This is an expected behaviour between ITCM 14.0 SP1/SP2 and legacy (pre 14.0 SP1) ITCM machines.
In ITCM 14.0 SP1 (14.0.1000.194), the support for SHA2 certificates was introduced.
ITCM 14.0 SP1 uses the SHA2 certificate by default to establish sessions. Since, SHA2 certificates are not available on pre 14.0 SP1 Scalability Servers/Agents, they can not verify the authenticity of the received message. Therefore, they throw up the error: "The received message was certified by a certificate which is signed by untrusted root". The same error is recorded in the system event logs.
After this failure, the 14.0 SP1 machine uses SHA1 certificate to set up a session with pre 14.0 SP1 machines.