locked
PKI Certificate internal CA RRS feed

  • Question

  • Hi All

    I'm trying to move my SCCM from HTTP to HTTPS with pki certificated created from internat CA and I've followed all the steps to create the WebServer Cert, DP Cert and Client cert, set auto enrol, I can see client cert showing up on clients and SCCM Configuration manager on client control panel showing up as PKI. My issue is now I new application or updates are not showing up in software center, there's couple of machine with an application just deployed showing up but suck in downloading at 0%. Also getting the error 0x800004005 when running task sequence to build OSD, below is smsts.log from OSD task sequence

    What am I missing?????

    Please help

    LOGGING: Finalize process ID set to 912 TSBootShell 10/07/2018 12:30:21 PM 916 (0x0394)
    ==============================[ TSBootShell.exe ]============================== TSBootShell 10/07/2018 12:30:21 PM 916 (0x0394)
    Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL' TSBootShell 10/07/2018 12:30:21 PM 916 (0x0394)
    Debug shell is enabled TSBootShell 10/07/2018 12:30:21 PM 916 (0x0394)
    Waiting for PNP initialization... TSBootShell 10/07/2018 12:30:21 PM 960 (0x03C0)
    RAM Disk Boot Path: NET(0)\S010029A.3.WIM TSBootShell 10/07/2018 12:30:22 PM 960 (0x03C0)
    Booted from network (PXE) TSBootShell 10/07/2018 12:30:22 PM 960 (0x03C0)
    Network(PXE) path: X:\sms\data\ TSBootShell 10/07/2018 12:30:22 PM 960 (0x03C0)
    Found config path X:\sms\data\ TSBootShell 10/07/2018 12:30:22 PM 960 (0x03C0)
    Booting from removable media, not restoring bootloaders on hard drive TSBootShell 10/07/2018 12:30:22 PM 960 (0x03C0)
    X:\sms\data\WinPE does not exist. TSBootShell 10/07/2018 12:30:22 PM 960 (0x03C0)
    X:\_SmsTsWinPE\WinPE does not exist. TSBootShell 10/07/2018 12:30:22 PM 960 (0x03C0)
    Executing command line: wpeinit.exe -winpe TSBootShell 10/07/2018 12:30:23 PM 960 (0x03C0)
    The command completed successfully. TSBootShell 10/07/2018 12:30:27 PM 960 (0x03C0)
    Setting offline Windows drive and OS root directory to TS envirtonment. TSBootShell 10/07/2018 12:30:27 PM 960 (0x03C0)
      Processing volume A:\  TSBootShell 10/07/2018 12:30:28 PM 960 (0x03C0)
      Volume A:\ is not a local hard drive. TSBootShell 10/07/2018 12:30:28 PM 960 (0x03C0)
      Processing volume C:\  TSBootShell 10/07/2018 12:30:28 PM 960 (0x03C0)
    pOs != NULL, HRESULT=80070490 (..\offlineos.cpp,89) TSBootShell 10/07/2018 12:30:29 PM 960 (0x03C0)
    Unable to find a Windows system root at C:\ TSBootShell 10/07/2018 12:30:29 PM 960 (0x03C0)
      Processing volume D:\  TSBootShell 10/07/2018 12:30:29 PM 960 (0x03C0)
    OfflineRegistry::Init("D:\WINDOWS") TSBootShell 10/07/2018 12:30:29 PM 960 (0x03C0)
    Loading offline registry hive "D:\WINDOWS\system32\config\software" into HKLM\OfflineRegistry1 TSBootShell 10/07/2018 12:30:29 PM 960 (0x03C0)
    Loading offline registry hive "D:\WINDOWS\system32\config\system" into HKLM\OfflineRegistry2 TSBootShell 10/07/2018 12:30:30 PM 960 (0x03C0)
    CurrentControlSet is mapped to ControlSet001 TSBootShell 10/07/2018 12:30:30 PM 960 (0x03C0)
      Volume D:\ is a valid volume with Windows system root at D:\WINDOWS. TSBootShell 10/07/2018 12:30:30 PM 960 (0x03C0)
    Settinge offline Windows drive and OS root directory to boot shell environment variables TSBootShell 10/07/2018 12:30:30 PM 960 (0x03C0)
    _OSDDetectedWinDrive='D:\', _OSDDetectedWinDir='D:\WINDOWS' TSBootShell 10/07/2018 12:30:30 PM 960 (0x03C0)
    Unloading offline SOFTWARE registry hive TSBootShell 10/07/2018 12:30:30 PM 960 (0x03C0)
    Unloading offline SYSTEM registry hive TSBootShell 10/07/2018 12:30:30 PM 960 (0x03C0)
    Starting DNS client service. TSBootShell 10/07/2018 12:30:30 PM 960 (0x03C0)
    Executing command line: X:\sms\bin\x64\TsmBootstrap.exe /env:WinPE /configpath:X:\sms\data\ TSBootShell 10/07/2018 12:30:31 PM 960 (0x03C0)
    The command completed successfully. TSBootShell 10/07/2018 12:30:31 PM 960 (0x03C0)
    ==============================[ TSMBootStrap.exe ]============================== TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Command line: X:\sms\bin\x64\TsmBootstrap.exe /env:WinPE /configpath:X:\sms\data\ TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL' TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Succeeded loading resource DLL 'X:\sms\bin\x64\TSRESNLC.DLL' TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Current OS version is 10.0.17134.0 TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Adding SMS bin folder "X:\sms\bin\x64" to the system environment PATH TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    PXE Boot with Root = X:\ TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Executing from PXE in WinPE TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Verifying Media Layout. TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    MediaType = BootMedia TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    PasswordRequired = true TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Found network adapter "Intel 21140-Based PCI Fast Ethernet Adapter (Emulated)" with IP Address 10.1.2.27. TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Firewall service is already running. TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Firewall service is already running. TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    ShellExecute ('raserver.exe') failed. 0x80070002. TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Loading Media Variables from "X:\sms\data\variables.dat" TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    CryptDecrypt (hKey, 0, 1, 0, pData, &dwDecryptedLen), HRESULT=80090005 (..\windes.cpp,165) TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    SMS::Crypto::DES::DecryptBuffer( (BYTE*)pszPassword, (DWORD)(wcslen(pszPassword)*sizeof(WCHAR)), encryptedBuffer.getBuffer(), (DWORD)encryptedBuffer.size(), pbDecryptedBuffer, dwDecryptedBufferSize ), HRESULT=80090005 (..\tsremovablemedia.cpp,387) TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Running Wizard in Interactive mode TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Loading Media Variables from "X:\sms\data\variables.dat" TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    CryptDecrypt (hKey, 0, 1, 0, pData, &dwDecryptedLen), HRESULT=80090005 (..\windes.cpp,165) TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    SMS::Crypto::DES::DecryptBuffer( (BYTE*)pszPassword, (DWORD)(wcslen(pszPassword)*sizeof(WCHAR)), encryptedBuffer.getBuffer(), (DWORD)encryptedBuffer.size(), pbDecryptedBuffer, dwDecryptedBufferSize ), HRESULT=80090005 (..\tsremovablemedia.cpp,387) TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Activating Welcome Page. TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    Loading bitmap TSMBootstrap 10/07/2018 12:30:31 PM 1296 (0x0510)
