After being enrolled for a year, a System Center Mobile Device Manager (SCMDM) managed device may fail to renew its client certificate. As a result it will fail to connect to the SCMDM VPN successfully.
Additionally, the issuing Certificate Authority Application Event Log contains a warning similar to the following:
Event Type: Warning Event Source: CertSvc Event ID: 53 Description: Certificate Services denied request 97 because The request contains conflicting template information. 0x80094802 (-2146875390). The request was for CN=device.contoso.com. Additional information: Denied by Policy Module 0x80094802, The request specifies conflicting certificate templates: 220.127.116.11.4.1.318.104.22.16801452.6590778.3820446.1524682.2069567.226.1027488195.1669196290/SCMDMMobileDevice(MDM1).
This can occur if there is a space in the template name. When the SCMDM managed device requests to renew its client certificate, the space character in the template name is dropped. As a result, the certification authority cannot process the request and results in the above error.
For the latest information on this issue including the resolution, see the following Knowledge Base article:
KB2273458 - System Center Mobile Device Manager 2008 SP1 device certificate renewal request fails after 12 months
J.C. Hornbeck | System Center Knowledge Engineer
I applied this resolution but my devices are not renewing theire certificates.
I use a root CA 2008 and I'm wondering if this isn't the cause of my problems.
There is configuration step for a 2003 CA in SCMDM documemtation but nothing about Windwos 2008 CA and IIS 7 ?
Can you help me ?