Applies ToSystem Center Configuration Manager System Center Configuration Manager (current branch - version 1702) Microsoft System Center 2012 R2 Configuration Manager Service Pack 1 Microsoft System Center 2012 Configuration Manager Service Pack 2 Microsoft System Center Configuration Manager 2007 R3

Introduction

This article describes an update for the Asset Intelligence (AI) authentication certificate in Microsoft System Center Configuration Manager 2007 Service Pack 2, System Center 2012 Configuration Manager Service Pack 2, System Center 2012 R2 Configuration Manager Service Pack 1, and the current branch of System Center Configuration Manager versions 1706 and earlier. Before you install this update, check out the "Installation instructions" section.

Note System Center Configuration Manager current branch version 1710 and later versions are pre-provisioned with this version of the Asset Intelligence (AI) authentication certificate, so you do not have to apply this update to those versions.

Symptoms

In System Center Configuration Manager, the issuing certificate that System Center Online uses to validate the Asset Intelligence public authentication (bootstrap) certificate (expiration date October 12, 2018) was updated November 17, 2017. The previous issuing certificate will remain valid for a short period to allow for a smooth transition. When the old issuing certificate is removed, System Center Online will no longer recognize the pre-provisioned public authentication certificate that is used by the Asset Intelligence synchronization point site system role to enroll with the service.

  • Scenario 1: You try to install a new Asset Intelligence synchronization point, and it is making its first connection attempt to the System Center Online service.

  • Scenario 2: Your existing Asset Intelligence synchronization point tries to use the public authentication certificate to renew the specific per-installation certificate.

In either of these scenarios, System Center Online rejects the public authentication certificate, and you receive the following error message in the Asset Intelligence pane of the Configuration Manager Console:

In System Center Configuration Manager 2007

Connection failed -bad certificate

In System Center 2012 Configuration Manager

Expired credentials/certificate/token. Need to re-provision online account.

In System Center Configuration Manager current branch 1706 and earlier versions

Expired credentials/certificate/token. Need to re-provision online account.

Additionally, the following error message is logged in the Aiupdatesvc.log file:

Asset Intelligence Catalog Sync Service Warning: 0 :Log_Date:WebException trying to enroll: Status = ProtocolError Asset Intelligence Catalog Sync Service Error: 0 :Log_Date:Exception attempting sync - The request failed with HTTP status 403: Forbidden.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

References

Learn about the terminology that Microsoft uses to describe software updates.

Need more help?

Want more options?

Explore subscription benefits, browse training courses, learn how to secure your device, and more.

Communities help you ask and answer questions, give feedback, and hear from experts with rich knowledge.