Jump to content


Martinez

Established Members
  • Content Count

    12
  • Joined

  • Last visited

Community Reputation

0 Neutral

About Martinez

  • Rank
    Member
  1. Alright, so I ended up with creating a temporary secondary MP with HTTP traffic so that computers receive policies and switch to PKI. Seems to do the trick. I am still not sure, why many computers could have switched from self-signed to PKI and some did not [different OS version and edition, different locations].
  2. Hello Peter, No proxy involved, but thank you for suggesting this. There is one more thing though thay I have spotted, there are old objects in AD System Management from previous SCCM infras (2007 & 2012), the MP publishing records were never cleand in the decomm process. I need to clean this up and try again. Also, planning to install HFRU to MECM 1910.
  3. Yes, I have, the pasted error above is from the re-installation attempt. One one I have uninstalled completed, and now it doesn't want to install at all. Yes, the client receive the auto-enrollment cert via group policy. Also tried to delete it and refresh policies, cert appears, but on agent reinstallation attempt it fails.
  4. Hello, We are on SCCM CB 1910 since end of January [WS 2016], single primary site and 20+ DPs. Last week, we have moved to PKI based certificates, all required cert templates are in place, GPO; Two new certs were also requested on every site system with IIS role, reconfiguration of MP to HTTPS, IIS bindings on every site system plus additional IIS config on SUP, certs imported to DPs. On Primary site I haven't switched to HTTPS only, yet, due to issues with PXE (resolved now). I have check all the configuration as per the guides ohere on wn and recordings of Justin from PatchMyPC on
  5. Now I am planning a CMG, I will share experience after the work is completed.
  6. Hi, I just wanted to share my experience, a company with almost 4000 devices, twenty few site systems. I was using this guid to get better picture on the steps needed as well as Justin's videos, also mentioned here on top. - For the pre-requisites part on certificate templates, review if you already have Workstation Certificate issues to all computers, most likely yes. And most likely there is also a GPO in place that enables cert Auto-Enrollment. - It may take some time for all the computers to switch to PKI, take into account all inactive computer objects. - You may exper
  7. Ohh, I saw this page but apparently wasn't obvious for me at first, but now after redaing again it makes sense. Thank you Niall
  8. Hi Niall, Very good series, this one, the one on PKI and CMG, all of them really helpful. I have a question if I may. When you import that IIS Certificate, you need to do this only on SCCM Primary Site Server or any site system that holds IIS role and then request that cert on each of these with DNS name of each site system? I cannot find this answer anywhere 😐
  9. Hi Niall Thank you. Tthis is what I already have in the TS, with some custom information like new default BitLocker PIN after completion etc The side effect of hiding the Software Center notification to have TS initiate the program without the standard message as above is that at the same time the monthly updates can be running. I have clicked Upgrade Now, but the updates were already running [or just started] so the upgrade did not start straightaway, letting updates to complete. Once updates were completed, the Upgrade has resumed and TS initiated, but the script has skipped t
  10. Hi again I have one small issue, when I deploy the script [all configured as per instructions], first I get standard Software Center popup, instead of the hta. The below screen shows the timing to be next available deployment occurrence, for testing purposes I have 9:20 AM daily. Once I click OK on the below, only then the hta windows is brought with all the user information and deferrals count. Am I missing something maybe?
  11. Hello Niall, this is a wonderful post, something I really needed Just reviewed the wrapper script, supported model line 221, and mapped the PC models into more readable naming, see attached. Best regards, Marcin Win32ComputerSystem-ID-To-ModelNameMapping.xlsx
×
×
  • Create New...