    WelcomePage::OnWizardNext() TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    Loading Media Variables from "X:\sms\data\variables.dat" TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    CryptDecrypt (hKey, 0, 1, 0, pData, &dwDecryptedLen), HRESULT=80090005 (..\windes.cpp,165) TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    SMS::Crypto::DES::DecryptBuffer( (BYTE*)pszPassword, (DWORD)(wcslen(pszPassword)*sizeof(WCHAR)), encryptedBuffer.getBuffer(), (DWORD)encryptedBuffer.size(), pbDecryptedBuffer, dwDecryptedBufferSize ), HRESULT=80090005 (..\tsremovablemedia.cpp,387) TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    Loading Media Variables from "X:\sms\data\variables.dat" TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    CryptDecrypt (hKey, 0, 1, 0, pData, &dwDecryptedLen), HRESULT=80090005 (..\windes.cpp,165) TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    SMS::Crypto::DES::DecryptBuffer( (BYTE*)pszPassword, (DWORD)(wcslen(pszPassword)*sizeof(WCHAR)), encryptedBuffer.getBuffer(), (DWORD)encryptedBuffer.size(), pbDecryptedBuffer, dwDecryptedBufferSize ), HRESULT=80090005 (..\tsremovablemedia.cpp,387) TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    Verifying media password. TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    Loading Media Variables from "X:\sms\data\variables.dat" TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    Spawned thread 1356 to download policy. TSMBootstrap 10/07/2018 12:31:18 PM 1296 (0x0510)
    Entering TSMediaWizardControl::GetPolicy. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Creating key 'Software\Microsoft\SMS\47006C006F00620061006C005C007B00350031004100300031003600420036002D0046003000440045002D0034003700350032002D0042003900370043002D003500340045003600460033003800360041003900310032007D00' TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Environment scope successfully created: Global\{51A016B6-F0DE-4752-B97C-54E6F386A912} TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Creating key 'Software\Microsoft\SMS\47006C006F00620061006C005C007B00420041003300410033003900300030002D0043004100360044002D0034006100630031002D0038004300320038002D003500300037003300410046004300320032004200300033007D00' TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Environment scope successfully created: Global\{BA3A3900-CA6D-4ac1-8C28-5073AFC22B03} TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    If current logging settings specify more logging details to be preserved, udpate these settings in TS environment TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Current LogMaxSize is saved to TS environment since it has not been saved before TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Current LogMaxHistory is saved to TS environment since it has not been saved before TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Current LogLevel is saved to TS environment since it has not been saved before TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Current LogEnabled is saved to TS environment since it has not been saved before TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Current LogDebug is saved to TS environment since it has not been saved before TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting to TS environemnt _OSDDetectedWinDrive=D:\ TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting to TS environemnt _OSDDetectedWinDir=D:\WINDOWS TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    UEFI: false TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Loading variables from the Task Sequencing Removable Media. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Loading Media Variables from "X:\sms\data\variables.dat" TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Succeeded loading resource DLL 'X:\sms\bin\x64\1033\TSRES.DLL' TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting SMSTSLocationMPs TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSMediaGuid TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSBootMediaPackageID TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSBootMediaSourceVersion TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSBrandingTitle TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSCertSelection TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSCertStoreName TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSDiskLabel1 TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSHTTPPort TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSHTTPSPort TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSIISSSLState TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSMediaCreatedOnCAS TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSMediaPFX TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSMediaSetID TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSMediaType TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSPublicRootKey TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSRootCACerts TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSSiteCode TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSSiteSigningCertificate TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSStandAloneMedia TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSSupportUnknownMachines TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSTimezone TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSUseFirstCert TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSx64UnknownMachineGUID TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Setting _SMSTSx86UnknownMachineGUID TS environment variable TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Importing certificates to root store... TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Importing certificates to root store TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Added certificate to store or replaced matching certificate in store. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Support Unknown Machines: 1 TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Custom hook from X:\\TSConfig.INI is  TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    No hook is found to be executed before downloading policy TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Authenticator from the environment is empty. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Need to create Authenticator Info using PFX TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Initialized CStringStream object with string: 1850F029-2D1F-4AD1-A8B8-5FED18D255BD;2018-07-10T20:31:18Z. TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Using user-defined MP locations: https://BR-S-SCCM12.brisbane.jtai.com.au TSMBootstrap 10/07/2018 12:31:18 PM 1356 (0x054C)
    Current


