While installing SCCM client on VM it’s not taking PKI certificate
Question
Hi Team,
While installating SCCM client on VM it’s not taking PKI certificate, also not getting MP site code. Can anyone assist what troubleshooting needs to be done.
I’m new in SCCM. Please assist
Answers ( 11 )
How was this specific VM provisioned, any possibilities for duplicate GUID ? Can you check this aspect as well
Also I suggest rebuild WMI repository on this machine and try.
Hi Akshay,
How you are installing SCCM client is it manually ? can you provide cmd what you are using for client agent installation.
Try below cmd to install SCCM client this might will helps you.
ccmsetup.exe /UsePKICert /NoCRLCheck /mp:HTTPS:// SMSSITECODE= DNSSUFFIX= CCMCERTISSUERS=
Yes, MP is working. On other Vms has installed client but facing issue for this VM.
Also checked that Boundary are configure properly. Still issue persist
Please assist
Can you help to know before getting into PKI / Cert stuffs.
Is you MP working ?
Have you configured boundaries properly ?
Hi Sir,
I have go thorough your PKI certificate, Client and Server Authentication certificate are present, Still client not getting MP
I have also mention host file entry still it’s not getting installed.
Also deleted repository file and previous certificate entry from Microsoft/Crypto/RSA/Machine Keys
Please suggest what troubleshooting need to be done at client side
If certs are ok from your perspective … then
– Try to uninstall the client and install it again
– Check for the installation https://howtomanagedevices.com/sccm/1315/install-sccm-client-manually/
– Do you have a problem only with one client? or none of the clients are working
If none of the clients are working then you might have a bigger problem with MP or boundary groups or something
Hi Sir,
I have SCCM Console Access and on Console its showing Client– No
As per Snipboard Screenshot, all settings are configured on console
At client side, location service.log showing Security settings update detected restarting CcmExec.
In Ccmsetup.log showing error code 0x8007002- Failed to read assigned site code from registry.
Failed to send status 400. Error (87D00215)
So the client is not installed properly.
Have you tried to check whether all the required PKI certificates are present in the client?
You might need to root cert and intermediate certs as well to complete the chain. Also, the certs which I mentioned in the above post. Have you already checked that?
Which are the certificates available in the Windows device?
You basically need all those certs based authentication to connect to MP and get site code discovery to work.
Hi,
As per your suggestions I have go through it ,but client not getting MP. Location service.log showing blank
Also I have import certificate manually
Please suggest.
Please answer all the question which I asked to help you more
I assume, for the PKI certificate deployment, you should have a group policy in place?
Have you already got that group policy applied to your SCCM client?
If it’s applied then you should have PKI certs in the client…
Do you have SCCM console or server access?
If so, check these configuration https://snipboard.io/ake5l9.jpg
Also, from the client-side – If you are not getting policies – you can check locationservices.log to understand whether the client is able get the MP details or authenticate with MP etc…
Also, can you see these clients in the SCCM console and whether it shows as the client installed YES?
More details (this post is created for co-management but you might get some idea about general PKI from here) – https://www.anoopcnair.com/co-mgmt-client-pki-certificates-part-7/