Attempted CEM nsagent certificate negotiation fails
Last Updated February 10, 2015
Clients that are connected to the network and communicating with no issues are added to the Cloud-enabled Management (CEM) policy. The clients receive the CEM policy but are not able to connect through CEM.
Log file on the client show the following errors:
CEM nsagent certificate not found
Attempting CEM client certificate negotiation
requesting nsagent certificate from server
WARNING: Unexpected response from URL 'https:/smp.EPM.local:443/Altiris/NS/Agent/GetClientCertificateMIG.aspx': Unable to get the client certificate response XML associated with the specified request (Exception: The caller is unauthorized to request a new client certificate.)
The Application Identity had been set to use the long domain name instead of the short domain name.
To set the Application Identity to use the short domain name:
Go to the console in Setting>All Settings>Notification Server>Notification Server Settings.
Change the value from EPM.local\smpservice to EPM\smpservice.
This will be fixed in a future release to handle both the long and short domain name.
Also check the following:
Open IIS and on the default web site check the Altiris\NS\Agent location and make sure that the ssl settings are set to Require SSL and Client Certificates are set to Accept.
You may see this error if Client certificates are set to ignore.
Short and long domain name issue with fix.
Imported Document ID: TECH216365
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe