A few weeks ago, we renewed our root CA's certificate, as the old one
was expiring. The root CA cert was updated in the ConfigMgr site
settings, however several computers that were issued new certs or were
re-imaged post cert update, are still being rejected by ConfigMgr. It
appears that computers which have certs signed by the old CA certificate
are getting registration rejections.
I'm seeing some warnings in the SMS_MP_Control_Manager component which
reads:
MP has rejected registration request due to failure in client
certificate (Subject Name: computer.domain.com
<http://computer.domain.com <http://computer.domain.com/>>) chain
validation. If this is a valid client, Configuration Manager
Administrator needs to place the Root Certification Authority and
Intermediate Certificate Authorities in the MPÆs Certificate store or
configure Trusted Root Certification Authorities in primary site
settings. The operating system reported error 2148204809: A certificate
chain processed, but terminated in a root certificate which is not
trusted by the trust provider.
Any ideas or recommendations to fix the certificate issue? Thanks.
-Harjit
