Henchman21

Create a cert template from existing working template from your CA and name it "XXXXX.INF" on the ca - copy to server that needs the cert SAVE IT WITH THE SERVER NAME. MAKE SURE IT'S AN .INF FILE. Create the REQ from the INF on the local server Open the INF file and replace the server template has “XXXXXX” for server name, replace with the with the server name you are working on. - open CMD as admin, navigate to where you put the XXXXX.INF example below Example: CMD.exe --> C:\temp\Certificate>certreq -new yourservername.inf yourservername.req Copy the XXXXX.req File to your Primary CA, now you want to submita new request. Open the Certification Authority console Click start type in CA and Certificate Authority should appear “Run as Admin” Right-click the CA → All Tasks > Submit a new request Select the XXXXX.req file and save it as a .CER file Example XXXXX.cer Now copy the XXXXX.cer file back to the server that needs it, and import it to the Computer\Personal Store. Trying running your ccmsetup.exe /install /mp blah blah blah I would try to get networks to open up ports to the CA from all subnet in that domain and ports that SCCM needs to communicate with. ports needed Kerberos 464 Certificate Enrollment Web Services Domain Controllers (DC) Allow Source Certificate Enrollment Web Services - Destination : DC LDAP 389 Certificate Enrollment Web Services Domain Controllers (DC) Allow Source Certificate Enrollment Web Services - Destination: DC Service: LDAP (network port tcp/389) LDAP 636 Certificate Enrollment Web Services Domain Controllers (DC) Allow Source Certificate Enrollment Web Services Service: LDAP (network port tcp/636) DCOM/RPC Random port above port 1023 · Certificate Enrollment Web Services CA Allow Please see for details on RPC/DCOM configuration: http://support.microsoft.com/kb/154596/en-us HTTPS 443 All clients requesting certs Certificate Enrollment Web Services Allow CERT INF Example Below: Example: [Version] Signature="$Windows NT$" [NewRequest] Subject = "CN=XXXXX, OU=XXX, O=XXX, L=STATE, S=CITY, C=US" <----needs hostname - no fqdn of server you need KeySpec = 1 KeyLength = 2048 Exportable = TRUE MachineKeySet = TRUE SMIME = FALSE PrivateKeyArchive = FALSE UserProtected = FALSE UseExistingKeySet = FALSE ProviderName = "Microsoft RSA SChannel Cryptographic Provider" ProviderType = 12 RequestType = PKCS10 KeyUsage = 0xa0 [Extensions] 2.5.29.17 = "{text}" _continue_ = "dns=XXXXX.company.com" <---needs FQDN 2.5.29.37 = "{text}" _continue_ = "1.3.6.1.5.5.7.3.2" ; Client Authentication [RequestAttributes] CertificateTemplate = ConfigMgrClientCertificate DisableExtensionsList = "2.5.29.31,1.3.6.1.5.5.7.1.1" Hope this helps!

invalid namespace in WMI, i would do a manual uninstall of the ccm client, and do a software updates reset using WURESET "should be on github" "Manuel Gil" I believe. After WUREST, reboot, reinstall the client, and view logs while it installs. Keep a copy of CMTrace on your desktop before deleting the CCMClient.