Thursday, February 14, 2008

SCCM Client Certificate Problems

Do you have a client that refuses to finish the install of the SCCM client because the certificate doesn't have a private key?

There are 2 different solutions. The easiest is to check the cert store under personnal and see if there are any invalid certs. Delete and restart. The other is a more dangerous solution but will correct the problem

I only recommend this solution if you see all the of the following problems:
CCM Setup Log:
Client sucessfully installed
Applicationn Event Log:

Automatic certificate enrollment for local system failed to enroll for one Computer
certificate (0x80090016). Keyset does not exist

ClientIDManagerStartup:
Certificate issued to 'computer.domain.com' doesn't have private key.
RegTask: Failed to get certificate. Error: 0x80040280
RegTask: Failed to get certificate. Error: 0x80040281
Error initializing client registration (0x80040222).


Solution:
Stop the Crypto Service
Rename the folders under the Crypto Folder
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto

Restart the machine and watch the ClientIDManagerStartup log

See this other post on Certification issues
http://sms-hints-tricks.blogspot.com/2009/03/native-machine-will-not-pull-down.html

Monday, February 11, 2008

Sessions for MMS 2008

I have been selected to present MMS 2008. A very big honor and I hope I will do well. I have never been, nor have I presented in front of more than say 50 people. Besides the scare factor it should be nice. I guess I will need to start pulling information together I might post some of my topics here as well as use some of my previous topics.




https://www.mms-2008.com/public/headlines.aspx
SY34 SMS / SCCM: Beyond Package Deployment
Speaker(s): Matthew Hudson
Track(s): Systems Management
Session Type(s): Breakout
Products(s): Configuration Manager 2007, Windows PowerShell
SMS / SCCM can do more than just the standard package/patch deployment. Here we will discuss tool development in scripting languages and .NET and how to utilize these tools through the SMS/SCCM MMC add-on, via Windows services or as a stand-alone tool. See how creating and deploying script files, special registry files, BIOS modifications (using the Dell OMCI) and custom HTA popup messages to users can expand the usefulness of SMS/SCCM. Learn how MIF/MOF data can be used to trigger special collection changes as well as the use of special collections and queries to aid in the computer management process. Learn about what other free tools have been created for SMS/SCCM to help with the management process.

Tuesday, February 5, 2008

SMS tools and the Netbios name

Have you ever created a SMS tool that passes the NetBios name but realize that sometimes it doesn't work. Test after test shows the Netbios name not working.


"CommandLine"="wscript.exe \"c:\\Program Files\\xxx " ##SUB:NetBIOSName## "

If your right clicking on a query and it fails then you have a SMS_G_System in your query. You can only have items from SMS_R_System. Anything else and for some reason SMS can no longer pass the netbios name...