Devices in SCCM Console staying self-signed while its showing PKI on the client side

Patrick Baldonado 6

Hi all, We initially setup our SCCM environemnt using HTTP but now decided to flip to PKI to support CMG. We only have 1 MP which is on the Primary site as well. I have switched over MP, DP and SUP to use HTTPS, also binded MP 443 port to the IIS cert I have generated. I have also switched site Communication tab to use PKI. Finally, I have pushed client auth cert through GPO and can see clients are getting certs on Personal Store. I can even see the clients switching over to PKI under SCCM client General Tab. Also verified client registered using PKI in ClientIDManagerStartup.log. My problem is when I go check Devices in SCCM Console, under client certificate, they still show as self-signed rather than PKI. Thoughts please...

AllenLiu-MSFT 40,551 Reputation points Microsoft Vendor

2021-10-06T07:40:42.79+00:00

It seems there is no update for a couple of days. May we know the current status of the problem? If you think Jason's reply is useful, you may accept it as answer.
Pushpraj 0 Reputation points

2023-04-01T17:37:28.63+00:00

I am having the same issue.
on client side it is showing that it is using PKI but when I go to check in sccm console it is showing as self signed.
Can anyone give me the exact cause and solution of this???
Jason Sandys 31,161 Reputation points Microsoft Employee

2023-04-03T13:52:18.3766667+00:00

As has been called out, this is (still) a bug in ConfigMgr. If you are impacted, please use the in console feedback system to submit a frown.
Jeff Gilbert 5 Reputation points

2023-06-03T18:13:04.52+00:00

Wasted most of a day trying to figure out why the console wasn't updating. So we can't trust the console client cert column or the HTTPS reports. After years you'd think this would have been addressed. I suppose now we need to use an unsecure FSP to tell us if HTTPS is working or not to make our sites more secure. :|

12 answers

C Filip 6 Reputation points

2022-11-24T11:12:02.707+00:00

I still hope this issue will be sorted in next version of CM - which will already require "HTTPS only" (or Enhanced). If there is no valid info, it would be better to disable that column completely in console GUI. I took me good few hours to find out it is a bug in Console and no mistake in my environment... For time being there is readiness report for basic help: https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/preparing-for-https-only/ba-p/884761
Please sign in to rate this answer.
Jason Sandys 31,161 Reputation points Microsoft Employee

2022-11-28T17:33:18.94+00:00

Please submit this as feedback in the console using the file a frown functionality.

Prajwal Desai [MVP] 16 Reputation points

2023-04-27T16:37:03.5266667+00:00

I have reported this bug to the ConfigMgr Product team. They are looking into this issue.

C Filip 6 Reputation points

2023-06-06T07:45:47.5566667+00:00

Thank you a lot. Your help is appreciated again.
Sign in to comment
Bogdan, Radu 1 Reputation point

2022-12-06T20:40:09.867+00:00

Hello @Jason Sandys , today I've just upgraded my ConfigMgr to the latest version 2211 and the issue is still present. No biggie, just want to let you all know. Cheers.
Please sign in to rate this answer.
Prajwal Desai [MVP] 16 Reputation points

2023-06-03T18:40:08.67+00:00

The issue has been resolved with TP 2305 and I expect this to be resolved in the next current branch update - https://techcommunity.microsoft.com/t5/configuration-manager-blog/configuration-manager-technical-preview-version-2305/ba-p/3832110
Sign in to comment
Stefan Schipper 1 Reputation point

2022-12-15T13:17:31.903+00:00

Running version 2207 and it took me a few hours to realize that this is a bug and not a configuration issue on my side :(
I just send a frown from within the console and hope that this will be fixed soon... Had to point a customer to this article to convince a customer that our change to HTTPS (PKI) has been successful and this is just a MS bug...
Please sign in to rate this answer.
Prajwal Desai [MVP] 16 Reputation points

2023-06-03T18:40:23.2533333+00:00

The issue has been resolved with TP 2305 and I expect this to be resolved in the next current branch update - https://techcommunity.microsoft.com/t5/configuration-manager-blog/configuration-manager-technical-preview-version-2305/ba-p/3832110
Sign in to comment
Mes Ka 0 Reputation points

2023-06-05T18:07:11.5633333+00:00

I also have problem.
Please sign in to rate this answer.
Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.

Deleted

This comment has been deleted due to a violation of our Code of Conduct. The comment was manually reported or identified through automated detection before action was taken. Please refer to our Code of Conduct for more information.
Sign in to comment
Mes Ka 0 Reputation points

2023-06-05T18:08:09.7166667+00:00

Hello Jason, I have the issue still. Do you have any idea about when it will be fixed?
Please sign in to rate this answer.
Jason Sandys 31,161 Reputation points Microsoft Employee

2023-09-05T18:01:28.93+00:00

This has been addressed in TP2305 and I believe should be included in 2309.
Sign in to comment