Hey Guys,
My Application Catalog had been chugging along nicely for the past 11 months or so, until this morning. It began displaying the "Cannot Connect to Application Server" error.
I saw the corresponding log(s) in the server log (Logs from a day ago, showed proper functionality and count=1):
[55, PID:4828][12/04/2013 08:48:48] :FindCertificate - Found certs via FindByThumbprint, count = 0
[55, PID:4828][12/04/2013 08:48:48] :FindCertificate - No matching certs found
[55, PID:4828][12/04/2013 08:48:48] :DefaultApplicationOfferService - opening channel via client proxy
[55, PID:4828][12/04/2013 08:48:48] :The client certificate is not provided; this could cause errors when the web site attempts to communicate with the web service. The certificate thumbprint in the web.config did not match any cert in the SMS cert store.[55, PID:4828][12/04/2013 08:48:48] :System.InvalidOperationException: The client certificate is not provided. The certificate thumbprint in the web.config did not match any certificate in the SMS cert store.
Eventually, I traced this back to the Server's machine certificate (verses "client", as stated in the log, this lead me astray for awhile) autoenrolled/autorenewed last night, as it was expiring in a month or two. While IIS kept using the "renewed"
cert (as I expected it to) For whatever reason, IIS, Windows, SCCM, or whatever (in my opinion "should have" ) never updated the "CertificateThumbprint" values in the Web.Config files for CMApplicationCatalog and CMApplicationCatalogSVC
which look to have been set at initial install.
I had to manually update these values in both Web.Config files with the "new" thumbprint for this cert. After doing this, and restarting IIS, it began working immediately.
My question is, is this expected behavior? a bug? am I doing something incorrectly in my autoenroll/renew settings?