Bad Certificate Error, SCCM SP2, R3 Hotfix KB2483225 installed
-
2012年2月15日 21:44
I am getting a Bad Certificate error with SCCM while syncing AI. I am on SP2, R3 and I have installed the hotfix 2483225. I have removed AI, read logs and waited for uninstall to complete, installed AI which was successful. I am still getting this error. I am seeing an ALM folder in my cert store but it is empty.
Here is a sip fromAIUpdateSvc.log. It shows the bootstrap cert error and "already has reached limit for maximum number of credentials". I am not sure if this is why I am still getting the cert error.
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 20:57:12 GMT:=====================Data/Status copied to outbox=====================
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 20:57:13 GMT:Next scheduled sync time: 02/15/2012 13:05:00
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 20:57:13 GMT:Next scheduled sync is within poll period. Kicking it off..
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 20:57:13 GMT:No proxy server
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 20:57:13 GMT:Authentication: Did not find machine certificate in ALM store
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 20:57:13 GMT:Enrollment Certicate Path is
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 20:57:15 GMT:Redirected to URL https://sc.microsoft.com/CatalogService/service.svc
Asset Intelligence Catalog Sync Service Warning: 0 : Wed, 15 Feb 2012 20:57:18 GMT:System.Data.SqlClient.SqlException: AgentID BC3B6959-1268-4032-A73C-480FA14316A9 already has reached limit for maximum number of credentials
at Microsoft.Webstore.WstClient.CommandExecutor.ThrowException(Exception executeException)
at Microsoft.Webstore.WstClient.CommandExecutor.ReportException(Exception executeException)
at Microsoft.Webstore.WstClient.WstCommand.ExecuteNonQueryWithSync(CommandExecutor commandExecutor)
at Microsoft.Webstore.WstClient.WstCommand.ExecuteNonQuery()
at Microsoft.SystemCenter.Online.Data.ScoDataConnection.PerformNonQuery(String procedure, IList`1 parameterList) in d:\sd\sco_fb_next\enduser\scl\common\managed\data\WebstoreHelpers.cs:line 679
at Microsoft.SystemCenter.Online.AccountManagement.Account.EnrollAgent(IAuthenticationToken agentToken, String agentRequest, String agentRole) in d:\sd\sco_fb_next\enduser\scl\service\middletier\acctmgmt\Account.cs:line 1328
at Microsoft.SystemCenter.Online.CatalogService.Enroll(String enrollmentRequest) in d:\sd\sco_fb_next\enduser\scl\service\frontend\CatalogDownload\Service.cs:line 336
Asset Intelligence Catalog Sync Service Error: 0 : Wed, 15 Feb 2012 20:57:18 GMT:Exception attempting sync - Bootstrap Certificate needs update
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 20:57:18 GMT:=====================Data/Status copied to outbox=====================
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 21:12:18 GMT:Next scheduled sync time: 02/16/2012 13:05:00
Asset Intelligence Catalog Sync Service Information: 0 : Wed, 15 Feb 2012 21:27:18 GMT:Next scheduled sync time: 02/16/2012 13:05:00
Jason
すべての返信
-
2012年2月17日 17:37
Did you see your files changed ? as mentioned in the KB ?
System Center Configuration Manager 2007 SP2 file information notes
File name File version File size Date Time Platform Aiupdatesvc.exe 4.0.6487.2164 92,008 01-Feb-2010 14:15 x86 Aius.msi Not Applicable 1,447,424 01-Feb-2010 14:15 Not applicabl This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Click on "vote as Helpful" if you feel this post helpful to you. This can be beneficial to other community members reading the thread.
-
2012年2月17日 17:45Hope you have restarted the SCCM related services ...... http://blogs.technet.com/b/mwiles/archive/2011/05/27/asset-intelligence-is-failing-to-sync.aspx
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Click on "vote as Helpful" if you feel this post helpful to you. This can be beneficial to other community members reading the thread.
-
2012年2月17日 18:52The file verison is correct but it appears the size is different.
Jason
-
2012年2月17日 19:11Have you also restarted the SCCM services ?
