Jump to content


Prip

Recommended Posts

Prip Newbie

Prip

Posted
Posted
Hi Niall,
 
Hope you are doing great. I was following your tutorial on migrating from MBAM to SCCM Bitlocker, as i am working on a project for a customer for same. 
 
Background:   
 
They are currently using SCCM version 2006, and wanted to migrate bitlocker from MBAM. They already have a PKI infrastructure (AD Certificate Service), with the SCCM client showing being in PKI mode (in the sccm client). 
 
I followed your steps to enable https mode (as they are in HTTP/HTTPS mode) and when i did that it broke the environment, and the clients (across 15 regions) stopped connecting, so I reverted back.
 
My question to you is, i want to continue and finish the project, can i do so without changing SCCM to full https mode? 
 
Thanks in advance for taking the time out to reply and assist, as well as to the forum members

Share this post

Link to post
Share on other sites
anyweb Proficient

anyweb

Posted
Posted

first things first, converting ConfigMgr to HTTPS shouldn't break things unless it's not done right, so were you sure that the clients had the right certs in place before making the switch?

Share this post

Link to post
Share on other sites
Prip Newbie

Prip

Posted
Posted
7 hours ago, anyweb said:

first things first, converting ConfigMgr to HTTPS shouldn't break things unless it's not done right, so were you sure that the clients had the right certs in place before making the switch?

I had checked some of the before laptops and saw the certs (SCCM and Client) in the MMC console on few of the laptops that I had checked. I was on a call with Microsoft for a different issue, I asked the engineer if the HTTPS was needed for Bitlocker in SCCM; he replied no, its not needed and can be done in the regular HTTP/HTTPS. Noting the sccm client are in PKI mode.

He made note that only in the earlier version of SCCM 1910 was that a requirement, but not for SCCM 2006 version.

Your take/experience?

Share this post

Link to post
Share on other sites
anyweb Proficient

anyweb

Posted
Posted

PKI is not needed for BitLocker Management, but it's recommended, you can still use e-http, however be aware that come October 2022, http will be deprecated so the move to HTTPS should start now https://www.niallbrady.com/2021/03/12/prepare-for-http-only-client-communication-depreciation-in-configmgr-31-10-2022/

I'd recommend you fix your PKI issues and continue down that road, hire a pki consultant to assist

Share this post

Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.