locked
SCCM Certificate Install Issues RRS feed

  • Question

  • Hi guys, running SCCM 2012 RTM. Having issues with some of the clients not installing client certificates. When opening configuration manager properties I can see that client certificate = none. Getting around this at the moment by uninstalling the client and then reinstalling the client from the console. Normally on healthy clients we see "Client Certificate = self signed" Any help here would be great. Not using HTTPS client communication or PKI certficates

    Thanks

    Nick

    
    Wednesday, June 20, 2012 2:24 AM

Answers

All replies

  • How are yo installing the clients?

    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Wednesday, June 20, 2012 2:03 PM
  • Hi Jason, this is via task sequence during OSD
    Tuesday, June 26, 2012 10:54 PM
  • Thanks for the reply Torsten, not 100% sure. I have to wait until we see this again on a machine. Will post results of this
    Wednesday, July 4, 2012 5:25 AM
  • Hi Nickm34,

    did you resolve this issue? all my deployed machines are coming up as "Client Certificate: None" and only have two items in the actions tab.

    As far as i can tell certificates should be fine, followed the technet step by step and the client has a configmgr client certificate in its personal store

    Friday, August 10, 2012 2:14 PM
  • Hi,

    same issue on my CM 2012 site, no client certificate available after ConfigMgr Client install. I have installed the clients manually using smssitecode command line. Client installation seems to be successfull (msi-log), only the client certificate is not available.

    Any hints or tips to resolve this issue?

    Thanks

    Jan


    • Edited by Jan Partner Wednesday, August 15, 2012 12:15 PM
    Wednesday, August 15, 2012 9:01 AM
  • How are you verifying that the client cert is not available and what is not happening that you expect to be happening?

    WHave you reviewed ccmsetup.log?


    Jason | http://blog.configmgrftw.com


    Wednesday, August 15, 2012 1:23 PM
  • Hi Jason,

    thanks for your fast response.

    In configuration manager client properties the value of client certificate is: none. I think the value should be something like "self registered".

    ccmsetup.log seems to be ok, i can´t find any error, warnings or other hints.

    Thanks

    Jan


    • Edited by Jan Partner Wednesday, August 15, 2012 1:52 PM
    Wednesday, August 15, 2012 1:52 PM
  • Yes, it should be self-signed. Have you checked ccmexec.log?

    Jason | http://blog.configmgrftw.com

    Wednesday, August 15, 2012 1:54 PM
  • the only error i can find in ccmexec.log is "failed to open WMI Namespace \\...." (8007045b). This error already happened yesterday, today there are no errors or warning visible in ccmexec.log

    
    Wednesday, August 15, 2012 2:06 PM
  • How about policyagent.log, clientidstartupmanager.log, and certificatemaintenance.log?

    How many actions do you have on the actions tab?

    Have you opened the certificates snap-in for the local computer to see if there are any certs there?


    Jason | http://blog.configmgrftw.com

    Wednesday, August 15, 2012 3:18 PM
  • Hi Jason,

    I had an error "failed to verify signature of message received from MP Using name" in CertificateMaintenance.log

    So I tested the connection to MP using http://servername.domain.com/SMS_MP/.sms_aut?mpcert and http://servername.domain.com/SMS_MP/.sms_aut?mplist (without Errors).

    I had two sms certificates imported on local computer.

    After that i solved the issue by removing and adding MP Server Role on SCCM Server.

    Thank you for your support!
    Jan

    Wednesday, August 15, 2012 7:55 PM
  • Hi guys, I have not had this issue reappear so unable to get log files for the install. Unable to replicate this issue on demand. What is strange is that the SMS certificate had installed on the effected clients in the local cert store and was not expired but when opening "Configuration Manager" from control panel it shows client certificate:none

    Any idea on a query I could run to identify these clients which have Client Cerfificate: "none'

    Thanks

    Wednesday, August 22, 2012 11:56 PM
  • Hey

    I have the same problem.... after deploy the computers are showing "PKI" - but after some time the client certificate is "none".

    Anyone?

    Saturday, October 27, 2012 4:12 PM
  • I've been chasing this for months. (Clients only have two actions displayed in Control panel\System\Configuration Manager, certificate type says None), and in the SCCM server console they always say inactive or No Client Installed, with no client properties shown. Also missing the Microsoft System Center 2012 R2\Software Center in All Programs. After doing just about EVERYTHING I could find on the forums, including but not limited to, reviewing the neverending and ridiculously cryptic logs on the clients and server, CONSTANT reinstalls, forced uninstalls of the client, manual or push installs of ccmsetup, disjoining and rejoining domain, etc.... the only thing that finally seems to have corrected it was manually going in and updating\approving all my WSUS updates in the SUS console, not in SCCM. Then windows updating my SCCM server, then removing and reinstalling the MP role. After rebooting the rogue clients and the sccm server, everything is reporting and communicating now. It was either one of, or a combination of, all of these steps. Good luck to you.
    • Edited by mookyrooky Thursday, July 9, 2015 7:25 PM
    Thursday, July 9, 2015 7:20 PM
  • Mookyrooky, that worked!!

    3 days troubleshooting the issue and now its fixed.  All i did was removed the MP role, reboot the server, re-install the MP and another reboot, and then reboot the client.  Now my clients are showing ACTIVE in SCCM.

    Thanks!

    Wednesday, August 12, 2015 3:13 PM