Jump to content


TeachMeSCCM

New Members
  • Posts

    22
  • Joined

  • Last visited

Everything posted by TeachMeSCCM

  1. The machines that were giving me issue I just did the delete on SMSCFG.INI and then restarted the SMS to get a new cert to register correctly I'm back to way above my #'s Sorry for the long thread but I got it fixed in end.
  2. The best solution I can give someone with this error is make sure your IIS is setup correct I had noticed that the SMS_MP directory browser everything bit Long Date should be checked make sure it's applied Make sure you have the proper security options for the SMS_MP properties IUSR SYSTEM LOCAL Network Your Site System I then reinstalled the MP let the certs re create themselves I had to reboot my server see the certs to 443 like I did above I'm getting self singed certs now on most few machines still giving me issue but most are getting them.
  3. Update still waiting on MS did a another reinstall watched the logs ensured all permission are correct I have both of Sites setup this way So question. Can I go to the \Administration\Overview\Security\Certificates And Just import this SMS into the Certificate folders I know this should be done automatically? I want to make sure the thumbprint matches my SMS in the SMS folder or the one in personal. Can someone confirm with me if I can do this and the correct ones to match up? I also made sure i didn't have anything being blocked in my \Administration\Overview\Security\Certificates still getting the same errors from clients not registering My clients just do this They never register just sleep and retry forever; done clean install; deleted machine keys ect; different strings restart SMS ect same issue.
  4. Question i did the whole reinstall this is NONE pki; i'm staying with EHTTP as I can't open my pki stuff with our network team at this time. Why do I have a cert under the SMS I had the system recreate it; still getting the same errors Small update I have a pending ticket with MS support about this and noticed another person reddit with the same issue as me; I think it has to do with the certs expiring and not being created correctly. Still fishing for more. But I'll update this thread so once I get it solved with a solution. I'm still open to ideas. Ms support is a bit slow.
  5. I was still getting the same clients just never installing just sitting on registration even with PKI I even manually added the PKI from AD and the clients did the same thing; as I posted above so i went back to E http and it's still doing the same thing. I'm trying to get someone at Microsoft support to help me out; running out of ideas before I have to just scrap this and rebuild.
  6. So I wasn't getting anywhere with the self singed so I changed over to HTTPS and did the full patchmypc PKI guide Can you confirm it's getting the PKI cert correctly here also it's still stuck on Client registration. I'm going to do a reboot after hours to see if that will fix the issue. I think the PKI is working from this log; I'm able to view the IIS from each site goes to the correct page boundries are good. I hope I don't have a messed up IIS setting or something I did changed over the required SSL cert and set the correct certs to ignore.
  7. So I reinstalled both MP's one I did the HTTPS to HTTP and my main wouldn't take so I completed deleted via the SCCM console and re added it Was getting the same errors So i went back to the tell it to look for the SMS string under the PKI and also without both give me the same type of errors Here is the SMS Just sits and never registers the client. Client Certificate None Here is the CCMecec on the SMS This a Failed to raise pending event as ClientID is not available, I have looked and not found many working links for this issue. Same Error type of my other machine Same Ccmexec.log error Two different machines
  8. Here is my CCmexec log from one of my failed cert clients This Error registering hosted class '{53C46006-E1C5-4AD1-89B3-B8332D1B17EA}'. Code 0x80040111 CcmExec 9/20/2021 3:44:53 PM 15444 (0x3C54) This Error registering hosted class Code 0x80040111 This doesn't not give me much to work out; been looking for all articles on this error goes back to mp issues. I will try another Management Point reinstall as from my last set of logs the certs look like they are applying.
  9. So i went ahead and deleted the old certs and did what SCCMentor said to delete the EHTTP with the Site Check and ensure a new SMS role is install. what's strange is my 02 will recreate the SSM Role SSL Certificate and auto re add it; my 01 i have to manually import it but it does re add. They both give me cert errors when going to 443 via IE see screen shot above. This is on my 02 fresh install client after cleanup Both of the SMS Role SSL Certifcate give me Is there any setting in IIS I am missing? Most are check to ignore certificate I was not getting Retrieved key 'ConfigMgrPrimaryKey' from provider Microsoft Software Key Storage Provider ClientIDManagerStartup 9/19/2021 9:41:57 PM 6352 (0x18D0) This is good. I also see it gets a SMS cert but it still never finishes the setup and still shows up Certificate None I doubled checked and this is good as my http://mysccm/sms_mp/.sms_aut?mplist goes to the XML file on both of my servers http://mysccm/sms_mp/.sms_aut?mpcert works on both of my servers goes the the MPcertificate path with the long text Just kind of stuck on what to try next.
