Collection Evaluation Viewer and Certificate Chain
By Garth Jones
While I was writing my blog posts, ConfigMgr Collections and Collection Evaluation Viewer and How to Fix a Poorly Written WQL Query, I ran across an interesting issue when trying to remotely connect to my primary site.
At first I didn’t notice the error message but after a few seconds I saw it at the bottom (red arrow) of Collection Evaluation Viewer (CEV).*
The error states, “A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority….”
What is this error about? The error occurs when you are running CEV remotely from your ConfigMgr site server and you don’t have the ConfigMgr SQL certificate installed on your local PC. How do you fix this problem? The simple answer is to install the ConfigMgr SQL certificate locally on your PC.
The remainder of this blog post will show you how to install the SQL certificate. Before starting the export and import process, however, you must first exit CEV.
1. Start by launching mmc.exe on your local PC.
2. Click File and then click on Add/Remove Snap-in…
3. Select Certificates and then click on the Add button.
4. Select Computer account and then click Next.
5. Select Another computer: and then enter your ConfigMgr SQL server name (cm-sql-rs1 in my case) before clicking on the Finish button.
6. Again, select Certificates and then click the Add button.
7. Again, select Computer account and then click Next.
8. This time keep the default of Local computer and then click on the Finish button.
9. Click OK.
10. Expand Certificates(<your SQL server name; cm-sql-rs1 in my case>)\Personal\Certificates.
11. Select the ConfigMgr SQL Server Identification Certificate, right click and point to All Tasks and then click Export…
12. Click Next.
13. Click Next.
14. Keep the default and click Next.
15. Select a file name to store the certificate, and then click Next.
16. Click Finish.
17. Click OK.
Now that the certificate is exported from the ConfigMgr SQL server, you need to import it on your local computer.
18. Expand Certificates (Local Computer)\Trusted People\Certificates, then right-click and point to All Tasks and then click on Import…
19. Click Next.
20. Browse to the certificate that you just exported before clicking on the Next button.
21. Accept the defaults and click Next.
22. Click on the Finish button to complete the importation process.
23. Click the OK button.
24. Next launch Collection Evaluation Viewer (CEV) from your workstation.
You can now see that CEV works correctly from your workstation. If you have any questions, please feel free to contact me @Enhansoft.
* CVE is part of the ConfigMgr Toolkit and can be downloaded here.