Forums on Intune, SCCM, and Windows 11
Welcome to the forums. Register a free account today to become a member! Once signed in, you'll be able to participate on this site by adding your topics and posts, as well as connect with other members through your own private inbox!
SOLVED SCCM client installation failed on the workstation
- Thread starter TOTO JDD
- Start date
- Replies 5
- Views 9K
- Messages
- 5,054
- Solutions
- 147
- Reaction score
- 983
- Points
- 413
Have you set the DP to run on HTTPS ?. If all distribution points and management points are configured for HTTPS client connections only, verify that the client computer has a valid client certificate.
- Thread Starter
- #3
How to verify if the client has a valid certificate? I use a self signed certificate. I distributed a certificate for client authentication to workstations but I still have the same error message
- Thread Starter
- #4
Hello Prajwal Dessai,
I configured a certificate for the distribution point and another for the client but I still have the same error message as you can see in the ccmsetup.log file in attach.
I applied the following procedure for the KPI certificate:
https://prajwaldesai.com/deploying-the-client-certificate-for-distribution-points/
https://prajwaldesai.com/deploying-the-client-certificate-for-windows-computers/
Cordialy.
I configured a certificate for the distribution point and another for the client but I still have the same error message as you can see in the ccmsetup.log file in attach.
I applied the following procedure for the KPI certificate:
https://prajwaldesai.com/deploying-the-client-certificate-for-distribution-points/
https://prajwaldesai.com/deploying-the-client-certificate-for-windows-computers/
Cordialy.
- Messages
- 5,054
- Solutions
- 147
- Reaction score
- 983
- Points
- 413
If you are using PKI certs, then a valid cert has to be assigned to the client machines. The DP "if running on HTTPS" should have a PKI cert assigned and not self signed cert. If you are using HTTPS at DP end and
>>> Client selected the PKI Certificate [Thumbprint 161EBDF0228E6EDD6DE3D44A059005FB03260889] issued to 'OSD-TEST1.'Domaine'' ccmsetup 16-08-18 15:41:32 796 (0x031C)
[CCMSETUP] AsyncCallback(): ----------------------------------------------------------------- ccmsetup 16-08-18 15:41:32 796 (0x031C)
[CCMSETUP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered ccmsetup 16-08-18 15:41:32 796 (0x031C)
if you have followed this guide - https://prajwaldesai.com/deploying-the-client-certificate-for-windows-computers/ to deploy certs to workstations, has the cert been deployed ?. Check the last screenshot in the post to verify the cert deployment.
>>> Client selected the PKI Certificate [Thumbprint 161EBDF0228E6EDD6DE3D44A059005FB03260889] issued to 'OSD-TEST1.'Domaine'' ccmsetup 16-08-18 15:41:32 796 (0x031C)
[CCMSETUP] AsyncCallback(): ----------------------------------------------------------------- ccmsetup 16-08-18 15:41:32 796 (0x031C)
[CCMSETUP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered ccmsetup 16-08-18 15:41:32 796 (0x031C)
if you have followed this guide - https://prajwaldesai.com/deploying-the-client-certificate-for-windows-computers/ to deploy certs to workstations, has the cert been deployed ?. Check the last screenshot in the post to verify the cert deployment.
- Thread Starter
- #6
Hello,
Finally I managed to start the PXE and execute my task sequence successfully.
The problem was because the distribution point and the management point were configured to use https but it was the self signed certificate that was configured on the distribution point. As expected, the HKLM\Software\Microsoft\SMS\DP | ManagementPoints value is empty. This registry key would need to have a value like https://ServerName.DomainName
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP]
AlgID = 26115
BindExcept =
…
ManagementPoints =
To resolve this problem, I correctly configure the distribution point with the PKI certificate
Before testing the deployment, I was reassured that the client computer does not exist in the sccm console as the deployment of the task sequence was done on the collection All unknown computers.
Please find the procedures I used for the KPI certificate through these links:
Thank you all for your guidance.
Finally I managed to start the PXE and execute my task sequence successfully.
The problem was because the distribution point and the management point were configured to use https but it was the self signed certificate that was configured on the distribution point. As expected, the HKLM\Software\Microsoft\SMS\DP | ManagementPoints value is empty. This registry key would need to have a value like https://ServerName.DomainName
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\DP]
AlgID = 26115
BindExcept =
…
ManagementPoints =
To resolve this problem, I correctly configure the distribution point with the PKI certificate
Before testing the deployment, I was reassured that the client computer does not exist in the sccm console as the deployment of the task sequence was done on the collection All unknown computers.
Please find the procedures I used for the KPI certificate through these links:
- https://prajwaldesai.com/deploying-the-client-certificate-for-distribution-points/
- https://prajwaldesai.com/deploying-the-client-certificate-for-windows-computers/
Thank you all for your guidance.
- Status