MP has rejected registration request due to failure in client certificate RRS feed

  • Question

  • Hello,

    We have System Center Configuration Manager 2012 deployed on Windows Server 2008R2 host. Recently we have moved our Certification Authority to Windows Server 2012. All ConfigMgr certificates and machine certificates on clients were re-enrolled. IIS Certificate for :443 and Root Authority certificates were specified in SCCM2012 Site settings. New Root CA also present on client machines and on SCCM. However, i have discovered these errors on MP:

    MP has rejected registration request due to failure in client certificate (Subject Name: ) chain validation. If this is a valid client, Configuration Manager Administrator needs to place the Root Certification Authority and Intermediate Certificate Authorities in the MPÆs Certificate store or configure Trusted Root Certification Authorities in primary site settings. The operating system reported error 2148204809: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 

     But this has been done already, i've checked multiple times. May it be related to CA, Which is Server 2012 now?

    Where can i look for solution? Please suggest Log files, or anything useful, if possible



    Friday, January 11, 2013 1:41 PM

All replies

  • Hello,

    Please see in your enviroment of SCCM2012 (Administration --> Site Configuration --> Site Properties) if you have registered the new Certificate of Root CA is posible that when you move the Root CA this generate a new root certificate and this not are register in the SCCM. Check the Root certificates registered in SCCM and compare this with the root certificate of client machine.

    If the certificates don't match, register de new Root CA if the certificate are emited to the same subject only can have one certificate registered and all your machines clients with this Root Certificated.

    Server Side

    Client Side Certificate (MMC)

    Regards and hope that this can help


    Monday, April 1, 2013 11:38 AM
  • You're my hero, i don't know you, but you just have save my day. After spending hours digging inside Crl, CDP, AIA and OCSP validations, found your answer have solved it all.

    Thank you 3 thousand

    Thursday, April 23, 2020 8:18 PM