共用方式為

How to Manually Exchange Public Keys Between Sites

  • 發行項

By default, the Require secure key exchange option is enabled for Configuration Manager 2007 sites. When secure key exchange is required, there are three situations in which you must manually perform the initial key exchange between sites:

  • If the Active Directory schema has not been extended for Configuration Manager 2007.

  • Configuration Manager 2007 sites are not publishing site data to Active Directory.

  • You are configuring site-to-site communications between two primary sites in different Active Directory forests.

To manually exchange the public keys for each site, you can use the hierarchy maintenance tool (Preinst.exe). The Preinst.exe tool is automatically installed with Configuration Manager 2007 and can be found in the \SMS_<sitecode>\bin\i386\<language code> share directory on the site server, and also in the \SMSSETUP\BIN\I386\<language code> directory of the Configuration Manager 2007 installation files.

The Preinst.exe utility can be used to export the public keys for each site. Once they have been exported, you must manually exchange the keys between the sites by following the procedures in this topic.

注意

After the public keys are manually exchanged, you can review the hman.log log file (which records site configuration changes and site information publication to Active Directory Domain Services) on the parent site server to ensure that the primary site has processed the new public key.

To manually transfer the child site public key to the parent site

  1. While logged on to the child site, open a command prompt and navigate to the location of Preinst.exe.

  2. Run the following command to export the child site’s public key: Preinst /keyforparent

  3. The Preinst /keyforparent command places the public key of the child site in the <site code>.CT4 file located at the root of the system drive.

  4. Move the <site code>.CT4 file to the parent site's <install directory>\inboxes\hman.box directory.

To manually transfer the parent site public key to the child site

  1. While logged on to the parent site, open a command prompt and navigate to the location of Preinst.exe.

  2. Run the following command to export the parent site’s public key: Preinst /keyforchild.

  3. The Preinst /keyforchild command places the public key of the parent site in the <site code>.CT5 file located at the root of the system drive.

  4. Move the <site code>.CT5 file to the <install directory>\inboxes\hman.box directory on the child site.

See Also

Concepts

About the Secure Key Exchange Parameters
Hierarchy Maintenance Tool (Preinst.exe)
Troubleshooting Secure Key Exchange