Mac client registration fails in System Center 2012 Configuration Manager SP1

This article helps you fix an issue in which you can't register a Mac client in System Center 2012 Configuration Manager Service Pack 1 (SP1).

Original product version:   System Center 2012 Configuration Manager SP1
Original KB number:   2806021

Symptoms

When you try to register a Mac client in System Center 2012 Configuration Manager SP1, the registration process fails. When you check the MP_RegistrationManager log in this situation, you see the following error:

The certificate chain processed correctly but terminated in a root certificate not trusted per ConfigMgr CTL.

Cause

This behavior occurs if Internet Information Services (IIS) client authentication validation has passed, but the root of the client certificate that's used by the Mac client to register is not in the management point's trusted root certification authority (CA) list.

Resolution

To resolve this issue, update the Trusted Root Certification Authorities list on the Client Computer Communication tab in the Site Properties dialog box to include the issuer of the public key infrastructure (PKI) certificate. System Center 2012 Configuration Manager SP1 uses this list of trusted certificate authorities as the basis for its trusted issuer list. For example, if Mac clients have PKI certificates that are issued by the corporate root CA1, add or import CA1 to the list as one of the trusted issuers.

This issue is also documented at Planning for Security in Configuration Manager.

Third-party information disclaimer

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.