See all of the top support solutions for our most common issues here
When using System Center 2012 Configuration Manager, you may find that the Out Of Band (OOB) Management console fails to connect to a client on an 802.1X network if that machine is not switched on or is not booted into a full, running operating system.
When a machine is provisioned in System Center 2012 Configuration Manager, it is issued an 802.1X client authentication certificate based on the settings configured in the 802.1X Wired Network Access Control dialog box. The value in Subject Alternative Name (SAN) of this certificate is used to authenticate to RADIUS server.
As per TechNet documentation here, the SAN should have the Unique Principal Name (UPN) of the provisioned AMT-based computer. The value in SAN is used for 802.1X client authentication.
If your Enterprise Certificate Authority is Windows Server 2003 based, client certificates that are issued using the 802.1X client authentication template may have incorrect alternative subject names. In these cases, the alternative subject name will have the Domain Name System (DNS) name instead of the UPN, thus causing authentication to fail.
For example, here is a correct value:
Here is an incorrect value:
To resolve this issue, install the hotfix documented in KB article 943089 (http://support.microsoft.com/kb/943089) and then re-provision the machine.
Karan Rustagi | Support Escalation Engineer | Management and Security Division
Get the latest System Center news on Facebook and Twitter:
App-V Team blog: http://blogs.technet.com/appv/ ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/ DPM Team blog: http://blogs.technet.com/dpm/ MED-V Team blog: http://blogs.technet.com/medv/ Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/ Operations Manager Team blog: http://blogs.technet.com/momteam/ SCVMM Team blog: http://blogs.technet.com/scvmm Server App-V Team blog: http://blogs.technet.com/b/serverappv Service Manager Team blog: http://blogs.technet.com/b/servicemanager System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials WSUS Support Team blog: http://blogs.technet.com/sus/
The Forefront Server Protection blog: http://blogs.technet.com/b/fss/ The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/ The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/ The Forefront TMG blog: http://blogs.technet.com/b/isablog/ The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/