none
Client Kommunikation von Self Signed Certificate auf PKI

    General discussion

  • Hallo,

    habe vor kurzen eine SCCM 2016 ( Build 1710) Umgebung auf PKI umgestellt.

    Soweit so gut. Per GPO wird das PKI Client Certificate auf allen Clients verteilt.

    Alle neu installierten Clients haben das Client Certifikate der PKI. Unabhängig ob ich das als "Client Push" oder per Script über die CCMSETUP.exe durchführe.

    Bei allen bestehenden Clients (Die vor der Umstellung auf PKI) habe ich immer noch das Self Signed Certicate als Client Certicate.

    Nur durch eine Deinstallation und Installation des Agents kann ich das ändern.

    Kann ich das nicht eleganter lösen ?

    Viele Grüße

    Marian


    • Edited by marian_1 Thursday, February 8, 2018 5:36 PM
    Thursday, February 8, 2018 4:20 PM

All replies

  • Was steht denn im LocationServices.log?

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, February 9, 2018 7:16 AM
    Answerer
  • Hallo,

    in der LocationServices.log steht folgendes:

    <![LOG[LSIsSiteCompatible : Verifying Site Compatibility for <RAS>]LOG]!><time="13:45:35.961-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:5779">

    <![LOG[Retrieved MP [mssccm.firma.int] from Registry]LOG]!><time="13:45:35.969-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2415">

    <![LOG[Attempting to retrieve lookup MP(s) from AD]LOG]!><time="13:45:35.969-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2422">

    <![LOG[No lookup MP(s) from AD]LOG]!><time="13:45:35.969-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2454">

    <![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="13:45:35.969-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2467">

    <![LOG[Using default DNS suffix firma.int]LOG]!><time="13:45:35.969-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:3556">

    <![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="13:45:35.970-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:3565">

    <![LOG[Found DNS record of mssccm.firma.int port 443]LOG]!><time="13:45:35.971-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:3611">

    <![LOG[Lookup Management Points from DNS:]LOG]!><time="13:45:35.974-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsutils.h:263">

    <![LOG[Name: 'mssccm.firma.int' HTTPS: 'Y' ForestTrust: 'N']LOG]!><time="13:45:35.974-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsutils.h:269">

    <![LOG[Retrieved lookup MP(s) from DNS]LOG]!><time="13:45:35.974-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2490">

    <![LOG[Attempting to retrieve site information from lookup MP(s) via HTTPS]LOG]!><time="13:45:35.981-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lssecurity.cpp:5985">

    <![LOG[Reset assigned MP error count]LOG]!><time="13:45:36.680-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="67760" file="lsutils.cpp:2878">

    <![LOG[Failed to verify message. Sending MP [MSSCCM.firma.int] not in cached MPLIST.]LOG]!><time="13:45:36.698-60" date="02-16-2018" component="LocationServices" context="" type="2" thread="56784" file="lssecurity.cpp:1746">

    <![LOG[MPLIST requests are throttled for 00:41:20]LOG]!><time="13:45:36.698-60" date="02-16-2018" component="LocationServices" context="" type="2" thread="56784" file="lssecurity.cpp:1749">

    <![LOG[Failed to verify message. Sending MP [MSSCCM] not in cached MPLIST.]LOG]!><time="13:45:36.704-60" date="02-16-2018" component="LocationServices" context="" type="2" thread="56784" file="lssecurity.cpp:1746">

    <![LOG[MPLIST requests are throttled for 00:41:20]LOG]!><time="13:45:36.704-60" date="02-16-2018" component="LocationServices" context="" type="2" thread="56784" file="lssecurity.cpp:1749">

    <![LOG[Failed to send site information Location Request Message to mssccm.firma.int]LOG]!><time="13:45:36.705-60" date="02-16-2018" component="LocationServices" context="" type="2" thread="56784" file="lssecurity.cpp:5487">

    <![LOG[LSGetSiteVersionFromAD : Failed to retrieve version for the site 'RAS' (0x80004005)]LOG]!><time="13:45:36.714-60" date="02-16-2018" component="LocationServices" context="" type="2" thread="56784" file="lsad.cpp:5671">

    <![LOG[Retrieved MP [mssccm.firma.int] from Registry]LOG]!><time="13:45:36.721-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2415">

    <![LOG[Attempting to retrieve lookup MP(s) from AD]LOG]!><time="13:45:36.721-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2422">

    <![LOG[No lookup MP(s) from AD]LOG]!><time="13:45:36.721-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2454">

    <![LOG[Attempting to retrieve lookup MP(s) from DNS]LOG]!><time="13:45:36.721-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2467">

    <![LOG[Using default DNS suffix firma.int]LOG]!><time="13:45:36.722-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:3556">

    <![LOG[Attempting to retrieve default management points from DNS]LOG]!><time="13:45:36.722-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:3565">

    <![LOG[Found DNS record of mssccm.firma.int port 443]LOG]!><time="13:45:36.722-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:3611">

    <![LOG[Lookup Management Points from DNS:]LOG]!><time="13:45:36.724-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsutils.h:263">

    <![LOG[Name: 'mssccm.firma.int' HTTPS: 'Y' ForestTrust: 'N']LOG]!><time="13:45:36.724-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsutils.h:269">

    <![LOG[Retrieved lookup MP(s) from DNS]LOG]!><time="13:45:36.724-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lsad.cpp:2490">

    <![LOG[Attempting to retrieve site information from lookup MP(s) via HTTP]LOG]!><time="13:45:36.729-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="lssecurity.cpp:6004">

    <![LOG[Failed to send site information Location Request Message to mssccm.firma.int]LOG]!><time="13:45:36.744-60" date="02-16-2018" component="LocationServices" context="" type="2" thread="56784" file="lssecurity.cpp:5487">

    <![LOG[LSIsSiteCompatible : Failed to get Site Version from all directories]LOG]!><time="13:45:36.744-60" date="02-16-2018" component="LocationServices" context="" type="3" thread="56784" file="lsad.cpp:5830">

    <![LOG[Won't send a client assignment fallback status point message because the last assignment error matches this one.]LOG]!><time="13:45:36.744-60" date="02-16-2018" component="LocationServices" context="" type="1" thread="56784" file="fspclientdeployassign.cpp:221">

    <![LOG[1 assigned MP errors in the last 10 minutes, threshold is 5.]LOG]!><time="13:45:36.745-60" date="02-16-2018" component="LocationServices" context="" type="2" thread="67760" file="lsutils.cpp:2795">

    Vielen Dank und schöne Grüße

    Marian

    Friday, February 16, 2018 1:07 PM
  • Der Auszug ist leider nicht hilfreich. Am besten mal alle (!) Logs hochladen und sharen.

    Torsten Meringer | http://www.mssccmfaq.de

    Friday, February 16, 2018 2:37 PM
    Answerer