Greetings.
I am wondering if anyone can give me advise on problem I am having with some of my sccm clients.
When I originally deployed SCCM i used self signed certs on clients.
We needed to add MAC and Linux support and MAC clients won't work without PKI, so I following this http://technet.microsoft.com/en-us/library/gg682023.aspx to configure Certificate Authority.
It all seemed work well, I can now join MAC client with auto-enroll and all machines are requesting client certificates and I had couple of machine with new push on windows site installed with PKI.
So right now I have about 250 windows clients, only 22 of them use PKI and the rest keeps using self-signed certs.
I foolishly switched main site settings, MP settings and DP point settings to use https only.
As a result I lost all self-signed clients and have full log for mpcontrol saying that it's rejecting clients cause they certificate cannot be validated.
I logged in to couple of those machines and MMC i can see that it did enroll machine with valid Client Cert but Configuration Manager client itself still saying that it's using self signed one.
Am I missing a step that I need to do to make sure that all those clients switch to PKI?