CMG Client Certificate problems using wildcard certificate

Danny Banda 41 Reputation points
2021-07-05T16:35:50.08+00:00

When run the CMG connection analyzer with client certificate, testing the CMG channel for MP shows an error: Failed to refresh MP location. Selected client certificate is not trusted by the CMG service. Check if certificate chain for the client certificate is specified to upload to the CMG service and check revocation check setting.

111888-sura1.jpg

Clients can't communicate to CMG and see that client certification option doesn't change from self-signed to PKI.

111869-sura2.jpg

Please I need your help.

Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. HanyunZhu-MSFT 1,846 Reputation points Microsoft Vendor
    2021-07-06T08:42:48.243+00:00

    Hi @Danny Banda ,

    Thanks for posting in Microsoft Q&A forum.

    client certification option doesn't change from self-signed to PKI

    The client certificate will not change until the client registration is completed.

    The error mentioned that the certificated is not trusted by the CMG service, this might be caused by using the incorrect client trusted root certificate that is uploaded to the CMG service.
    It is recommended to check the certificate that we uploaded to the CMG.
    For more detail, please refer to this link:
    https://learn.microsoft.com/en-us/mem/configmgr/core/clients/manage/cmg/server-auth-cert#choose-the-certificate-type
    112037-cer.png
    Hope the above information can help you.


    If the response is helpful, please click "Accept Answer"and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


1 additional answer

Sort by: Most helpful
  1. Danny Banda 41 Reputation points
    2021-07-12T15:34:34.103+00:00

    Hi @HanyunZhu-MSFT

    Thanks for your answer. I upload root and intermediate certificate but test still fails. But I could solve the problem with clients. I had to update the CM to use token-based authentication feature to authenticate my clients.

    Thanks for your help.

    Danny


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.