I saw a tweet today shown below. It gave me a semi-panic feeling as today is the 26th, and the patch by date is tomorrow. I’m on vacation but remembered I have a few CM2203 labs with tenant attach enabled, so I paid attention as the date you need to fix it by is tomorrow the 27th of July, 2022.
I re-tweeted it, and fired up one of my 2203 tenant attach labs with the hope of solving this potential problem.
So what is the actual problem ? It all relates to tenant attach client actions failing as described here.
“When you run a client action from the Microsoft Endpoint Manager admin center, Configuration Manager components for tenant attach fail to connect to the backend cloud service with the following error:
Failed to check and load service signing certificate. System.ArgumentException: Mismatch certificate subject name“
Pay close attention to the version of ConfigMgr affected (CM2203) and the date (July 27th, 2022).
according to the docs…
After the change in public certificates on July 27, 2022, OU=Microsoft Corporation is removed from the public certificate subject name, but the configuration manager database still has the old subject name, which causes the load check failure.
To fix this issue, use one of the following methods:
- If you are running Configuration Manager version 2203, install the Configuration Manager version 2203 hotfix rollup.
- If you are running a previously supported version of Configuration Manager, upgrade to Configuration Manager version 2203 and install the Configuration Manager version 2203 hotfix rollup.
So based on the above, if you are running a version of ConfigMgr that is less that version 2203 you need to upgrade to 2203 before installing that hotfix rollup today IF you also use tenant attach client actions otherwise you’ll need to contact Microsoft support.
So I logged onto my lab and there was the ConfigMgr 2203 Hotfix Rollup waiting to be installed.
So I installed it.
after it’s done it should look like this.