?
Solved

SCCM - Native Mode Cert Selection Criteria

Posted on 2011-03-22
4
Medium Priority
?
972 Views
Last Modified: 2013-11-21
Having some issues with a few of our undeployed clients. The error in the ccmsetup.log files is stating that there are X number of certificates that match and then the one chosen fails.

I have read numerous articles and seen some peoples suggestions to change the radio button from "Fail selection and send error message" to "Select any certificate that matches". This helped a few but I read that this method has SCCM default to choosing the Cert with the longest validity period. Well the SCCM Client Authentication one isn't always the longest valid cert.

So in short, I have found that I prob need to specify certain criteria for SCCM to select the appropriate client certificate.

Now comes the problem. This microsoft technet article HERE shows the supported attribute values. However, to me, these look like AD schema values. Not all of them can be seen in the Certificate. I have searched all over the web and it seems that no one has a great write up on how to pick a pretty solid, best practice, attribute to distinguish with and how to apply that. I don't know why it wouldn't be as easy as telling SCCM to look for the certificate that came from the original template that Microsoft walks you through creating. This would be a failsafe way of SCCM picking the correct one every time.

I also saw there is a way to deploy the certs to different cert store and then having SCCM look there but for now it seems that the selection criteria is easier.

Can anyone help me out to get this problem resolved?
0
Comment
Question by:ExproDustinEstes
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 

Author Comment

by:ExproDustinEstes
ID: 35207598
Anyone have any help on this matter?
0
 
LVL 1

Accepted Solution

by:
weaze1 earned 1000 total points
ID: 35256466
Hi,
We have the following settings defined for cert selection & since have no problems.
Certificate Criteria = "Subject String Contains"
then ".our.domin.com" dont forget leading dot
finally "select any certificate that matches"

If you check client logs you should see the certificate selection process listing any that don't apply & finally selecting corrct cert.
0
 

Author Comment

by:ExproDustinEstes
ID: 35816647
This didn' resolve my issue. Had some consultancy and there doesn't seem to be a decent answer for this anywhere. Hopefully 2012 adds some more decent selection functionality and compatiblity
0
 

Author Closing Comment

by:ExproDustinEstes
ID: 35816666
Didn't fix my issue but thank you for helping.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This very simple solution applies to a narrow cross-section of the "needs to close" variety. In this case, the full message in Event Viewer was in applog, Event ID 1000: Faulting application iexplore.exe, version 8.0.6001.18702, faulting module …
Many companies are making the switch from Microsoft to Google Apps (https://www.google.com/work/apps/business/). Use this article to learn more about what Google Apps has to offer and to help if you’re planning on migrating to Google Apps. It is …
The view will learn how to download and install SIMTOOLS and FORMLIST into Excel, how to use SIMTOOLS to generate a Monte Carlo simulation of 30 sales calls, and how to calculate the conditional probability based on the results of the Monte Carlo …
The viewer will learn how to use a discrete random variable to simulate the return on an investment over a period of years, create a Monte Carlo simulation using the discrete random variable, and create a graph to represent the possible returns over…

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question