You have noticed that few client machines can't communicate to the SMP Server. The Symantec Management Agent was recently installed on those client machines using the same installation process as the other client machines but these particular client systems just keep failing while trying to request configuration or send basic inventory with the following error:

Failed to update configuration.
Error: The certificate's CN name does not match the passed value (0x800B010F)

Failed to update configuration.
Error: The certificate's CN name does not match the passed value (0x800B010F)

When you look at the SMP server Certificate available on one of those affected client machines, it has the proper name for your SMP Server under the "Issued To:" section and it is the same one as the one used by other client machines that are working just fine.

ITMS 8.7.x

Network issues. DNS resolution issues.
There was a network device, Firewall rule, or a proxy configuration that was causing the requests to be redirected using a different domain name.

The agent logs on the affected client machine(s) showed that they were trying to use an invalid domain name that caused a issue with their certificate validation.

Review the the agent logs on the affected client machine(s). You should notice entries like these:

Entry 1:

Request 'HTTPS://SMPservername.example-ad.net:443/altiris/NS/Agent/CreateResource.aspx' failed, COM error: 'SMPservername.reddog.microsoft.com' server's certificate is not valid, the error was in certificate 0 of chain 0 (1 chains in total). 
    Chain 0, 3 certificates: 
    0 (end) *: Trust status: 0.102, Issued to: <your company reference> Information Services, SMPservername.example-ad.net, Issued by: <your CA reference>, Thumbprint: <thumbprint value>
        1: Trust status: 0.102, Issued to: <your CA reference>, Issued by: <your Root CA reference>, Thumbprint: <thumbprint value> 
            2 (root): Trust status: 0.10C, Issued to: <your Root CA reference>, Issued by: <your Root CA reference>, Thumbprint: <thumbprint value> (0x800B010F)
-----------------------------------------------------------------------------------------------------
Date: 2/10/2025 1:14:58 PM, Tick Count: 1649577906 (19.02:12:57.9060000), Size: 1.11 KB
Process: AeXNSAgent.exe (3872), Thread ID: 5936, Module: AeXNSAgent.exe
Priority: 2, Source: ConfigServer

Entry 2:

In this particular example, the client machine was instructed to communicate to "SMPservername.example-ad.net" (as their agent communication profile indicated) but it was failing because it was re-directed to talk to the SMP Server with this name instead: 'SMPservername.reddog.microsoft.com'. This name didn't match with what the actual certificate has as a valid name.

While "reddog.microsoft.com" is technically a valid domain name, it is considered a non-functional placeholder used by Microsoft Azure and does not resolve to any actual server; meaning it is not a valid domain name in the sense that you cannot access a website or service using it.

It was found that they have a network configuration that caused some redirection when client machines in that particular network segment tried to access the SMP Server (which was hosted in a Microsoft Azure implementation).

A quick test to validate this is:

1. From your affected client machine, open an internet browser session and try to open "yourSMPservername.yourdomain.com" and see if it loads the expected IIS splash page.
2. If it fails, try the same test on one of the working client machines and you should see the IIS splash page as expected.
   
   

With this simple test you could validate that the server either has some network device redirecting to 'yourSMPservername.reddog.microsoft.com' or just blocking access to the SMP Server (like a firewall or proxy).

Work with your network team until the mentioned IIS splash page can be loaded properly and proper SMP server name can be accessed.

"Not able to register with a Task Server: The certificate's CN name does not match the passed value (0x800B010F)" (KB 236973)