Introduction
During OS deployment with SCCM, the client certificate may fail to install, causing communication issues with the management point. This article outlines steps to diagnose and resolve this issue, ensuring smooth deployment and client communication.
Identifying the Problem
During the OS deployment process, the SCCM agent may not retrieve the client certificate necessary for communication with the management point. Here’s a common scenario:
- You deploy the OS using SCCM.
- The SCCM client fails to get the client certificate.
- Uninstalling the client with
ccmsetup /uninstalland reinstalling it via console push works correctly, indicating no site boundary issues.
After verifying logs and reinstalling the management point, the problem persisted. The issue was finally traced to a reboot at the end of the task sequence (especially in WinPE), causing the client to enter provisioning mode.
Solution
To resolve this issue, ensure no reboots occur during the task sequence. Disable all intentional or unintentional reboots. Here’s how to check and modify your task sequence:
- Open the SCCM console and navigate to the Software Library workspace.
- Expand Operating Systems and select Task Sequences.
- Right-click on the task sequence in question and select Edit.
- Review all steps for any Restart Computer actions.
- Disable or remove any restart steps to prevent the client from entering provisioning mode.
After making these changes, redeploy the task sequence and verify that the client certificate installs correctly and communication with the management point is established.
For further information and solutions, you can refer to the following Microsoft blog post: Configuration Manager Blog.
0 Comments