My entire site is configured to use HTTPS, about half my clients have installed and continue to communicate with the MP successfully whereas the other half are reporting the following error during installation:

MP has rejected registration request due to failure in client certificate (Subject Name: COMPUTER.DOMAIN.COM) chain validation. If this is a valid client, Configuration Manager Administrator needs to place the Root Certification Authority and Intermediate Certificate Authorities in the MPs Certificate store or configure Trusted Root Certification Authorities in primary site settings. The operating system reported error 2148204809: A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider. 

The thing is, ALL clients have the same Root Certification Authority and Intermediate Certificate Authorities, any thoughts?

Hi,

Is possible that half of your clients are enrroll in your PKI infrastruture with a root certificate old of you Certificate authority and you only have one certifiacate register un the SCCM, you can't have 2 root certificate with the same subject but you can re-enrroll all your client machine if have auto-enrroll configured by GPO's.

I will Attach 2 snapshot's that can help to identify if you root ca certificate in SCCM are correct and are the same that the certificate root authority in you client certificate, if you like re-enrroll all your machine to ensure that all clients machine have the same root ca you can see how in this link http://windowsitpro.com/security/q-there-easy-way-automatically-re-enroll-certificate-holders-received-certificate-old-ca-ne

Client Side

Yes, I know this is an old post, but Im trying to clean them up. Did you solve this problem, if so what was the solution?

Since no one has answer this post, I recommend opening  a support case with Microsoft Customer Support Services (CSS) as they can work with you to solve this problem.