If you use tenant attach client management actions then update TODAY to avoid disruption

Introduction

I saw a tweet today shown below. It gave me a semi-panic feeling as today is the 26th, and the patch by date is tomorrow.  I’m on vacation but remembered I have a few CM2203 labs with tenant attach enabled, so I paid attention as the date you need to fix it by is tomorrow the 27th of July, 2022.

I re-tweeted it, and fired up one of my 2203 tenant attach labs with the hope of solving this potential problem.

Problem

So what is the actual problem ? It all relates to tenant attach client actions failing as described here.

“When you run a client action from the Microsoft Endpoint Manager admin center, Configuration Manager components for tenant attach fail to connect to the backend cloud service with the following error:

Failed to check and load service signing certificate. System.ArgumentException: Mismatch certificate subject name

Pay close attention to the version of ConfigMgr affected (CM2203) and the date (July 27th, 2022).

according to the docs…

Cause

After the change in public certificates on July 27, 2022, OU=Microsoft Corporation is removed from the public certificate subject name, but the configuration manager database still has the old subject name, which causes the load check failure.

Resolution

To fix this issue, use one of the following methods:

So based on the above, if you are running a version of ConfigMgr that is less that  version 2203 you need to upgrade to 2203 before installing that hotfix rollup today IF you also use tenant attach client actions otherwise you’ll need to contact Microsoft support.

So I logged onto my lab and there was the ConfigMgr 2203 Hotfix Rollup waiting to be installed.

So I installed it.

after it’s done it should look like this.

Related reading

This entry was posted in 2203, hotfix rollup, tenant attach client action certificate issue. Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.