This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. Click on "vote as Helpful" if you feel this post helpful to you. This can be beneficial to other community members reading the thread.
-
2012年2月17日 20:23I have rebooted the server.
Jason
-
2012年2月17日 20:26Something else other than the size being different. When I check the cert on Aiupdatesvc.exe, the cert expires in 2010. Runnning patch the cert expires on 3/2011. Is it possible that Microsoft needs to update the download link to the hotfix to a newer one?
Jason
-
2012年3月10日 16:11モデレータ Have you see this? http://social.technet.microsoft.com/Forums/en-US/configmgrai/thread/f63f138d-c0be-4344-ab12-40b75994ddf2
http://www.enhansoft.com/
- 回答の候補に設定 Garth JonesMVP, Moderator 2012年3月31日 12:52
-
2012年9月27日 16:06
I know this is a really old post, but I have been searching for two days on thew error and this thread comes up first when looking.
It turns out the certificate has expired AGAIN in Sept 2012 and so another new hotfix is required now if you install a new Asset Intellegence sync point. I happened to be moving mine onto new hardware and so ran into this issue.
Anyway, for future seekers, the hotfix you are looking for is 2733615 not 2483225. Now, if someone at Microsoft could be coaxed into updating the 2483225 KB article to let everyone know that one has been superceeded, that would be great. I left feedback on 2483225.
-
2012年9月27日 17:52
Hello,
I have installed hotfix 2733615, restarted sccm server but still can not download Asset Intelligence Catalog.
t Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:30:33 GMT:Service Starting
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:30:34 GMT:Service Started
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:30:34 GMT:Co-located on site server CRAS11
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:30:34 GMT:Output directory is C:\Program Files (x86)\Microsoft Configuration Manager\inboxes\AIKbMgr.box
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:30:34 GMT:Invalid LastPollTime in registry, using DateTime.Min
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:30:34 GMT:=====================Data/Status copied to outbox=====================
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:30:35 GMT:Next scheduled sync time: 09/28/2012 00:00:00
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:45:35 GMT:Sync Now detected
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:45:35 GMT:Next scheduled sync time: 09/28/2012 00:00:00
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:45:35 GMT:No proxy server
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:45:35 GMT:Authentication: Did not find machine certificate in ALM store
Asset Intelligence Catalog Sync Service Information: 0 : Thu, 27 Sep 2012 17:45:35 GMT:Enrollment Certicate Path is
Asset Intelligence Catalog Sync Service Error: 0 : Thu, 27 Sep 2012 17:45:35 GMT:CryptoException trying to get certificate - The specified network passwordDoes anyone know what is wrong ?
-
2012年9月27日 20:47
Becasue I have SCCM installed on Windows 2003 SP2, it seems, that the issue here is with the AI that fails to load a certificate. Gaining an exception on Windows Server 2003 and the exception is "System.Security.Cryptography.CryptographicException: The specified network password is not correct."
I found information that on Windows XP or Windows Server 2003, any characters greater or equal to 32 characters are ignored. Windows Server 2008 and later has no password limit so the code succeeds on that OS. On Windows Server 2003 the code fails to load the PFX because the password is more than 31 characters in length.
Any comment ?? -
2012年10月19日 20:58
Hello Ambrozy,
Thank you for posting the details of this issue. We have identified a problem with the most recent certificate on Server 2003 systems (only; 2008 is fine) and will update this thread and others in the community as soon as we have the fix ready.- 回答としてマーク Garth JonesMVP, Moderator 2012年11月10日 17:51
-
2012年11月19日 7:47
Hi,
Any update on this?
I am enabling Asset Intelligence as well. applied hotfix KB2483225 and getting the same CryptoException trying to get certificate - The specified network password is not correct in AIUpdateSvc.log as well.
SCCM is running in Windows 2003 Server .
-
2013年2月8日 16:39
Can you confirm if this is still an outstanding certificate problem that is being looked into because I am experiencing the same problem.
Thanks
-
2013年3月12日 12:48
There seems to have been another update http://support.microsoft.com/kb/2783924 to address this.
.png)
