Note System Center Configuration Manager current branch version 1610 and later versions are pre-provisioned with this version of the Asset Intelligence (AI) authentication certificate, and you do not have to apply this update to those versions.
- Scenario 1: You try to install a new Asset Intelligence synchronization point, and it is making its first connection attempt to the System Center Online service.
- Scenario 2: Your existing Asset Intelligence synchronization point tries to use the public authentication certificate to renew the specific per-installation certificate.
In either of these scenarios, System Center Online would reject the public authentication certificate, and you would receive the following error message in the Asset Intelligence pane of the Configuration Manager Console:
Additionally, the following error message is logged in the Aiupdatesvc.log file:
Asset Intelligence Catalog Sync Service Error: 0 :Log_Date:Exception attempting sync - The request failed with HTTP status 403: Forbidden.
You should update the System Center Online public authentication certificate for Asset Intelligence on the top site in your hierarchy to allow for installation of a new Asset Intelligence synchronization point or to make sure continued connectivity between the Asset Intelligence synchronization point and the System Center Online service for your existing installations.
Hotfix informationA supported hotfix is available from Microsoft Support. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing the problem described in this article. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix.
Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, go to the following Microsoft website: Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Installation instructionsThis update should be installed on the top-most site in the hierarchy.
Install the certificate file available in this hotfix to manually renew the Asset Intelligence certificate. To do this, follow these steps:
- Go to the "Hotfix Download Available" section at the top of this article to download the hotfix package named ConfigMgrAICert_KB3207852.exe.
- Double-click the hotfix package to open the Microsoft Self-Extractor dialog box, click Yes to accept the License Agreement, select a location for the extracted files, and then click OK to continue and unzip the files.
- Run the ConfigMgrAICert_KB3207852.exe file to extract the 8EBC7D60-4ACA-07F2-7004-A799B2C2B096_v2.pfx certificate file to a location that can be accessed by the site server.
- In the Configuration Manager console, find the computer name of the Asset Intelligence synchronization point server in the following location:
- For all System Center Configuration Manager 2007 products:System Center Configuration Manager\Site Database (site code, site name)\Site Settings\Site Systems
- For all System Center 2012 Configuration Manager products:Administration\Overview\Site Configuration\Servers and Site System Roles
- For all System Center Configuration Manager current branch versions:Administration\Overview\Site Configuration\Servers and Site System Roles
- For all System Center Configuration Manager 2007 products:
- Right-click the Asset Intelligence synchronization point, and then click Properties.
- Click the General tab, specify the path of the certificate file, and then click OK.
Note You do not have to reset the System Center Online Point server role or restart the AI_UPDATE_SERVICE_POINT service after you re-enable the Asset Intelligence synchronization point by using the new certificate. You only have to perform the synchronization again.
Restart informationYou do not have to restart the computer after you apply this hotfix.
Replacement informationThis update replaces the following three updates:
- 3060648 An update for the authentication certificate in System Center Configuration Manager Asset Intelligence is available
- 2733615 An update for the bootstrap certificate in System Center Configuration Manager 2007 Asset Intelligence is available
- 2783924 Asset Intelligence sync point doesn’t sync with the System Center Online service after you install hotfix 2733615 on a Windows Server 2003-based Configuration Manager 2007 SP2 site server
File informationThe English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
|File name||File version||File size||Date||Time||Platform|
|8ebc7d60-4aca-07f2-7004-a799b2c2b096_v2.pfx||Not applicable||3,631||01-Nov-2016||23:38||Not applicable|
|Licence.txt||Not applicable||1,158||30-Nov-2016||01:05||Not applicable|
Article ID: 3207852 - Last Review: 26 Apr 2017 - Revision: 2