New solution: System Center Mobile Device Manager 2008 SP1 device certificate renewal request fails after 12 months

After being enrolled for a year, a System Center Mobile Device Manager (SCMDM) managed device may fail to renew its client certificate.  As a result it will fail to connect to the SCMDM VPN successfully.

Additionally, the issuing Certificate Authority Application Event Log contains a warning similar to the following:

Event Type: Warning
Event Source: CertSvc
Event ID: 53
Description:
Certificate Services denied request 97 because The request contains conflicting template information. 0x80094802 (-2146875390).  The request was for CN=device.contoso.com.  Additional information: Denied by Policy Module  0x80094802, The request specifies conflicting certificate templates: 1.3.6.1.4.1.311.21.8.13101452.6590778.3820446.1524682.2069567.226.1027488195.1669196290/SCMDMMobileDevice(MDM1).

This can occur if there is a space in the template name.  When the SCMDM managed device requests to renew its client certificate, the space character in the template name is dropped.  As a result, the certification authority cannot process the request and results in the above error.

For the latest information on this issue including the resolution, see the following Knowledge Base article:

KB2273458 - System Center Mobile Device Manager 2008 SP1 device certificate renewal request fails after 12 months

J.C. Hornbeck | System Center Knowledge Engineer