New solution: System Center Mobile Device Manager 2008 SP1 device certificate renewal request fails after 12 months
After being enrolled for a year, a System Center Mobile Device Manager (SCMDM) managed device may fail to renew its client certificate. As a result it will fail to connect to the SCMDM VPN successfully.
Additionally, the issuing Certificate Authority Application Event Log contains a warning similar to the following:
Event Type: Warning
Event Source: CertSvc
Event ID: 53
Description:
Certificate Services denied request 97 because The request contains conflicting template information. 0x80094802 (-2146875390). The request was for CN=device.contoso.com. Additional information: Denied by Policy Module 0x80094802, The request specifies conflicting certificate templates: 1.3.6.1.4.1.311.21.8.13101452.6590778.3820446.1524682.2069567.226.1027488195.1669196290/SCMDMMobileDevice(MDM1).
This can occur if there is a space in the template name. When the SCMDM managed device requests to renew its client certificate, the space character in the template name is dropped. As a result, the certification authority cannot process the request and results in the above error.
For the latest information on this issue including the resolution, see the following Knowledge Base article:
KB2273458 - System Center Mobile Device Manager 2008 SP1 device certificate renewal request fails after 12 months
J.C. Hornbeck | System Center Knowledge Engineer
Comments
Anonymous
October 14, 2010
Hi, I applied this resolution but my devices are not renewing theire certificates. I use a root CA 2008 and I'm wondering if this isn't the cause of my problems. There is configuration step for a 2003 CA in SCMDM documemtation but nothing about Windwos 2008 CA and IIS 7 ? Can you help me ?Anonymous
February 21, 2016
Hi J.C. Hornbeck
Its absolutely working fine. ThanksAnonymous
February 21, 2016
Hi J.C. Hornbeck
Its absolutely working fine. Thanks