Jump to content




Search the Community

Showing results for tags 'Certificate'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • General Stuff
    • Site News
    • Windows News
    • Suggestion box
    • General Chat
    • Events
    • Jobs
  • Cloud
    • Microsoft Intune
    • Azure
    • Office 365
  • Microsoft Deployment Toolkit
    • Deploying Windows 10, Windows 8.1, Windows 7 and more...
  • SMS, SCCM, SCCM Current Branch, SCCM Technical Preview
    • SMS 2003
    • Configuration Manager 2007
    • Configuration Manager 2012
    • System Center Configuration Manager (Current Branch)
    • How do I ?
    • Packaging
    • scripting
    • Endpoint Protection
  • Windows Server
    • Active Directory
    • KMS
    • Windows Deployment Services
    • NAP
    • Failover Clustering
    • PKI
    • Windows Server 2008
    • Windows Server 2012
    • Windows Server 2016
    • Windows Server 2019
    • Hyper V
    • Exchange
    • IIS/apache/web server
    • System Center Operations Manager
    • System Center Data Protection Manager
    • System Center Service Manager
    • System Center App Controller
    • System Center Virtual Machine Manager
    • System Center Orchestrator
    • Lync
    • Application Virtualization
    • Sharepoint
    • WSUS
  • Microsoft SQL Server
    • SQL Server
  • Windows General
    • Windows 10
    • Windows 8
    • Windows 7
    • Windows Vista
    • Windows XP
    • how do I do this ?
    • windows screenshots

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


Website URL


Location


Interests

Found 11 results

  1. Hello WN community! I have a bit of stumper I was hoping to get some feedback on! Let me know what you think... Scenario: We're running SCCM 2012 now for a little over a year, problem free. We've noticed however, that randomly (about 10 out of 1000 clients) the SCCM Client is reporting that the PKI certificate is none. What's stranger still, is that in the ClientIDManagerStartup.log, it doesn't appear to have an issue detecting and selecting the PKI certificate... Directly after the client selects the Cert, the ClientIDManagerStartup.log fills up with this repeating for ages I have ran a repair on the client, same result. I checked to see if perhaps the clients were stuck in provisioning mode, and they're not. Sort of at a loss of what to check next! Any help would be greatly appreciated. Thanks
  2. Nunzi0

