locked
CM Client Certs Expiration date is WAY in the future. RRS feed

  • Question

  • Hi,

     We had many devices that have issues registering themselves to MP. Upon checking on the SMS Cert, the expiration date is year 4115 to 8122. We can fix it by restart the service but it is like applying a bandage. What is the permanent solution?

    Thanks

     


    Tuan

    Tuesday, February 23, 2016 7:32 PM

All replies

  • Why is this a point of interest? By default, the self-signed certs that the ConfigMgr agent creates have an expiration date of 99 years in the future from the time they are created.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Tuesday, February 23, 2016 7:58 PM
  • Because when we pushed out a deployment for example IE11, all the devices with these certs missed. After a new cert is assigned, they started to receive and communicate properly. Year 8122 is not 99 years from 2016.

    Thanks


    Tuan


    • Edited by wawakiki Tuesday, February 23, 2016 9:20 PM
    Tuesday, February 23, 2016 9:19 PM
  • Are you talking about self-signed certs that ConfigMgr creates or are you using PKI?

    Torsten Meringer | http://www.mssccmfaq.de

    Wednesday, February 24, 2016 8:20 AM
  • Self-Signed Certs.

    Thanks


    Tuan

    Wednesday, February 24, 2016 9:18 PM
  • Are you sure the clients were working at all in the first-place?

    What troubleshooting do you do?


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Wednesday, February 24, 2016 9:25 PM
  • Repair client, client push install completed...but no deployment. Had to delete the cert.

    Tuan

    Thursday, February 25, 2016 10:43 PM
  • Sorry, not to be rude, but that's not troubleshooting. That's beating it with a hammer. Troubleshooting is looking at the logs files and actually trying to figure out where the process is breaking so that you can correct the issues causing the problem.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Friday, February 26, 2016 12:55 AM
  • This is when we passed the DCOM, WMI checks, and viewed all logs files.

    Tuan

    Tuesday, March 1, 2016 10:20 PM