While installing SCCM client on VM it’s not taking PKI certificate

Question

Hi Team,
While installating SCCM client on VM it’s not taking PKI certificate, also not getting MP site code. Can anyone assist what troubleshooting needs to be done.
I’m new in SCCM. Please assist

Answers ( 11 )

    1
    2020-05-05T18:38:06+05:30

    How was this specific VM provisioned, any possibilities for duplicate GUID ? Can you check this aspect as well

    Also I suggest rebuild WMI repository on this machine and try.

    1
    2020-05-05T16:16:35+05:30

    Hi Akshay,

    How you are installing SCCM client is it manually ? can you provide cmd what you are using for client agent installation.

    Try below cmd to install SCCM client this might will helps you.

    ccmsetup.exe /UsePKICert /NoCRLCheck /mp:HTTPS:// SMSSITECODE= DNSSUFFIX= CCMCERTISSUERS=

    Best answer
    0
    2020-05-05T14:24:03+05:30

    Yes, MP is working. On other Vms has installed client but facing issue for this VM.
    Also checked that Boundary are configure properly. Still issue persist
    Please assist

    1
    2020-05-05T14:18:20+05:30

    Can you help to know before getting into PKI / Cert stuffs.

    Is you MP working ?
    Have you configured boundaries properly ?

    0
    2020-05-05T11:36:19+05:30

    Hi Sir,
    I have go thorough your PKI certificate, Client and Server Authentication certificate are present, Still client not getting MP
    I have also mention host file entry still it’s not getting installed.
    Also deleted repository file and previous certificate entry from Microsoft/Crypto/RSA/Machine Keys
    Please suggest what troubleshooting need to be done at client side

    0
    2020-05-05T11:13:12+05:30

    Hi Sir,
    I have SCCM Console Access and on Console its showing Client– No
    As per Snipboard Screenshot, all settings are configured on console
    At client side, location service.log showing Security settings update detected restarting CcmExec.
    In Ccmsetup.log showing error code 0x8007002- Failed to read assigned site code from registry.
    Failed to send status 400. Error (87D00215)

      0
      2020-05-05T11:22:12+05:30

      So the client is not installed properly.

      Have you tried to check whether all the required PKI certificates are present in the client?

      You might need to root cert and intermediate certs as well to complete the chain. Also, the certs which I mentioned in the above post. Have you already checked that?

      Which are the certificates available in the Windows device?

      You basically need all those certs based authentication to connect to MP and get site code discovery to work.

    0
    2020-05-05T10:59:56+05:30

    Hi,
    As per your suggestions I have go through it ,but client not getting MP. Location service.log showing blank
    Also I have import certificate manually
    Please suggest.

    0
    2020-05-05T10:49:00+05:30

    I assume, for the PKI certificate deployment, you should have a group policy in place?

    Have you already got that group policy applied to your SCCM client?

    If it’s applied then you should have PKI certs in the client…

    Do you have SCCM console or server access?

    If so, check these configuration https://snipboard.io/ake5l9.jpg

    Also, from the client-side – If you are not getting policies – you can check locationservices.log to understand whether the client is able get the MP details or authenticate with MP etc…

    Also, can you see these clients in the SCCM console and whether it shows as the client installed YES?

    More details (this post is created for co-management but you might get some idea about general PKI from here) – https://www.anoopcnair.com/co-mgmt-client-pki-certificates-part-7/

Leave an answer

Sorry, you do not have permission to answer to this question .