Systems are not able to register with a Task Server.

Environment: NS has a Certificate Registered to NS.Domain.net.  The actual FQDN of the NS is SMP.ext.us.Domain.net.  Agents register with the SMP and interact with NS.Domain.net just fine over HTTPS.  The issue occurs when Task Servers try to register with the SMP.

Errors in the logs:

Task Server Connection: Failed to request 'https://SMP.ext.us.example.net:443/Altiris/ClientTaskServer/Register.aspx?lastResort=true&resTypeGuid={2C3CB3BB-FEE9-48DF-804F-90856198B600}&sysType=Win64&version=8.6.3269&resourceGuid=ecc36ba7-6f7d-478e-99ea-8a16f9924a79&crc=0008000600000CC5', error: The certificate's CN name does not match the passed value (0x800B010F)

Task Server Connection: Failed to register on Task Server 'SMP.ext.us.example.net' over 'HTTPS', error: The certificate's CN name does not match the passed value (0x800B010F)

Workaround:

Change IIS Settings for the Default Website > SSL Settings > to NOT require SSL.  This lets the agent register on port 80.

8.x

IIS SSL Settings 'Require SSL' is enabled

The FQDN of the server is used to register the Task Server.  We see this error when there is a mismatch between the FQDN in the Certificate vs. the actual FQDN of the NS.

A new Certificate will be needed.  Add the FQDN that you see in the Agent Logs (and any other possibilities) as a Subject Alternative Name (SAN) to the certificate.  This allows any of these names to be 'allowed'.