SCCMentor
Established Members-
Posts
47 -
Joined
-
Last visited
Recent Profile Visitors
3263 profile views
SCCMentor's Achievements
-
Clients not getting self singed certs
SCCMentor replied to TeachMeSCCM's topic in Configuration Manager 2012
I tested this. I unchecked the box to remove eHTTP. I deleted the SMS Role SSL Certificate certificate from local machine. I wasn't able to select Not Selected - greyed out like you said. I then re-enabled eHTTP, it recreated the SMS Role SSL Certificate and I then set this in IIS. -
Clients not getting self singed certs
SCCMentor replied to TeachMeSCCM's topic in Configuration Manager 2012
Yes that's the cert. Was it generated by Configmgr or did you copy it from the other box? -
Clients not getting self singed certs
SCCMentor replied to TeachMeSCCM's topic in Configuration Manager 2012
-
Clients not getting self singed certs
SCCMentor replied to TeachMeSCCM's topic in Configuration Manager 2012
From the list of certs in the IIS binding -
Clients not getting self singed certs
SCCMentor replied to TeachMeSCCM's topic in Configuration Manager 2012
OK this will be potentially the problem then. So remove eHTTP by unchecking the box. Set the IIS SSL cert to 'Not selected' Keep an eye on the sitecomp and mpcontrol logs and ensure they complete removing eHTTP - just watch them until they stop churning over. Reenable the check box. Watch the sitecomp log again, keep an eye out for 'Detected change in SSLState for client settings' Then check back in certlm.msc for the SMS Role SSL Certificate cert in the personal store and then see if it's bound to IIS. At that point, restart the ccmexec services on the endpoint and see what clientidmanagerstartup log does. Does it get an 'Retrieved Certificate options successfully' entry and then check for cert? -
Clients not getting self singed certs
SCCMentor replied to TeachMeSCCM's topic in Configuration Manager 2012
Do you have a cert called SMS Role SSL Certificate? This is generated by when enabling eHTTP and is automatically bound to IIS. If you were running full PKI previously it's possible that hasn't been set (I've seen this happen before where the SMS Role SSL Cert doesn't get generated due to an old PKI cert) Check for the cert in your certlm.msc console on the server running the MP Note also that the errors you have in the clientidmanagerstartup and cert maintenance logs - I get these also in my eHTTP site. I've noticed that the ConfigMgr applet doesn't have all the tabs and that the clientidmanager log still reports are registration pending. Does the client complete registration? Hard to know when we are working off screenshots. Cheers -
Clients not getting self singed certs
SCCMentor replied to TeachMeSCCM's topic in Configuration Manager 2012
What cert is bound to IIS? -
No. Since the process will need to talk to the MBAM endpoints
-
you can mount the wim and inject the cab files. https://sccmentor.com/2013/06/11/add-language-packs-to-an-offline-wim-file/
-
Details from TechNet Package https://technet.microsoft.com/en-gb/library/gg682112.aspx?f=255&MSPPError=-2147217396 Applications https://technet.microsoft.com/en-gb/library/gg682159.aspx