Hi guys, running SCCM 2012 RTM. Having issues with some of the clients not installing client certificates. When opening configuration manager properties I can see that client certificate = none. Getting around this at the moment by uninstalling the client and then reinstalling the client from the console. Normally on healthy clients we see "Client Certificate = self signed" Any help here would be great. Not using HTTPS client communication or PKI certficates

Thanks

Nick



How are yo installing the clients?

Hi Jason, this is via task sequence during OSD

Any chance that the client is stuck in provisioning mode? See http://blogs.technet.com/b/configurationmgr/archive/2010/09/13/solution-after-a-configmgr-2007-osd-task-sequence-completes-the-client-may-not-automatically-pull-down-policy.aspx.

Thanks for the reply Torsten, not 100% sure. I have to wait until we see this again on a machine. Will post results of this

Hi Nickm34,

did you resolve this issue? all my deployed machines are coming up as "Client Certificate: None" and only have two items in the actions tab.

As far as i can tell certificates should be fine, followed the technet step by step and the client has a configmgr client certificate in its personal store

Hi,

same issue on my CM 2012 site, no client certificate available after ConfigMgr Client install. I have installed the clients manually using smssitecode command line. Client installation seems to be successfull (msi-log), only the client certificate is not available.

Any hints or tips to resolve this issue?

Thanks

Jan

• Edited by Jan Partner Wednesday, August 15, 2012 12:15 PM

How are you verifying that the client cert is not available and what is not happening that you expect to be happening?

WHave you reviewed ccmsetu

Hi Jason,

thanks for your fast response.

In configuration manager client properties the value of client certificate is: none. I think the value should be something like "self registered".

ccmsetup.log seems to be ok, i cant find any error, warnings or other hints.

Thanks

Jan

• Edited by Jan Partner Wednesday, August 15, 2012 1:52 PM

Yes, it should be self-signed. Have you checked ccmexec.log?

the only error i can find in ccmexec.log is "failed to open WMI Namespace \\...." (8007045b). This error already happened yesterday, today there are no errors or warning visible in ccmexec.log



How about policyagent.log, clientidstartupmanager.log, and certificatemaintenance.log?

How many actions do you have on the actions tab?

Have you opened the certificates snap-in for the local computer to see if there are any certs there?

Hi Jason,

I had an error "failed to verify signature of message received from MP Using name" in CertificateMaintenance.log

So I tested the connection to MP using http://servername.domain.com/SMS_MP/.sms_aut?mpcert and http://servername.domain.com/SMS_MP/.sms_aut?mplist (without Errors).

I had two sms certificates imported on local computer.

After that i solved the issue by removing and adding MP Server Role on SCCM Server.

Thank you for your support!
Jan

• Proposed as answer by Jan Partner Wednesday, August 15, 2012 7:55 PM
• Marked as answer by Robert Marshall - MVPMVP, Moderator Friday, November 02, 2012 1:25 PM

Hi guys, I have not had this issue reappear so unable to get log files for the install. Unable to replicate this issue on demand. What is strange is that the SMS certificate had installed on the effected clients in the local cert store and was not expired but when opening "Configuration Manager" from control panel it shows client certificate:none

Any idea on a query I could run to identify these clients which have Client Cerfificate: "none'

Thanks

Hey

I have the same problem.... after deploy the computers are showing "PKI" - but after some time the client certificate is "none".

Anyone?

I've been chasing this for months. (Clients only have two actions displayed in Control panel\System\Configuration Manager, certificate type says None), and in the SCCM server console they always say inactive or No Client Installed, with no client properties shown. Also missing the Microsoft System Center 2012 R2\Software Center in All Programs. After doing just about EVERYTHING I could find on the forums, including but not limited to, reviewing the neverending and ridiculously cryptic logs on the clients and server, CONSTANT reinstalls, forced uninstalls of the client, manual or push installs of ccmsetup, disjoining and rejoining domain, etc.... the only thing that finally seems to have corrected it was manually going in and updating\approving all my WSUS updates in the SUS console, not in SCCM. Then windows updating my SCCM server, then removing and reinstalling the MP role. After rebooting the rogue clients and the sccm server, everything is reporting and communicating now. It was either one of, or a combination of, all of these steps. Good luck to you.

• Edited by mookyrooky 12 hours 24 minutes ago

I've been chasing this for months. (Clients only have two actions displayed in Control panel\System\Configuration Manager, certificate type says None), and in the SCCM server console they always say inactive or No Client Installed, with no client properties shown. Also missing the Microsoft System Center 2012 R2\Software Center in All Programs. After doing just about EVERYTHING I could find on the forums, including but not limited to, reviewing the neverending and ridiculously cryptic logs on the clients and server, CONSTANT reinstalls, forced uninstalls of the client, manual or push installs of ccmsetup, disjoining and rejoining domain, etc.... the only thing that finally seems to have corrected it was manually going in and updating\approving all my WSUS updates in the SUS console, not in SCCM. Then windows updating my SCCM server, then removing and reinstalling the MP role. After rebooting the rogue clients and the sccm server, everything is reporting and communicating now. It was either one of, or a combination of, all of these steps. Good luck to you.

• Edited by mookyrooky Thursday, July 09, 2015 7:25 PM

Mookyrooky, that worked!!

3 days troubleshooting the issue and now its fixed.  All i did was removed the MP role, reboot the server, re-install the MP and another reboot, and then reboot the client.  Now my clients are showing ACTIVE in SCCM.

Thanks!