    Updating RDP cert to SHA-2

    My company is going through an exercise to retire all of the SHA-1 certificates in the environment due to its upcoming EOL date by MSFT. One of the larger pools of devices using a SHA-1 cert are the end user devices, which use a self-signed SHA-1 certificate when using RDP. Most of the info i've found online so far only discuss how to force this cert to use SHA-1 with registry edits, but nothing about SHA-2. Has anyone gone through this exercise yet? If not you may need to soon. Looking for some technical pointers on how to accomplish this. Also, we currently use the self-signed cert that each device generates when connecting. If i force a new certificate from a domain CA, wouldn't I lose the ability to RDP from non-domain computers?
  3. We have a small number of servers in our DMZ all are in their own workgroups so no knowledge of each other. They are also not all internet connected so patches must be pushed from internal to DMZ. I noticed this post https://nikifoster.wordpress.com/2011/01/31/installing-configmgr-clients-on-servers-in-a-dmz/ which states as long as I have firewall rules inplace I can manually install the clients and have them talk directly back to my site server internally no certificates required. I was also looking at https://social.technet.microsoft.com/Forums/en-US/f8b1b51e-515e-41f6-bb1e-cdeeabb11f6f/configmgr-2012-design-for-dmz?forum=configmanagergeneral and their option 3 is to build a DP/MP/SUP box still internal and have that configured with SSL to then talk to the DZ boxes. If I were to build this design and enable SSL what effect will this have on my currently working internal environment. will every machine now have to use the new certifcates to talk to SCCM? or will it only be for boxes talking to the new Distribution Point which I can hopefully administer with boundary points.
  4. Hi Folks! Yesterday I encountered a problem, where laptop refuses to register to configmanager 2012 site. On the host ClientIDManagerStartup.log is filled with "[RegTask] - Server rejected registration request: 3" errors and on the management point MP_RegistrationManager.log says: "A client is trying to re-register with an administrator revoked certificate:" On the console I found MP_control_manager screaming "MP has rejected policy request from Client(SMSID = GUID:x) because this SMSID is marked as blocked." However, on the devices, the block/unblock/approve is greyed. have tried to uninstall client, deleted SMSCFG.INI, SMS related certificates from local computer store (or used old ccmdelcert.exe) ... and also the resource itself, but issue still remains. How do I delete the blocked SMS GUID from database or generate REALLY NEW SMS GUID? While attempting to resolve this issue, I noticed on the Management point certificates are all expired (see the image). We are not using PKI yet. I don't know if this is the real issue, since most of the site roles and clients works fine.
  5. Hi, We have recently noticed that the client has stopped automatically installing onto laptop/desktops. We have had everything run successfully for over 6 months and I have spoken with other administrators and nothing appears to have changed on the domain. Once imaged you can see within C:\Windows that the 'ccmsetup' folder has been copied across but not further action has taken place. In order for the client to install correctly with Endpoint Protection I have to manually run the client.exe file. After this process Endpoint Protection is installed and I can see SCCM now states the machine has the client installed, allowing for remote control, deploying software etc etc. Post image I have noticed on Configuration Manager that the Client Certificate states 'None' rather than 'PKI'. Has anyone else experienced this problem and/or recommend the appropriate logs to be reviewing. Thanks
  6. Hello, I am trying to install Jabber using SCCM. Prerequisite for Jabber is a small application from cisco which adds another network interface. This application has a certificate which needs to be added to Trusted Publishers during the installation. I exported this certificate from an .msi and I am trying to add it before installing the software. My script looks like this: CertUtil -f -addstore “TrustedPublisher” "Cisco_certificate.cer" >> c:certutil.log msiexec /i "msi_setup-3-2-4-0-6831.msi" /qn /norestart According to certutil.log certificate is succesfully installed. However: 1. I can't see any certificate in certmgr.msc 2. I get following popup during installation: Can anyone help?
  7. Hallo everyone, i try to setup the RC2. The Prerequisite Check went OK, but if i click on begin install the setup breaks after 19 Seconds during: Generating puplic key and SQL Server certificate In the ConfigMgrSetup.log are 2 errors: ERROR: Failed to get the buffer size for LookupAccountName. Error = 1722 ERROR: Failed to get SID for user (DOMAIN\sqladmin) Can someone help me? Best wishes Johannes
  8. Hello, all. This is my first post here, and I'm in need of some assistance from some System Center experts. We are looking at possibly deploying Internet Based Management in our SCCM 2012 environment, but it looks like we can't do it when we push the upgrade from 2007 to production. We do NOT have Internet Based Management in our current SCCM 2007 environment. The scenario we would most likely use is having the MP in our intranet and using a reverse proxy server with PKI to allow Internet clients to authenticate into our network. We have an F5 that would handle the traffic coming in, and the incoming https connections would terminate there and then be sent from the F5 back to the internal MP. Question 1) Can we do this after our SCCM 2012 environment is up and running in production? If so, what do we need to do to make it happen? Should we go ahead and create the Workstation Certs and the Web Server Certs now, or can all of the certificate creation wait until we're at the point of setting up Internet Based Management? Question 2) Will any roles need to be recreated when we implement Internet Based Management if it's done later, or will we need to rework our hierarchy? We want to avoid that as much as possible. Question 3) Can documentation be provided for the above answers (i.e. technet or something similar)? Thank you SO MUCH. I appreciate it!! Sarah
