locked
Client Push Installation Properties RRS feed

  • Question

  • Hi,

    I installed clients on almost 80% of the computers by using Client Push. Then I needed to use PKI and I removed all the clients and  reinstall the client with the switchesbelow by using GPO method. Using GPO method failed on a lot of computers. So I will not be using GPO for client install.

    /usepkicert smsmp=srvsccm2012.mydomain.local ccmhostname=sccm.mydomain.com  /logon smssitecode=ISU

    Now I am wondering if I can use the switch above with Client Push Installation? There is a Installation Properties tab under Client Push Installation. This is the window I am talking about:

    Please see the Picture

    If it is not possible to use the switches that I need, please tell me the best method to install clients with PKI support.


    Yavuz Selim Atmaca

    Monday, May 26, 2014 1:50 PM

Answers

  • There was no need for you to re-install the clients simply for them to start using a PKI cert. All you had to do was flip the switch in the console for the site that allows them to use the PKI cert.

    Also, CCMALWAYSINF sets the client Internet-only, not just HTTPS and based MP.

    So, are you simply changing the clients use a PKI cert or are you also setting them to be Internet *only*?

    As a final note, all switches to ccmsetup (those starting with a forward-slash), must appear before properties (those without a forward-slash) on the command-line.


    Jason | http://blog.configmgrftw.com

    Monday, May 26, 2014 11:13 PM

All replies

  • See here:

    http://technet.microsoft.com/en-us/library/gg699356.aspx

    And to my knowledge the PKI can be switched on on-the-fly, there's no need to reinstall clients, as long as both HTTP/HTTPS are both configured.

    • Edited by Narcoticoo Monday, May 26, 2014 4:33 PM
    Monday, May 26, 2014 4:32 PM
  • At the beginning SCCM was intranet only, therefore it was using HTTP communication only. Then I created PKI environment and installed certificates to server and clients. Because we need to install the certs prior to installing the client. I have to re-install clients with PKI support using the install command below. Command also informs the client about the internet MP when Intranet MP is not available.

    /usepkicert smsmp=srvsccm2012.mydomain.local ccmhostname=sccm.mydomain.com  /logon smssitecode=ISU

    If we notice the picture that I posted above, it says "Specify any client.msi installation properties that you require when you install configuration manager client software. Do not specify installation properties for CCMSetup.exe"

    That is what confused me because when I read the link that you posted says:

    The properties described in the following table can modify the installation behavior of client.msi. If you use the client push installation method, you can also specify the properties in the Client tab of the Client Push Installation Properties dialog box.

    Example: CCMSetup.exe /UsePKICert CCMALWAYSINF=1 CCMHOSTNAME=SERVER3.CONTOSO.COM SMSSITECODE=ABC

    SCCM client push installation properties windows says DO NOT SPECIFY CCMSETUP.EXE but  the example they give is starting with CCMSETUP.exe. I will test it tomorrow and see if my switches work or not.


    Yavuz Selim Atmaca

    Monday, May 26, 2014 5:23 PM
  • There was no need for you to re-install the clients simply for them to start using a PKI cert. All you had to do was flip the switch in the console for the site that allows them to use the PKI cert.

    Also, CCMALWAYSINF sets the client Internet-only, not just HTTPS and based MP.

    So, are you simply changing the clients use a PKI cert or are you also setting them to be Internet *only*?

    As a final note, all switches to ccmsetup (those starting with a forward-slash), must appear before properties (those without a forward-slash) on the command-line.


    Jason | http://blog.configmgrftw.com

    Monday, May 26, 2014 11:13 PM
  • Hi Jason,

    The reason to use PKI cert is to be able to make my clients talk to the MP from Intranet and Internet (both).

    Somewhere on the internet, I read "we need to install the certs prior to installing the client", that is why I uninstalled all clients :(

    Ok then, I will just do Client-Push Install with default settings, then it will work on Intranet & Internet.

    Thanks


    Yavuz Selim Atmaca

    Tuesday, May 27, 2014 6:10 AM
  •  I read "we need to install the certs prior to installing the client"
    That's true; however, your client are already installed and communicating with the site so you're already past that point.

    Jason | http://blog.configmgrftw.com

    Tuesday, May 27, 2014 12:59 PM