You may see in AIUpdateSvc.log has entries of “WebException trying to enroll: Status = ProtocolError” and  “Exception attempting sync – The request failed with HTTP status 403: Forbidden.” this could because of your SCCM Public certificate expired. yes by default Microsoft will install a public certificate that will expires on 3 years i.e., 4/25/2011.   To resolve this you need to Update the Certificates for Asset Intelligence

  • Configuration Manager 2007 Service Pack 2: Install hotfix KB2483225. This hotfix installs the updated public certificate for System Center online authentication and no further action is required. As part of the hotfix installation, the updated certificate is configured for the Asset Intelligence synchronization point and your specific certificate will be automatically renewed.  For more information about this hotfix, see http://support.microsoft.com/kb/2483225/en-us.
  • Configuration Manager Service Pack 1: Obtain a certificate file and manually configure the Asset Intelligence synchronization point to use the updated public certificate for System Center online authentication. Use the following steps:
    1. Email ai-cert@microsoft.com to request a certificate file that contains the updated public certificate for System Center online authentication.  Please note that this alias is for certificate distribution only and not for support questions.
    2. Store the certificate file in a location that is accessible to the site server.
    3. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database (<site code> – <site name>) / Site Settings / Site Systems.
    4. Click the Asset Intelligence Synchronization point site system computer name.
    5. Select the Asset Intelligence synchronization point, and click Properties.
    6. On the General tab of the Asset Intelligence Synchronization Point Properties, specify the path to the new System Center Online authentication certificate (.pfx) file, and click OK.
 

Leave a Reply