New ConfigMgr Hotfix: Can’t perform catalog sync using an Asset Intelligence synchronization point on a ConfigMgr 2007 SP2 site server after the bootstrap certificate expires

New ConfigMgr Hotfix: Can’t perform catalog sync using an Asset Intelligence synchronization point on a ConfigMgr 2007 SP2 site server after the bootstrap certificate expires

  • Comments 1
  • Likes

KBConsider the following two scenarios:

Scenario 1

You have a Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2) site server.
You install an Asset Intelligence synchronization point on the site server. In the installation process, the Asset Intelligence synchronization point makes its first connection attempt to the System Center Online service.

Scenario 2

You have a Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2) site server.
You install the Asset Intelligence synchronization point on the site server.
The bootstrap certificate expires.
The Asset Intelligence synchronization point tries to use the bootstrap certificate to renew the Asset Intelligence certificate.

In these scenarios, you receive the following error message in the Asset Intelligence pane of the Configuration Manager administrative console:

Connection failed -bad certificate

Additionally, the following error message is logged in the Aiupdatesvc.log file:

Asset Intelligence Catalog Sync Service Warning: 0 :<Log Date>:WebException trying to enroll: Status = ProtocolError
Asset Intelligence Catalog Sync Service Error: 0 :<Log Date>:Exception attempting sync - The request failed with HTTP status 403: Forbidden.

CAUSE

This issue occurs because the common certificate (also known as the "bootstrap" certificate) expires on April 24, 2011.

When the System Center Configuration Manager 2007 Asset Intelligence synchronization point tries to use this certificate, the error message is displayed.

RESOLUTION

To resolve this issue, see the the following Knowledge Base article:

KB2483225 - You cannot perform catalog synchronization by using an Asset Intelligence synchronization point on a System Center Configuration Manager 2007 SP2 site server after the bootstrap certificate expires

J.C. Hornbeck | System Center Knowledge Engineer

The App-V Team blog: http://blogs.technet.com/appv/
The WSUS Support Team blog: http://blogs.technet.com/sus/
The SCMDM Support Team blog: http://blogs.technet.com/mdm/
The ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
The SCOM 2007 Support Team blog: http://blogs.technet.com/operationsmgr/
The SCVMM Team blog: http://blogs.technet.com/scvmm/
The MED-V Team blog: http://blogs.technet.com/medv/
The DPM Team blog: http://blogs.technet.com/dpm/
The OOB Support Team blog: http://blogs.technet.com/oob/
The Opalis Team blog: http://blogs.technet.com/opalis
The Service Manager Team blog: http: http://blogs.technet.com/b/servicemanager
The AVIcode Team blog: http: http://blogs.technet.com/b/avicode
The System Center Essentials Team blog: http: http://blogs.technet.com/b/systemcenteressentials
The Server App-V Team blog: http: http://blogs.technet.com/b/serverappv

clip_image001 clip_image002

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • So what if I installed the hotfix and I am still getting the same error?