CMG setup with Internal PKI for AAD join devices
Question
Hi Anoop,
I am trying to setup cmg in my lab with interna ca ( used for only CMG server authentication). Devices are AAD join and testing the comanagement.
MP is on Ehttp
CMG is properly configured without any issue and no error on cloudmgr.log and proxy log.
However while trying to install sccm client manully or win32 app it is failing.
Followed “https://eskonr.com/2019/12/using-intune-to-install-configmgr-client-as-win32-app-with-local-source-files-without-downloading-from-cmg/”
I have deployed the root CA with intune to aad devices.
While installing client is tries to download client from CMG server and during the process it fails. it pretty slow. I am not sure why is trying to download setup from cmg as i am providing the complete media in the command line.
Other thing do i need to create cname record to route my public domain kascmg.kastest.tech to cmg server. i think not as i am using internal pki and i have provided CN and DNS name in the cert (CMG server fqdn).
do i need to add root ca in cmg revocation check in cmg cofiguration wizard as well?
I have setup enterprise CA in my test lab.ccmsetup ccmsetup-20220216-055154
Please guide
Thanks,
kashif
Answer ( 1 )
I can’t comment anything about Eswar’s script because I never used it. But I don’t think there is any relation between PS script and the error.
0x8004100e – Invalid namespace – Source: Windows Management (WMI)
0x87d00281 – No certificate matching criteria specified. Source: System Center Configuration Manager
Failed to get client certificate for transportation. Error 0x87d00281
GetSSLCertificateContext failed with error 0x87d00281
Params to send ‘5.0.9058.1047 Deployment Error: 0x87d00281
Failed to get client certificate for transportation. Error 0x87d00281
The error is because of chain of certificates are missing from the client.
Are you deploying Root and Intermediate certificates specified in the SCCM server properties (More details https://www.anoopcnair.com/sccm-client-cmg-communication-failure/ )
How to configure root and intermedia certs in SCCM ? Site Configuration – Sites – Propertieis – Client Computer Communication explained https://www.anoopcnair.com/co-mgmt-client-pki-certificates-part-7/