After replacing web certificate for CEM web site (Symantec Agent site), clients lost connection to SMP server.

"How to replace, renew, and revoke certificates in ITMS 8.x ..."

ITMS 8.7.x

Replacing certificate in IIS may disable [Negotiate Client Certificate] option.

Check status with the following command line:

netsh http show sslcert

You may see something like this as output:

SSL Certificate bindings:

-------------------------

IP:port: 0.0.0.0:4726
Certificate Hash : *********
Application ID : {4dc3e181-e14b-4a21-b022-59fc669b0914}
Certificate Store Name : My
Verify Client Certificate Revocation : Enabled
Verify Revocation Using Cached Client Certificate Only : Disabled
Usage Check : Enabled
Revocation Freshness Time : 0
URL Retrieval Timeout : 0
Ctl Identifier : (null)
Ctl Store Name : (null)
DS Mapper Usage : Disabled
Negotiate Client Certificate : Disabled
Reject Connections : Disabled
Disable HTTP2 : Not Set
Disable QUIC : Not Set
Disable TLS1.2 : Not Set
Disable TLS1.3 : Not Set
Disable OCSP Stapling: Not Set
Disable Legacy TLS Versions : Not Set

Re-enable option with NETSH HTTP utility.

Possibly related to the same issue under KB 277396