I have recently upgraded from PM 1.85.490 to 2.0.2203 using the updater package. Since upgrading, I have not been able to access any WSUS servers through the console along with having issues doing other tasks. I've narrowed it down to a certificate issue I think, but I'm having problems resolving the issue. The upgrade went smooth and no errors or warnings during the process. Anytime I try to access a WSUS server through the PM console I get a message stating "All management servers are unavailable for management group <group name>". I do not have an issue with 200+ certificates in the local computers trusted certificate store. I have well below that amount. When I look in the event logs for PM I see the same warning messages over and over again regarding all the different automation role servers I have deployed. The events are as follows:
Log Name: EminentWare
Source: Management Server
Date: 1/31/2014 2:24:45 PM
Event ID: 0
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: <PM PAS.Domain.something>
Description:
The management server was unable to synchronize the downstream automation server: <ServerName>
Log Name: EminentWare
Source: Management Server
Date: 1/31/2014 2:25:29 PM
Event ID: 0
Task Category: None
Level: Warning
Keywords: Classic
User: N/A
Computer: <PM PAS.Domain.something>
Description:
The attempt to connect to the Management Server <PM PAS.domain.something> failed.
Message: Communication failure.
A certificate is missing or has an empty value for an important field, such as a subject or issuer name.
Details: dgsrpcinterface::smartbind() failed.
I have ran the upgrade on the automation role server and still get the same error. I have also ran setuphelper.exe /provisionserver /type primary on the PAS and A server without error, but I still am faced with the same messages.
I enabled verbose logging and tried to access a WSUS server again through the console. I am going to paste a snippet of the log file that I think may be helpful since it's about 15MB. I'm pasting from the point in the log file where the first [ERROR] occurs.
2014/01/31 14:25:29:274 PID: 34096 TID: 29316 [ERROR] clientcertificatecache::createserverfullsicspn() failed to find CA certificate for
2014/01/31 14:25:29:274 PID: 34096 TID: 29316 [VERB] ewException caught: [clientcertificatecache::createserverfullsicspn() cannot find the CA certificate in cache for this servers deviceid. Server is not provisioned.], File: dgs_rpc_interface.cpp, Line: 687
2014/01/31 14:25:29:274 PID: 34096 TID: 29316 [VERB] ewException caught: [ewException caught: [clientcertificatecache::createserverfullsicspn() cannot find the CA certificate in cache for this servers deviceid. Server is not provisioned.], File: dgs_rpc_interface.cpp, Line: 687], File: dgs_rpc_interface.cpp, Line: 764
2014/01/31 14:25:29:274 PID: 34096 TID: 29316 [VERB] Communication failure.
A certificate is missing or has an empty value for an important field, such as a subject or issuer name.
Details: dgsrpcinterface::smartbind() failed.
I have also verified that the permissions on the c:\programdata\microsoft\crypto\rsa\machinekeys is correct or at least set to it's defaults.
Any input would be very helpful. I have not been able to find any posts in SW KB or Thwack regarding this particular error. How can I verify the certificate is actually there? I can see Eminentware certs in the certificate manager, but I don't know which one this error message is stating is missing or has an empty value.
Louis
