Problem Statement: I had installed Sitecore 10.1.0 on local without any issues. Due to organization policies, there is a trusted wildcard certificate that is installed due to which I start getting errors whenever I access anything related to xConnect. Experience analytics starts throwing 500 internal server errors as below and hence no data shows up on reports.
The Solution:
As soon as I saw the underlying error in the xConnect log which showed a specific error was due to the client certificate being invalid or untrusted. This error clearly pointed to Post on StackOverflow. According to it, the Trusted Root Certification Authorities (i.e. Root) store can only have certificates that are self-signed. If that store contains non-self-signed certificates, client certificate authentication under IIS returns with a 403.16 error code
With Powershell as our weapon, we can fix this problem by removing all non-self-signed certificates from the root store.
Step 1: Identify non-self-signed certificates using the below PowerShell command and executing it on PowerShell reveals certs:
Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject}
Step 2: Move these non-self-certificates to CA store using the below command
Get-Childitem cert:\LocalMachine\root -Recurse | Where-Object {$_.Issuer -ne $_.Subject} | Move-Item -Destination Cert:\LocalMachine\CA
Once you are done you can verify all errors on the Analytics dashboard are gone and starts showing beautiful charts as expected.