locked
Mac OSX Client GUID too Unique? RRS feed

  • Question

  • We are trying to work through the logistics of managing Mac OS X in SCCM 2012 SP1 CU1. What we are seeing is that every time we re-install the OS, we end up with a new device in SCCM. This really messes with our ability to keep collection memberships persistent across OS installations. Is this the intended behavior? Is there a better way? Here are the steps we are taking:

    1. Install OS X using a NetRestore workflow
    2. Install the SCCM Client
    3. Run CMEnroll (as the same service account each time)
    4. Reboot

    Hope we aren't all alone on this one. :)

    Friday, May 10, 2013 9:18 PM

All replies

  • Are you using the exact same client certificate each time you reinstall the OS?


    Jason | http://blog.configmgrftw.com

    Sunday, May 12, 2013 3:45 PM
  • No, we are following the documented procedure for enrolling a device using CMEnroll. This does create a new Client Authentication certificate at each enrollment. The certificates that are created do not permit export with private key. I figure that we might be able to adjust this through the certificate template, export a cert for each machine, and do some custom scripting to associate a certificate with a specific machine. It just seems odd that we would have to work that hard to make SCCM track a machine. Do you think that this is really what will be required?

    Monday, May 13, 2013 2:56 PM
  • How else would ConfigMgr know it's the same managed resource?

    With Windows systems, it uses a unique HW id for each device but even then default behavior is to create a new resource unless the SID (stored in AD) matches.

    The challenge you are describing is a primary reason to never (or sparingly) use direct membership rules and instead use query rules that query for something that would persist between the "reimage" like OU, model number, or even system name.


    Jason | http://blog.configmgrftw.com

    Monday, May 13, 2013 3:16 PM
  • I'll be honest, I was kind of expecting the machine to be tracked by serial number, or MAC address, or something that is actually related to the hardware. Anyone tackled this yet?
    Monday, May 13, 2013 4:11 PM
  • Serial number of what though? If you swap the MB, the serial number changes. Is that now a new system? Same for MAC address. What if the system has multiple NICs or you swap NICs, then what. Using something fixed like does not account for the many possibilities.

    Jason | http://blog.configmgrftw.com

    Monday, May 13, 2013 4:17 PM
  • Using something fixed like does not account for the many possibilities.
    Well, sure, but I can tell you that in practice, the MoBo changes far less frequently than the operating system install. On the Windows side, the SID can persist given a consistent hostname, but on the OS X side, we are not being offered that option. My expectations don't determine technical capabilities, I'm just wondering if anyone out there reading this forum has made an attempt at solving this problem before we engineer something from scratch.
    Monday, May 13, 2013 5:13 PM