Mac client registration fails in System Center 2012 Configuration Manager SP1

Applies to: System Center Configuration Manager 2012 R2


When you try to register a Mac client in System Center 2012 Configuration Manager Service Pack 1 (SP1), the registration process fails. When you check the MP_RegistrationManager log in this situation, you see the following error:

The certificate chain processed correctly but terminated in a root certificate not trusted per ConfigMgr CTL.


This behavior occurs if Internet Information Services (IIS) client authentication validation has passed, but the root of the client certificate that's used by the Mac client to register is not in the management point's trusted root certification authority (CA) list.


To resolve this issue, update the Trusted Root Certification Authorities list on the Client Computer Communication tab in the Site Properties dialog box to include the issuer of the PKI certificate. System Center 2012 Configuration Manager SP1 uses this list of trusted CAs as the basis for its trusted issuer list. For example, if Mac clients have PKI certificates that are issued by the corporate root “CA1,” add or import “CA1” to the list as one of the trusted issuers.

This issue is also documented at the following TechNet website:

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.