Update June 2015 This blog post has been superseded by http://blogs.technet.com/b/configmgrteam/archive/2015/06/09/announcement-update-your-sco-authentication-certificate-for-asset-intelligence-june-2015.aspx.
[Yvette O’Meally has provided today’s post]
When the Configuration Manager 2007 Asset Intelligence synchronization point first connects to System Center Online, it presents the System Center online authentication certificate to enroll in the service. This is a public certificate that is used by all Configuration Manager 2007 installations. As part of the enrollment process, the service returns a certificate that is specific to that Asset Intelligence synchronization point. This specific certificate is then used for subsequent activity when Asset Intelligence synchronizes with System Center online, for example, when it uploads and downloads software titles.
The public certificate for System Center online authentication was distributed by Microsoft for Configuration Manager 2007 Service Pack 1 and it was automatically installed and configured with Configuration Manager 2007 Service Pack 2. In both cases, this certificate has a validity period of 3 years and an expiration date of 4/25/2011. The expiry date of the specific certificate is based on when it was issued. It has a validity period of 1 year. The validity dates can be viewed in the certificate properties using Certificates MMC Snap-in.
Because the public certificate for System Center online authentication has now expired, it will be rejected by System Center online. The specific per-installation certificates for customers will expire based on when the Asset Intelligence synchronization point first connected to System Center online. Because you cannot automatically renew the specific per-installation certificate when the public certificate for System Center online authentication has expired, you must take manual steps to renew your certificate before it expires. If you do not renew your certificate and it expires, you will no longer be able to synchronize with System Center online.
If both the public certificate and specific certificate have expired you will see the following entries in the AIUpdateSvc.log when the Asset Intelligence synchronization point attempts to renew the specific per-installation certificate.
Asset Intelligence Catalog Sync Service Warning: 0 : Tue, 26 Apr 2011 04:51:58 GMT:WebException trying to enroll: Status = ProtocolErrorAsset Intelligence Catalog Sync Service Error: 0 : Tue, 26 Apr 2011 04:51:58 GMT:Exception attempting sync - The request failed with HTTP status 403: Forbidden.
You may also see a 'Connection Failed - bad certificate' error on the Asset Intelligence home page in the Configuration Manager console as shown below.
To renew your certificates for Asset Intelligence, you must first obtain an updated public certificate for System Center online authentication. When this updated certificate is installed, your specific certificate will automatically renew.
How to Update the Certificates for Asset Intelligence
For additional information about the Asset Intelligence synchronization point, see the following topic in the Configuration Manager 2007 Documentation Library: About the Asset Intelligence Synchronization Point.
-- Yvette O'Meally
This posting is provided "AS IS" with no warranties and confers no rights.
Thanks for your marvelous posting! I quite enjoyed reading it, you are a great author.I will be sure to bookmark your blog and definitely will come back from now on. I want to encourage that you continue your great job, have a nice day.
Thanks a lot for sharing such a good source with all, i appreciate your efforts taken for the same. I found this worth sharing and must share this with all.