One of our admins replaced the IIS certificate on our SEPM server because it expires in a couple weeks (this was being done on lots of machines due to the expiration). Since then, the vast majority of clients stopped reporting their status and stopped getting definitions updates. Honestly, I only think new clients are the ones that are working properly. I have about 4,000 clients not getting updates and 10 or so that are.
I'm contemplating restoring the old certificate, but we only have a couple weeks to figure out how to do this properly, since the cert expires. Of course, there is the possibility the certificate change had nothing to do with this, but it seems too coincidental to have been something else.
I've tried a few things I found on the forum, like deleting the client out, but it does not solve the problem, best I can tell. Replacing the sylink.xml file on the machines doesn't seem to help either.
The sylink.log shows this entry:
<mfn_DoGetIndexFile200>Signature verification FAILED for Index File Content..
Any help or ideas would be appreciated. In case it matters, the new IIS certificate is a is a wildcard cert.