Unable to install sccm client on workgroup using PKI

lalajee 1,811 Reputation points


I follow this article to create an cert for work group


I use following step to create new cert.
1 created new tempalte using above article

  1. Request new Cert with machine CN name: e..g Host name.Workgroup
  2. Export cert and Root Cert

Logon to workgroup mahcine
imported root cert and pfx cert. All cert show all OK

SCCM client install
Copy Client install folder to workgroup
Open cmd with admin rights

ccmsetup.exe /mp:MP.sccm.local SMSSITECODE=001 SMSMP=MP.sccm.local DNSSUFFIX=domain.co.uk /UsePKICert /NoCRLCheck /CCMHTTPSPORT=443

Microsoft Configuration Manager
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. CherryZhang-MSFT 6,486 Reputation points

    Hi @lalajee ,

    1, Agree with Gideoney-4397 . Please modify the order of property and parameter.

    2, Because of the management point only accepts client connections over HTTPS, prefix the management point name with https://. The command for your reference:
    ccmsetup.exe /UsePKICert /NoCRLCheck /mp:https://MP.sccm.local SMSSITECODE=001 SMSMP=https://MP.sccm.local DNSSUFFIX=domain.co.uk /CCMHTTPSPORT=443

    The link for your reference:
    Client installation parameters and properties - Configuration Manager | Microsoft Learn

    3, If the problem still cannot be solved. As SherryKissinger-ECM said, please navigate to c:\windows\ccm\logs to check cmsetup.log and clientmsi.log, is there any errors? If so, please upload it to discuss together.

    Looking forward to your feedback.

    Best regards,

    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    2 people found this answer helpful.

  2. Sherry Kissinger 4,136 Reputation points

    have you looked at the ccmsetup.log in %windir%\ccmsetup\logs yet? What does it say as the reason for installation failure? Or, if ccmsetup.log says it completed fine, and you see that the service is running, what do the log(s) say in c:\windows\ccm\logs? CM has lots and lots of logs.

    1 person found this answer helpful.