This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(272, 10%, 36%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EPC%3C/text%3E%3C/svg%3E)
Hi,
We have upgraded to CB 2002 and are trying to get the CMG Client connection to work.
The Onsite connection to Azure and back is working correctly.
What we have in place is a PKI to assign Certificates for Wifi access, the CCM Client keeps choosing this as its CCM PKI Certificate.
and therefore tries to connect to the CMG using an invalid Certificate.
We would really like to use the Token Based certificate offered since CB 2002.
Is there a way to prevent CCM Client using the certificate?
There is only 1 certificate in the personal store.
Does CCM look only inside the personal store?
Hi,
We had the same issue, we ended up with Hybrid Azuread Joining the devices instead which solves the problem as well, switching to HTTPS in the site will of course also solve the problem.
This topic was discussed at the AMA at an online event two weeks ago called WPNinjas.eu and I believe the response from the PG was that it is by design and it will try to use the Cert. Workaround Hybrid AzureAD Join or HTTPS.
And yes, the CM client will try to use a cert in the Personal Store of the device.
Regards,
Jörgen
Jorgen is correct that at this time, that's the defined behavior. There is an item in the backlog to address this behavior, but I don't know when or if it will be addressed.
I suggest that you file feedback in the ConfigMgr console and create a UserVoice item (or upvote an existing one) if this is an issue for your org.