Automatically approved computers in trusted domain is not working

Question

We have noticed that the Automatically approve computers in trusted domain is not working. If we manually approve the PCs, they register just fine. We have tired selecting the manually approve each computer, then switched back to the automatically approve. Did not fix the issue.

Answer 1

Hi, @N Kerr

Thank you for posting in Microsoft Q&A forum.

You might need to update the Trusted Root Certification Authorities list on the Client Computer Communication tab in the Site Properties dialog box to include the issuer of the public key infrastructure (PKI) certificate.

https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/plan-for-certificates#pki-trusted-root-certificates

---

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

Answer 2

Hi,

The clients are using a self-signed certificate. Clients check the certificate revocation list (CRL) for the site is not selected.

We also have a 3rd party SSL cert for Digicert on the server.

Answer 3

Hi, @N Kerr

You may check if your SCCM server has sufficient permissions to access the trusted domain. This can be done by verifying that the SCCM server's computer account is added to the "Pre-Windows 2000 Compatible Access" group in the trusted domain.

Answer 4

Added the SCCM server's computer account to the "Pre-Windows 2000 Compatible Access" group in the trusted domain. Did not make any difference.

Answer 5

On the Communication Security tab, we have the following selected:

HTTPS or HTTP

Use Configuration Manager generated certificates for the HTTP site systems

Use PKI client certificate (client authentication capability) when available

There are no Trusted Root Certification Authorities selected.

There is no SMS Role SSL Certificate on the server.