< Blog

Collection Evaluation Viewer and Certificate Chain

By Garth Jones

While I was writing my blog posts, ConfigMgr Collections and Collection Evaluation Viewer and How to Fix a Poorly Written WQL Query, I ran across an interesting issue when trying to remotely connect to my primary site.

At first I didn’t notice the error message but after a few seconds I saw it at the bottom (red arrow) of Collection Evaluation Viewer (CEV).*

Collection Evaluation Viewer and Certificate Chain-Error Message

The error states, “A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority….”

What is this error about? The error occurs when you are running CEV remotely from your ConfigMgr site server and you don’t have the ConfigMgr SQL certificate installed on your local PC. How do you fix this problem? The simple answer is to install the ConfigMgr SQL certificate locally on your PC.

The remainder of this blog post will show you how to install the SQL certificate. Before starting the export and import process, however, you must first exit CEV.

Collection Evaluation Viewer and Certificate Chain-Step 1

1. Start by launching mmc.exe on your local PC.

Collection Evaluation Viewer and Certificate Chain-Step 2

2. Click File and then click on Add/Remove Snap-in…

Collection Evaluation Viewer and Certificate Chain-Step 3

3. Select Certificates and then click on the Add button.

Collection Evaluation Viewer and Certificate Chain-Step 4

4. Select Computer account and then click Next.

Collection Evaluation Viewer and Certificate Chain-Step 5

5. Select Another computer: and then enter your ConfigMgr SQL server name (cm-sql-rs1 in my case) before clicking on the Finish button.

Collection Evaluation Viewer and Certificate Chain-Step 6

6. Again, select Certificates and then click the Add button.

Collection Evaluation Viewer and Certificate Chain-Step 7

7. Again, select Computer account and then click Next.

Collection Evaluation Viewer and Certificate Chain-Step 8

8. This time keep the default of Local computer and then click on the Finish button.

Collection Evaluation Viewer and Certificate Chain-Step 9 

9. Click OK.

Collection Evaluation Viewer and Certificate Chain-Step 10

10. Expand Certificates(<your SQL server name; cm-sql-rs1 in my case>)\Personal\Certificates.

Collection Evaluation Viewer and Certificate Chain-Step 11 

11. Select the ConfigMgr SQL Server Identification Certificate, right click and point to All Tasks and then click Export

Collection Evaluation Viewer and Certificate Chain-Step 12

12. Click Next.

Collection Evaluation Viewer and Certificate Chain-Step 13

13. Click Next.

Collection Evaluation Viewer and Certificate Chain-Step 14

14. Keep the default and click Next.

Collection Evaluation Viewer and Certificate Chain-Step 15

15. Select a file name to store the certificate, and then click Next.

Collection Evaluation Viewer and Certificate Chain-Step 16

16. Click Finish.

Collection Evaluation Viewer and Certificate Chain-Step 17

17. Click OK.

Now that the certificate is exported from the ConfigMgr SQL server, you need to import it on your local computer.

Collection Evaluation Viewer and Certificate Chain-Step 18 

18. Expand Certificates (Local Computer)\Trusted People\Certificates, then right-click and point to All Tasks and then click on Import…

Collection Evaluation Viewer and Certificate Chain-Step 19

19. Click Next.

Collection Evaluation Viewer and Certificate Chain-Step 20

20. Browse to the certificate that you just exported before clicking on the Next button.

Collection Evaluation Viewer and Certificate Chain-Step 21 

21. Accept the defaults and click Next.

Collection Evaluation Viewer and Certificate Chain-Step 22 

22. Click on the Finish button to complete the importation process.

Collection Evaluation Viewer and Certificate Chain-Step 23 

23. Click the OK button.

24. Next launch Collection Evaluation Viewer (CEV) from your workstation.

Collection Evaluation Viewer and Certificate Chain-Successful Connection

You can now see that CEV works correctly from your workstation. If you have any questions, please feel free to contact me @Enhansoft.

* CVE is part of the ConfigMgr Toolkit and can be downloaded here.