I am looking to leverage the 'ProvisionTS' parameter as part of a MEM 2006 Agent installation to fire off a Task Sequence with content coming from a CMG on an Azure AD endpoint.
I understand that in 2002 there was still a requirement to use a client authentication certificate, something which is more tricky when not using NDES integrated with InTune.
With 2006, this scenario is allegedly unlocked, therefore in this scenario I have an Internet device, built with AutoPilot/InTune and simply installing the MEM 2006 Agent at present for testing which in turn has the ProvisionTS parameter for a TS that has its content on the CMG and the TS advertised at the 'Provisioned Devices' collection.
When the client installs, it registers (as seen in clientidstartup.log) and this in turn fires execmgr.log to fire TSAgent.Log and I can see the Task Sequence fire up.
The Task Sequence seems to load and process the 1 Application I have in there but after a while this just seems to fail out with a generic error. Now there are lines in the log complaining about the lack of certificate but as I say this is apparently not required anymore.
Now if I leave this client to fully get all of its policies and get up and running (Some 10-15 minutes) later, this same client, still without any client cert, runs that TS fine.
This says to me there is something it doesn't have right at the beginning that it had once all policies had come down. So the question is has anyone got this to work and fire over a CMG correctly?
Appreciate any comments or suggestions, I have been through the logs but nothing really sticks out.