download432We just released a new ConfigMgr 2007 hotfix addressing the following issue:

The Asset Intelligence synchronization point re-enrolls with the System Center Online service in Microsoft System Center Configuration Manager 2007 every synchronization cycle. This behavior occurs even though the Asset Intelligence synchronization point was previously enrolled successfully. The System Center Online service cannot find the machine-specific certificate for Asset Intelligence in the ALM store even when an apparently valid machine certificate is present. Therefore, an accumulation of machine certificates that are saved in the machine certificate store occurs in the ALM folder.

Additionally, error messages that resemble the following appear in the AIUpdateSvc.log file:

Note These are partial log entries. Other lines that are unrelated to this issue may appear in production log files.

Asset Intelligence Catalog Sync Service Information: 0 : date time GMT:Sync Now detected
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Writing to registry: lastPoll time
Asset Intelligence Catalog Sync Service Information: 0 : datetime GMT:Next scheduled sync time: 02/02/2014 00:00:00
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Next scheduled sync is at least another poll interval away.
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:No retry key found
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Reading persisted settings from site server
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Reading network settings from registry
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Reading proxy server info
Asset Intelligence Catalog Sync Service Information: 0 : datetime GMT:Using proxy: Server=<Your Proxy Server>, Credentials=<Your Credential for Proxy>
Asset Intelligence Catalog Sync Service Information: 0 : datetime GMT:Authentication: Did not find machine certificate in ALM store
Asset Intelligence Catalog Sync Service Information: 0 : datetime GMT:Enrollment Certicate Path is 
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Created bootstrap cert from byte array
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Key container already exist. CryptAcquireContextW(CRYPT_MACHINE_KEYSET|CRYPT_NEWKEYSET) returns -2146893809
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Enrollment string: <Enrollment AccountID="e72756d8-8fe6-4bdd-90cb-31470ef06e18"><HardwareID>VjQtRU5VLVNQMi1TQTUAAAAAAAA=</HardwareID><PublicKey>MIGfMA0QAB</PublicKey></Enrollment>
Asset Intelligence Catalog Sync Service Information: 0 : datetime GMT:Redirected to URL https://sc.microsoft.com/CatalogService/service.svc
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:

Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Writing to registry FileSeqNo 3
Asset Intelligence Catalog Sync Service Information: 0 : datetime GMT:
=====================Data/Status copied to outbox=====================
Asset Intelligence Catalog Sync Service Verbose: 0 : datetime GMT:Machine Cert updated in ALM store

For additional details and a link to a ConfigMgr 2007 hotfix that resolves this issue please see the following:

KB2911369 - The System Center Online service cannot find the machine-specific certificate for Asset Intelligence in the ALM store in Configuration Manager 2007 (http://support.microsoft.com/kb/2911369)

J.C. Hornbeck | Solution Asset PM | Microsoft GBS Management and Security Division

Get the latest System Center news on Facebook and Twitter:

clip_image001 clip_image002

System Center All Up: http://blogs.technet.com/b/systemcenter/
System Center – Configuration Manager Support Team blog: http://blogs.technet.com/configurationmgr/
System Center – Data Protection Manager Team blog: http://blogs.technet.com/dpm/
System Center – Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
System Center – Operations Manager Team blog: http://blogs.technet.com/momteam/
System Center – Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center – Virtual Machine Manager Team blog: http://blogs.technet.com/scvmm

Windows Intune: http://blogs.technet.com/b/windowsintune/
WSUS Support Team blog: http://blogs.technet.com/sus/
The AD RMS blog: http://blogs.technet.com/b/rmssupp/

App-V Team blog: http://blogs.technet.com/appv/
MED-V Team blog: http://blogs.technet.com/medv/
Server App-V Team blog: http://blogs.technet.com/b/serverappv

The Forefront Endpoint Protection blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/