    Tuesday, July 10, 2018 2:46 AM

All replies

  • Did you import the certificate for the distribution point and configure the https bindings for IIS? There is a full guide you can follow here https://blogs.technet.microsoft.com/configmgrdogs/2015/01/21/configmgr-2012-r2-certificate-requirements-and-https-configuration/
    Tuesday, July 10, 2018 5:10 AM
  • Hi Sam,

    Is HTTPS only enabled in your environment? If so, please refer to the following article:

    Create a ConfigMgr Client template for WinPE Images

    This step is only needed if you have all you MP/DP running in https. In this step we are creating a Client Authentication certificate that will be used to generate certificate for WinPE images, which will later contact MP and DP on Https.

    https://blogs.technet.microsoft.com/configmgrdogs/2015/01/21/configmgr-2012-r2-certificate-requirements-and-https-configuration/

    Best regards,
    Larry


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, July 10, 2018 6:30 AM
  • Hi Nick

    Thanks for the reply, yes I followed exactly this instruction to create the certificates. These are the certificates I created

    3 certificates

    My WSUS and SCCM on same server. Under client computers I can see the SCCM client certificate showing up from Auto Encrolment (GPO)

    I bind the Default Web with the SCCM IIS Certificate and change the SSL settings for the WSUS Sites as required.

    I imported the SCCM DP Certificate for the Distribution Point.

    Is the SCCM DP Certificate same as the WinPE certificate to include in boot image?

    Tuesday, July 10, 2018 12:50 PM
  • Hi is the SCCM DP certificate same cert to include as WinPE cert in boot image for OSD?

    I've set to HTTPS only 

    Tuesday, July 10, 2018 12:51 PM
  • > "Is the SCCM DP Certificate same as the WinPE certificate to include in boot image?"

    Same certificate? No, not necessarily (although technically it can be).

    Same certificate type created from the same template? Yes, generally folks, use the same cert template for these two types of certificates needed in the environment.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, July 10, 2018 5:05 PM
  • Hi Sam,

    I hope this helps:

    "The requirements for this certificate are the same as the server certificate for site systems that have a distribution point installed. Because the requirements are the same, you can use the same certificate file."

    "This certificate is temporary for the task sequence and not used to install the client. When you have an environment with HTTPS only, the client must have a valid certificate for the client to communicate with the site and for the deployment to continue. The client can automatically generate a certificate when the client is joined to Active Directory, or you can install a client certificate by using another method."

    For more about the certificate requirements, please refer to the following article:

    https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements

    Best regards,
    Larry


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.



    Wednesday, July 11, 2018 2:01 AM