  9. I am having great problems trying to install SCCM 2012 client onto a computer with a network connection to the internet, but NOT a member of a domain. i am using the PKI setup within SCCM2012 and have created a RootCA and deployed certificates throughout the local AD and assigned to Group Policies. The machines on the local AD network which receive the policies seem to have a great "handshake" and end up connecting to SCCM and appearing in the main console. Laptops, Computers that are roaming, and not part of my local AD Network are not having such a good time. i believe it is the Certificate communication which is not working. i am exporting the Certificate from the "Certificate Services" within SCCM Server, and then copying this file over to the clients using a USB key. i am then importing the certificate with Private keys into their local certificate store, and all appears fine. until i run ccmsetp.exe. Excerpt from the ccmsetup.log attached, i need ur help <![LOG[Only one MP https://syna01vsscc001d.syn.local is specified. Use it.]LOG]!><time="15:46:04.339-60" date="06-15-2012" component="ccmsetup" context="" type="1" thread="7832" file="ccmsetup.cpp:8763"> <![LOG[Have already tried all MPs. Couldn't find DP locations.]LOG]!><time="15:46:04.339-60" date="06-15-2012" component="ccmsetup" context="" type="3" thread="7832" file="ccmsetup.cpp:9647"> <![LOG[GET 'https://syna01vsscc001d.syn.local/CCM_Client/ccmsetup.cab']LOG]!><time="15:46:04.339-60" date="06-15-2012" component="ccmsetup" context="" type="1" thread="7832" file="httphelper.cpp:802"> <![LOG[begin searching client certificates based on Certificate Issuers]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="1" thread="7832" file="ccmcert.cpp:3759"> <![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="1" thread="7832" file="ccmcert.cpp:3918"> <![LOG[begin to select client certificate]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="1" thread="7832" file="ccmcert.cpp:3999"> <![LOG[The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:4031"> <![LOG[3 certificate(s) found in the 'MY' certificate store.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:4060"> <![LOG[The 'MY' of 'Local Computer' store has 3 certificate(s). Using custom selection criteria based on the machine name.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:4099"> <![LOG[Machine name is 'SYN-L3-NMS-01'.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:2174"> <![LOG[There are no certificate(s) that meet the criteria.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:2003"> <![LOG[Performing search that includes SAN2 extensions...]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:2210"> <![LOG[Certificate [Thumbprint 498357A12555F1D7EE8DFA009D39965880431790] doesn't have SAN2 extension.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:1563"> <![LOG[Certificate [Thumbprint 235A98C6BB65429BAF75F303B2CB66204AE20090] doesn't have SAN2 extension.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:1563"> <![LOG[Found a certificate with subject name as ‘SYNA01VSSCC001D.SYN.local’, but will continue to look for the certificate with subject name as ‘SYN-L3-NMS-01’.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:1540"> <![LOG[using custom selection criteria based on the machine NetBIOS name.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:4119"> <![LOG[Machine name is 'SYN-L3-NMS-01'.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:2174"> <![LOG[There are no certificate(s) that meet the criteria.]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="0" thread="7832" file="ccmcert.cpp:2003"> <![LOG[GetSSLCertificateContext failed with error 0x87d00281]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="3" thread="7832" file="ccmsetup.cpp:5356"> <![LOG[GetHttpRequestObjects failed for verb: 'GET', url: 'https://syna01vsscc001d.syn.local/CCM_Client/ccmsetup.cab']LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="3" thread="7832" file="httphelper.cpp:942"> <![LOG[DownloadFileByWinHTTP failed with error 0x87d00281]LOG]!><time="15:46:04.340-60" date="06-15-2012" component="ccmsetup" context="" type="3" thread="7832" file="httphelper.cpp:1076"> <![LOG[CcmSetup failed with error code 0x87d00281]LOG]!><time="15:46:04.341-60" date="06-15-2012" component="ccmsetup" context="" type="1" thread="3144" file="ccmsetup.cpp:9454">
  10. Hi! I have a certificate question. I have an Exchange 2007 server with a selfsigned cert. Now i want to secure it with a 3rd party certificate. I wonder what domain names I need to buy the certificate for? Do I need a third party certificate for the internal name? (mailserver.domain.local) or just for the external stuff, like: mail.domain.com webmail.domain.com I have several mail domains on the same server do I need certificate for them all? mail.domain2.com webmail.domain2.com Or just the "main" mail domain? /Lagrot
  11. Hi, I am currently deploying machines over 802.1x network and am using user authentication to achieve this, however I found one problem. The computer being deployed does not retrieve machine certificate until sometime after the OSD has finished. I have created a vbscript that creates an inf file (putting the hostname into the inf file). Then I use certreq to create the request, submit and accept cert from the enterprise CA. This is all done in my win7 deployment task sequence while in current OS (not Winpe). I have tested this on a computer that has been deployed and it works fine. However during the OSD I get this error: Error title: Certificate Request Processor "The requested resource is in use. 0x800700aa (WIN32/HTTP: 170) machine.inf([NewRequest] Subject ( "CN=testcomputer.mydomain.com")" If I skip this step I am always needed to run a fix after each OSD where I change the authentication mode from user to Machine (802.1x). Any idea on what could be wrong? How are others doing this? GauiC
×