  10. When you say you deleted your I deleted the SMS Role SSL Certificate certificate from local machine this is from the Server This would be the one in the SMS folder? Personal Folder? Or Secure Folder? Can you show me on the MMC I think I need to do this; also when I go to binding do I need to have the Server host name here? and have Required Server Name Checked I noticed when I did I was able to browse to port 443 via the IIS but like i said my 02 I'm unable to. My 01 issuer of the certificate could not be found but works via IIS My 02 this certificate is ok runs into error browse via IIS I'm thinking the 02 still has my copy and i just need to delete it and re do it; I'm still getting the same errors installing on my 01 might try a reboot after hours and report back
  11. So I have two servers One I think it was created and the other I copied it; can i just delete them both and have them re created So my 01 has this IF I set it to check box I can go to browse 403 and takes me the IIS page ie it works My 02 Still gives me this and when I go to the browse the 403 web page to check the cert This is my 02 this is my IIS page so there is an issue I still have this error I only have 1 thing to Select for the SMS Role SSL Certificate? I'm going to try to reinstall some clients on my 01 and see if takes Let me know thanks for the help so far. This is such a mess.
  12. It won't let me check OK it's grayed out My 02 It makes me have to pick a cert; I was trying to import the cert but this wasn't working for me; makes sense as SCCM is said to create a SMS Role SSL certificate and that isn't happening I am doing what you said Above what I did was delete it for now. I'll re add it once it's created I guess.
  13. @SCCMentor Those screen shots are so helpful! I went in and found that SMS cert I needed I went I added it to the IIS and I have been manually adding them in. I can see this is not the way. I thought as much as there is no documentation on it How can I Set the IIS SSL cert to 'Not selected' can I just delete it for now?
  14. So I only have this on my 2ed host my 1st main host does not have this. ^^THIS IS MY 02 When I select it I get this message. I don't get any other messages with my other certs and yes I did try to get PKI to work but was not able to. Does the client complete registration? Hard to know when we are working off screenshots. Yes it shows up in my SCCM console but shows Client None. ^^This is my 01 I had created these PKI and ISS in the past by importing them for the MMC; this is on me I was trying to fix this on my own; I still trying to figure out how to get this right. Thanks so much for all the help so far. I really appreciate it.
  15. I have it set to the SMS Cert On Both You can see it gets the SMS cert But it does the Regtask forever and never registers the client so it installs and shows Client Certificate None.
  16. I did; my roles are setup to HTTP Only I have it setup the same as you have listed above. On both Distribution setup the same way
  17. I have my CMG setup correctly test to ensure I have the correct information in the client for the CMG so that is working but this ongoing cert issue.
  18. I'm using the CCMclean and doing a fresh install with both the default ie site code And the other with command line ccmsetup.exe /mp=Mine.mine.mine SMSSITECODE=mine Here is what my logs say I am having this issue site wide. Old machines not getting updated certs and fresh installs/test vms all getting the same errors Both of my site servers show they have no client installed as well Almost all my machines are like this Not getting a Client certificate; I see them in SCCM some say Client installed this is not Ture; when i check the pc's I see this CCMexec Site Services are all green; please let me know if you need more info or logs I'm trying to figure this out. I really appreciate your help
  19. I am trying to use E http and the clients are not getting there certs. I use to get certs and after it expired I deleted the old one; as the system never auto updated it. I am still having this issue with many clients with all of the same error as above SCCM installs but never gets a client cert. I'm stuck with the Key 'ConfigMgrMigrationKey' not found, 0x80090016. ClientIDManagerStartup with no luck fixing it. See above errors
  20. So If I change it to just HTTPS or HTTP check and take off the PKI and CRL uncheck both I also unchecked the Use configuration Manger-Gen cert I get this error This is why I had to setup to look for the SMS cert and it looked like it at least got a cert in the past but same issue with the machine never registering
  21. Hello New to posting on this forum. I'll try my best My Mp is setup to http When i changed it back I did reboot it. I can d I was having issue with machines losing there certs. Long story short my cert in my MMC store in the SMS folder was expired; I have taken over this 1/2 ass setup and I'm trying my best. I was told that SCCM would automatically update the cert. This is not happening. I have found if I delete the old cert it created a new one. But now I'm still getting these errors I have ensured my boundaries are good but I'm unable to get clients to get certificates I am going by IP addresses not subnet. This is happening for new and old clients. http://mysccm/sms_mp/.sms_aut?mplist goes to the XML file on both of my servers http://mysccm/sms_mp/.sms_aut?mpcert works on both of my servers goes the the MPcertificate path with the long text I do have it setup a bit strange I'm doing the point the SMS and use PKI if it's there. I have tired it every other way and none of the ways work for me. I have tired it like every single way and this way I can get a cert and it register but it never registers the client so I get the SCCM to install Client Cert shows None and my Software store doesn't work won't update ect. Let me know if you need more logs or info. This has been such a paint to figure out.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.