question

DannyBanda-2139 avatar image
0 Votes"
DannyBanda-2139 asked saldana-msft edited

CMG Client Certificate problems using wildcard certificate

When run the CMG connection analyzer with client certificate, testing the CMG channel for MP shows an error: Failed to refresh MP location. Selected client certificate is not trusted by the CMG service. Check if certificate chain for the client certificate is specified to upload to the CMG service and check revocation check setting.

111888-sura1.jpg

Clients can't communicate to CMG and see that client certification option doesn't change from self-signed to PKI.

111869-sura2.jpg

Please I need your help.

mem-cm-generalmem-cm-co-management
sura1.jpg (83.7 KiB)
sura2.jpg (45.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HanyunZhu-MSFT avatar image
0 Votes"
HanyunZhu-MSFT answered HanyunZhu-MSFT commented

Hi @DannyBanda-2139,

Thanks for posting in Microsoft Q&A forum.

client certification option doesn't change from self-signed to PKI

The client certificate will not change until the client registration is completed.

The error mentioned that the certificated is not trusted by the CMG service, this might be caused by using the incorrect client trusted root certificate that is uploaded to the CMG service.
It is recommended to check the certificate that we uploaded to the CMG.
For more detail, please refer to this link:
https://docs.microsoft.com/en-us/mem/configmgr/core/clients/manage/cmg/server-auth-cert#choose-the-certificate-type
112037-cer.png
Hope the above information can help you.

If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


cer.png (27.4 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Just checking in to see if there is any update. Is the problem solved? Do you need any further assistance? Look forward to hearing from you.

Thanks for your time.

0 Votes 0 ·
DannyBanda-2139 avatar image
0 Votes"
DannyBanda-2139 answered HanyunZhu-MSFT commented

Hi @HanyunZhu-MSFT

Thanks for your answer. I upload root and intermediate certificate but test still fails. But I could solve the problem with clients. I had to update the CM to use token-based authentication feature to authenticate my clients.

Thanks for your help.

Danny

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thank you very much for your feedback and sharing. We're glad that the question can be solved now. It may help others who have similar issue. If you have any questions in future, we warmly welcome you to post in Microsoft Q&A forum again.

Have a nice day!

0 Votes 0 ·