ConfigMgr Client Certificate (PKI) Value is None
Today I had a problem with a workstation that didn’t want to communicate with the SCCM server.
After some hours digging in the too many logfiles from SCCM, I finally found the problem and also the solution.
First of all the problem.
I make use of the SSL certificate, so at the “Client Certificate” property must be PKI instead of None.
After looking around in the ClientIDManagerStartup.log, it doesn’t appear to have an issue detecting and selecting the PKI certificate.
But in the MP_RegistrationManager.log, I see the following error:
So I wanted to get started again from scratch with the below steps:
- Delete the computerobject of the problematic workstation from SCCM via the SCCM console
- Stopping Windows Management Instrumentation service
- Stopping SMS Agent Host service
- Uninstall the CCM Client with command
- Delete C:\windows\ccm
- Delete C:\windows\ccmsetup
- Delete C:\windows\ccmcache
- Delete C:\Windows\SMSCFG.ini
- Open regedit
- Delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM
- Delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCMSetup
- Delete HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS
After you have done this, you can reboot the workstation, but you may continue to restart the Stopping Windows Management Instrumentation service and reinstall the client.
One you have followed the above steps, the CCM client will be installed again and pickup the correct certificates for communicating with the SCCM server.
You can verify this in ClientIDManagerStartup.log
and in the MP_RegistrationManager.log.