HOTFIX: "Bad certificate" error when you use an Asset Intelligence synchronization point on a System Center Configuration Manager 2007 SP2 site server after the bootstrap certificate expires

This Knowledge Base article talks about an issue where you get a "Bad certificate" error when you use an AI synchronization point on a ConfigMgr 2007 site server after the bootstrap certificate expires:

=====

Consider the following scenarios.

Scenario 1

• You have a Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2) site server.
• You install an Asset Intelligence synchronization point on the site server. During the installation process, the Asset Intelligence synchronization point makes its first connection attempt to the System Center Online service.

Scenario 2

• You have a System Center Configuration Manager 2007 Service Pack 2 (SP2) site server.
• You install the Asset Intelligence synchronization point on the site server.
• The bootstrap certificate expires.
• The Asset Intelligence synchronization point tries to use the bootstrap certificate to renew the Asset Intelligence certificate.

In these scenarios, you receive the following error message in the Asset Intelligence pane of the Configuration Manager administrative console:

Connection failed -bad certificate

Additionally, the following error message is logged in the Aiupdatesvc.log file:

Asset Intelligence Catalog Sync Service Warning: 0 :<Log Date>:WebException trying to enroll: Status = ProtocolError
Asset Intelligence Catalog Sync Service Error: 0 :<Log Date>:Exception attempting sync - The request failed with HTTP status 403: Forbidden.

=====

For the most current version of this article as well as a link to download the hotfix, please see the following:

2483225 - "Bad certificate" error when you use an Asset Intelligence synchronization point on a System Center Configuration Manager 2007 SP2 site server after the bootstrap certificate expires

J.C. Hornbeck| Knowledge Engineer | Management and Security Division

Get the latest System Center news onFacebookand Twitter:

App-V Team blog: http://blogs.technet.com/appv/
ConfigMgr Support Team blog: http://blogs.technet.com/configurationmgr/
DPM Team blog: http://blogs.technet.com/dpm/
MED-V Team blog: http://blogs.technet.com/medv/
Orchestrator Support Team blog: http://blogs.technet.com/b/orchestrator/
Operations Manager Team blog: http://blogs.technet.com/momteam/
SCVMM Team blog: http://blogs.technet.com/scvmm
Server App-V Team blog: http://blogs.technet.com/b/serverappv
Service Manager Team blog: http://blogs.technet.com/b/servicemanager
System Center Essentials Team blog: http://blogs.technet.com/b/systemcenteressentials
WSUS Support Team blog: http://blogs.technet.com/sus/

The Forefront Server Protection blog: http://blogs.technet.com/b/fss/
The Forefront Endpoint Security blog : http://blogs.technet.com/b/clientsecurity/
The Forefront Identity Manager blog : http://blogs.msdn.com/b/ms-identity-support/
The Forefront TMG blog: http://blogs.technet.com/b/isablog/
The Forefront UAG blog: http://blogs.technet.com/b/edgeaccessblog/