Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Update for Asset Intelligence authentication certificate in System Center Configuration Manager (KB 4054234)


View products that this article applies to.

Introduction

This article describes an update for the Asset Intelligence (AI) authentication certificate in Microsoft System Center Configuration Manager 2007 Service Pack 2, System Center 2012 Configuration Manager Service Pack 2, System Center 2012 R2 Configuration Manager Service Pack 1, and the current branch of System Center Configuration Manager versions 1706 and earlier. Before you install this update, check out the "Installation instructions" section.

Note System Center Configuration Manager current branch version 1710 and later versions are pre-provisioned with this version of the Asset Intelligence (AI) authentication certificate, so you do not have to apply this update to those versions.

↑ Back to the top


Symptoms

In System Center Configuration Manager, the issuing certificate that System Center Online uses to validate the Asset Intelligence public authentication (bootstrap) certificate (expiration date October 12, 2018) was updated November 17, 2017. The previous issuing certificate will remain valid for a short period to allow for a smooth transition. When the old issuing certificate is removed, System Center Online will no longer recognize the pre-provisioned public authentication certificate that is used by the Asset Intelligence synchronization point site system role to enroll with the service.

  • Scenario 1: You try to install a new Asset Intelligence synchronization point, and it is making its first connection attempt to the System Center Online service.
  • Scenario 2: Your existing Asset Intelligence synchronization point tries to use the public authentication certificate to renew the specific per-installation certificate.
In either of these scenarios, System Center Online rejects the public authentication certificate, and you receive the following error message in the Asset Intelligence pane of the Configuration Manager Console:
 
In System Center Configuration Manager 2007
In System Center 2012 Configuration Manager
In System Center Configuration Manager current branch 1706 and earlier versions


Additionally, the following error message is logged in the Aiupdatesvc.log file:

↑ Back to the top


Resolution

To resolve this issue, upgrade to Configuration Manager current branch 1710 (or a later version) or apply this update. The AI authentication certificate that is in this update is valid until November 1, 2019.

You should update the System Center Online public authentication certificate for Asset Intelligence on the top site in your hierarchy to allow for installation of a new Asset Intelligence synchronization point or to ensure continued connectivity between the Asset Intelligence synchronization point and the System Center Online service for your existing installations.

Update information

A supported update package is available from the Microsoft Download Center.

Download the update package now.

Installation instructions

This update should be installed on the top site in the hierarchy.

Install the certificate file that is in this hotfix to manually renew the Asset Intelligence certificate. To do this, follow these steps:

  1. Download the hotfix package, ConfigMgrAICert_KB4054234.exe.
  2. Double-click the hotfix package to open the Microsoft Self-Extractor dialog box, select Yes to accept the License Agreement, select a location for the extracted files, and then select OK to continue and decompress the files.
  3. Run the ConfigMgrAICert_KB4054234.exe file to extract the 8EBC7D60-4ACA-07F2-7004-A799B2C2B096.pfx certificate file to a location that can be accessed by the site server.
  4. In the Configuration Manager console, find the computer name of the Asset Intelligence synchronization point server in the following location.
     
    • For all System Center Configuration Manager 2007 products:

      System Center Configuration Manager\Site Database (site code, site name)\Site Settings\Site Systems

    • For all System Center 2012 Configuration Manager products:

      Administration\Overview\Site Configuration\Servers and Site System Roles

    • For all System Center Configuration Manager current branch versions:

      Administration\Overview\Site Configuration\Servers and Site System Roles

  5. Right-click the Asset Intelligence synchronization point, and then select Properties.
  6. Select the General tab, specify the path of the certificate file, and then select OK.

Note You do not have to reset the System Center Online Point server role or restart the AI_UPDATE_SERVICE_POINT service after you re-enable the Asset Intelligence synchronization point by using the new certificate. You only have to perform the synchronization again.

Restart information

You do not have to restart the computer after you apply this hotfix.

Replacement information

This update replaces the following four updates:
 

  • 3207852 Update for authentication certificate in System Center Configuration Manager Asset Intelligence is available
  • 3060648 An update for the authentication certificate in System Center Configuration Manager Asset Intelligence is available
  • 2733615 An update for the authentication certificate in System Center Configuration Manager Asset Intelligence is available
  • 2783924 An update for the authentication certificate in System Center Configuration Manager Asset Intelligence is available

File information

The English version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
 

File name File version File size Date Time Platform
8EBC7D60-4ACA-07F2-7004-A799B2C2B096.pfx Not applicable 3,689 02-Nov-2017 15:23 Not applicable
Licence_eNU.rtf Not applicable 43,725 02-Jun-2015 15:19 Not applicable

↑ Back to the top


Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.

↑ Back to the top


References

Learn about the terminology that Microsoft uses to describe software updates.

↑ Back to the top


Keywords: ConfigMgrCB, kbqfe, kbfix, kbexpertiseinter, kbsurveynew, kbbug, kb, SCCM

↑ Back to the top

Article Info
Article ID : 4054234
Revision : 26
Created on : 11/21/2017
Published on : 11/21/2017
Exists online : False
Views : 332