers try to register with the SMP.

Errors in the logs:

Task Server Connection: Failed to request 'https://SMP.ext.us.Domain.net:443/Altiris/ClientTaskServer/Register.aspx?lastResort=true&resTypeGuid={2C3CB3BB-FEE9-48DF-804F-90856198B600}&sysType=Win64&version=8.6.3269&resourceGuid=ecc36ba7-6f7d-478e-99ea-8a16f9924a79&crc=0008000600000CC5', error: The certificate's CN name does not match the passed value (0x800B010F)

Task Server Connection: Failed to register on Task Server 'SMP.ext.us.Domain.net' over 'HTTPS', error: The certificate's CN name does not match the passed value (0x800B010F)

Workaround:

Change IIS Settings for the Default Website > SSL Settings > to NOT require SSL.  This lets the agent register on port 80.

Cause

The FQDN of the server is used to register the Task Server.  We see this error when there is a mismatch between the FQDN in the Certificate vs. the actual FQDN of the NS.

Environment

8.x

IIS SSL Settings 'Require SSL' is enabled

Resolution

A new Certificate will be needed.  Add the FQDN that you see in the Agent Logs (and any other possibilities) as a Subject Alternative Name (SAN) to the certificate.  This allows any of these names to be 'allowed'.