1,071 questions
Please open a support case to investigate this. To the best of my knowledge, this should work.
Task Sequence via CMG
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(64, 33%, 16%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ED%3C/text%3E%3C/svg%3E)
dridley
176
Reputation points
Hi MSFT,
Does ConfigMgr require HTTPs (eg PKI cert) on Cloud only AADJ devices (configured with CoManagement) in order to run a Task Sequence when the device is internet facing?
I have a site that preferences PKI when available but the device was using a SelfSigned cert. All apps and program deployments targeted at the device ran fine from the Internet/CMG but the Task Sequence would NOT even show up in SW Center.
As soon as i changed the client to PKI it showed up immediately.
MS Docs is a little vague. Is Note1 in the graphic below fulfilled by a SelfSigned cert? And if not then why to pkg/apps work...does MS Docs need to be updated?
PolicyAgent.log output below where it tries/fails on HTTP/S.
Client version = 5.00.9068.1026 (2111)
OS version = Win10 21H2 x64 Ent
Microsoft Security Intune Configuration Manager Deployment
Microsoft Security Intune Configuration Manager Other
4,608 questions
3 answers
Sort by: Most helpful
-
Jason Sandys 31,406 Reputation points Microsoft Employee Moderator2022-08-11T18:02:36.613+00:00 -
dridley 176 Reputation points
2022-08-13T10:20:24.327+00:00 Thanks, yeah I was thinking the same as I can't find community members with the same setup/issue to confirm if it's my environment/version or not.
I might even entertain myself by rolling the CMclient back to a previous version (not that i would expect it to be a client only issue) just to rule it out i suppose.
I will revert back here with outcome of MS ticket.Cheers.
Sign in to comment -
-
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(134.4, 40%, 23%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Jay 1 Reputation point2022-08-11T08:12:19.56+00:00 Probably not, but not very sure. Refer to below article:
https://learn.microsoft.com/en-us/mem/configmgr/osd/deploy-use/deploy-task-sequence-over-internet -
dridley 176 Reputation points
2022-08-18T07:29:35.417+00:00 ANSWER:
OK the word is in...
"it's not you it's me"...complete CTKE and shot to my ego, but i will still mention it here for others' sake.I used PolicySpy which was showing the deployment HAD been received and the only reason it wasn't showing in SW Center was because the local client timezone was 12hrs hours behind the time the TSeq deployment was created (as it was set in a diff timezone).
Hence it does show up on the client 12hrs later (or if i bring the deployment available time forward).Two things tripped me up.
- I did not explicitly set an Available time on the deployment but it auto sets this when the deployment is created anyway.
- I never noticed the client local time (the joys of working remotely) and i never let 12hrs elapse. I kept deleting the deployment to retry it.
*The PKI certificate thing must have just been coincidental (even though i performed that test twice).
*Microsoft did notice some other errors on the CMG but they were unrelated.