sccm client install faild (cert error)

קרץ מנחם 26 Reputation points
2023-03-09T12:26:34.7133333+00:00

I have now installed computers with the WINDOWS 11 operating system for the first time

I also recently updated the SCCM to the 2011 version

A. Although the computers were installed using the SCCM operating system distribution, there is no active CLIENT

B. Also when I try to do a push install, it fails, it seems on the security certificate section

It should be noted that in the past with the help of the members of this forum, I was able to establish a secure connection between the stations and the server.

(You can see in this thread

https://learn.microsoft.com/en-us/answers/questions/772894/connection-from-sccm-server-to-clients-failed-prob)

Is it because the distributed certificate is compatible with WINDOWS XP? (All computers in the organization are already Windows 10)

Maybe it's because sccm 2011 no longer supports Enhanced HTTP?

attached:

A. Installation log from the server

B. Installation log from the station

third. Screenshot of the site's features

d. A photo of the characteristics of the certificate that is distributed in the domain

Thank you

cert_compatibility.png

SITE.png

log from server.txt

log from CLIENT.log

Microsoft Configuration Manager
0 comments No comments
{count} votes

6 answers

Sort by: Most helpful
  1. CherryZhang-MSFT 6,491 Reputation points
    2023-03-10T07:46:38.95+00:00

    Hi @קרץ מנחם

    I also recently updated the SCCM to the 2011 version.

    1, Whether you are upgraded SCCM from 2207 to 2211? If so, the SCCM 2211 is also supports Enhanced HTTP.

    2, Please help confirm that your DP is healthy. Please help upload the LocationServices.log for our reference.

    1

    2

    3, Are all your clients located in intranet environment? Please help make sure that your PKI certificate for DP is available.

    Looking forward to your feedback.

    Best regards,
    Cherry


  2. קרץ מנחם 26 Reputation points
    2023-03-14T12:44:49.9+00:00

    From what we see from my attached log, my DP is health?

    How to proceed to solve the problem?

    thanks

    0 comments No comments

  3. קרץ מנחם 26 Reputation points
    2023-03-14T12:46:43.3966667+00:00

    @CherryZhang-MSFT

    Thank you for your help

    From what we see from my attached log, my DP is health?

    How to proceed to solve the problem?

    0 comments No comments

  4. CherryZhang-MSFT 6,491 Reputation points
    2023-03-15T05:51:27.3033333+00:00

    Hi,

    1, According to the log your provided, the client cannot Located the MP. How many MPs do you have in your environment? Please help check mpcontrol.log to if the MP is healthy.

    2, It is recommended that you can try to reimport the PKI certificate. The link for your reference: How to configure the PKI for SCCM.

    Note: Microsoft provides third-party contact information to help you understand the problem. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

    3, Can we find the MP FQND in DNS list?

    Looking forward to your feedback.

    Best regards

    Cherry

    0 comments No comments

  5. קרץ מנחם 26 Reputation points
    2023-03-15T15:58:46.1766667+00:00

    1, According to the log your provided, the client cannot Located the MP.

    How many MPs do you have in your environment? **ONE (**It's all in one, one server that contains all the parts of the SCCM.)

    Please help check to if the MP is healthy. attached mpcontrol.log

    2, It is recommended that you can try to reimport the PKI certificate. The link for your reference: How to configure the PKI for SCCM.

    I watched the video, and went through the settings, everything looks fine.

    In practice, it seems that the POLICY does not distribute the certificate for some reason.

    I checked both BING and MMC certificates at the station and there is no certificate.

    (I went to the link https://sccm.beitchana.org/sms_mp/.sms_aut?mplist to check as you see in the video and the result was access denied. I imported the certificate myself, and then the result was normal)

    3, Can we find the MP FQND in DNS list? Yes, screenshots are attached: 1. The DNS LIST 2. Ping from the computer to SCCM

    DNS

    PING


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.