Mac client registration fails in System Center 2012 Configuration Manager SP1

Article ID: 2806021 - View products that this article applies to.
Expand all | Collapse all

Symptoms

When you try to register a Mac client in System Center 2012 Configuration Manager Service Pack 1 (SP1), the registration process fails. When you check the MP_RegistrationManager log in this situation, you see the following error:

The certificate chain processed correctly but terminated in a root certificate not trusted per ConfigMgr CTL.

Cause

This behavior occurs if Internet Information Services (IIS) client authentication validation has passed, but the root of the client certificate that's used by the Mac client to register is not in the management point's trusted root certification authority (CA) list.

Resolution

To resolve this issue, update the Trusted Root Certification Authorities list on the Client Computer Communication tab in the Site Properties dialog box to include the issuer of the PKI certificate. System Center 2012 Configuration Manager SP1 uses this list of trusted CAs as the basis for its trusted issuer list. For example, if Mac clients have PKI certificates that are issued by the corporate root “CA1,” add or import “CA1” to the list as one of the trusted issuers.

This issue is also documented at the following TechNet website:

http://technet.microsoft.com/en-us/library/gg712284.aspx#BKMK_PlanningForCertificates
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

Properties

Article ID: 2806021 - Last Review: January 23, 2013 - Revision: 2.0
Applies to
  • Microsoft System Center 2012 Configuration Manager Service Pack 1
Keywords: 
KB2806021

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com