Module: AeXNetComms.dll Source: AeXNetworkTransport Description: Get '<URL TO NS TO CREATE A RESOURCE>' failed: HTTP Request Failed: The certificate chain was issued by an authority that is not trusted. (-2146893019)
Module: AeXNetComms.dll Source: CoNetworkTransport(116) Description: HTTP Request Failed: The certificate chain was issued by an authority that is not trusted. (-2146893019)
Module: AeXNSAgent.exe Source: ConfigServer Description: RequestPolicies failed: HTTP Request Failed: The certificate chain was issued by an authority that is not trusted. (-2146893019)
The certificate chain for the CA that assigned the SSL certificate to the Notification Server is not contained within the local certificate store of the client. In this specific case the customer was applying the certificate chain via a GPO. This specific computer had been moved to an OU outside the scope of the GPO.
The certificate for the CA used must reside in the "Trusted Root Certification Authorities/Certificates" certificate container. It would likely be best that it reside in the Computer/Local Computer container - and be assigned on computer basis in AD as well.
The customer added the Certificate chain to the local certificate store on the system experiencing the issue. After the certificate was added a refresh of the client policies confirmed that the system was now able to communicate with the Notification Server as the system was assigned a GUID.
Steps to take to install the root certificate from a Windows Certificate Authority Server (CA);
On the Windows CA select the Download a CA Certificate, certificate chain, or CRL
Choose Download certificate chain
Choose the DSE type
Download the certificate in .p7b format
Import this into the Trusted Root Certification Authorities certificate store on all clients that need to trust the certificate chain (connect to the NS/SMP box)