dambrosioj Posted November 10, 2015 Report post Posted November 10, 2015 I am having trouble with some of our workgroup computers in our PKI HTTPS only environment. These machines are not added to the domain but to a workgroup so I am not sure how to get the PKI Workgroup cert to add and have the client connect to the management point correctly. I tried to follow this tutorial with no luck. http://ittherapist.net/2014/01/16/sccm-2012-r2-os-deployment-with-pki-https/ I believe I have all boundaries and everything setup it just is failing when it gets to either software updates or applications. Curious to see what others are doing for importing a workgroup cert , and commands for the configuration manager client.By the way this is in OSD Task sequence I am having trouble. I can manually import the cert afterwards and everything works fine.EDIT: So this is what I am getting now. I am able to import the cert in the task sequence and changed my switches to: FSP=mysite.local SMSMP=mysite.local CCMLOGLEVEL=0 CCMLOGMAXHISTORY=2 CCMLOGMAXSIZE=2000000 SMSCACHESIZE=20000 Software Updates client configuration policy has not been received. UpdatesDeploymentAgent 11/10/2015 9:54:15 AM 3464 (0x0D88) Software updates functionality will not be enabled until the configuration policy has been received. If this issue persists please check client/server policy communication. UpdatesDeploymentAgent 11/10/2015 9:54:15 AM 3464 (0x0D88) Software Updates feature is disabled UpdatesDeploymentAgent 11/10/2015 9:54:15 AM 3464 (0x0D88) CUpdatesLocalSettings::GetUserExperienceFlag - Got UserExperienceFlag = Default UpdatesDeploymentAgent 11/10/2015 9:54:15 AM 3464 (0x0D88) IsRebootNeeded: nNotifyUICount = 0, set overal NotifyUI = True UpdatesDeploymentAgent 11/10/2015 9:54:15 AM 3464 (0x0D88) No current service window available to run updates assignment with time required = 1 UpdatesDeploymentAgent 11/10/2015 9:54:15 AM 3464 (0x0D88) It just seems the updates part is not starting in the client. Once the sequence fails I am able to login and see the client is indeed connected and in PKI Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted November 10, 2015 Report post Posted November 10, 2015 It looks like the software update agent is disabled. Did you enable the software update agent in the default client policy or a custom client policy (targeted to the device). Quote Share this post Link to post Share on other sites More sharing options...
dambrosioj Posted November 10, 2015 Report post Posted November 10, 2015 It looks like the software update agent is disabled. Did you enable the software update agent in the default client policy or a custom client policy (targeted to the device). Yes it is enabled, it works fine once I login and then manually force a machine policy refresh then manually force the software update from the client. It just seems it is not working in the task sequence Quote Share this post Link to post Share on other sites More sharing options...
RichMawdsley Posted November 12, 2015 Report post Posted November 12, 2015 Can you post a screenshot of your TS. Quote Share this post Link to post Share on other sites More sharing options...
