Hi All

I just completed a new SCCM Primary Site installation for a customer who has a requirement of HTTPS communication only.

Symptoms

After installing 1806 and configuring certificates, I started having issues with installing clients. Here are some of the errors I was seeing in ccmsetup.log:

  • Failed to get client version for sending state messages. Error 0x8004100e.
  • Failed to get client certificate for transportation. Error 0x87d00282.
  • There are at least 2 certificates valid for ConfigMgr usage that meet the selection criteria. The ‘Select First Certificate’ registry entry was set to OFF so a certificate cannot be selected.

That last point is where I focused my troubleshooting efforts on: CcmSetup failed with error code 0x80070002

From previous experience, I know that I should check client certificate selection settings to confirm that the client should select the certificate with the longest validity period.

This setting is correct and has been for quite some time so I know that the client is ignoring this, or not getting the correct information.

I also know that there are a few switches I can try during installation:

  • CCMFIRSTCERT (Tells SCCM to use the certificate with the longest validity period).
  • CCMCERTID (Tells SCCM to use a specific certificate based on thumbprint).

ccmsetup.exe /UsePKICert /NoCRLCheck CCMFIRSTCERT=1 SMSSITECODE=P01 CCMCERTID=”MY;D29211C57353FB9FB8944AFF6C14770D9AD4D58C”.

Looking at the logs I can see that the switches have been accepted and the client should be doing the right thing, but unfortunately, it still presents the same errors.

Solution

Looking at registry settings from other clients that use HTTPS and are working I can see the following Dword.

  • HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\Security\Select First Certificate = 1.

 

Manually creating this registry key works and the client is now able to communicate with the MP.

Notes

This is the first site we have seen this issue on, but it is also the first 1806 environment in HTTPS only. It is unclear if the problem is 1806 related or just a one-off for this client

Hope this helps!

Cheers

Liam

Published On: October 17th, 2018 / Categories: ConfigMgr /

Leave A Comment

Subscribe to Receive the Latest Updates

Get our latest recommendations, advice and offers direct to your inbox.

We won’t share your details – but you can read more in our Privacy Policy.

Related Posts

Troubleshoot rogue PowerShell processes running from C:\Windows\CCM\SystemTemp

September 15th, 2022|0 Comments

Cloud Management Gateway Certificates

September 11th, 2020|0 Comments

ConfigMgr OSD taking hours to complete due to LEDBAT misconfiguration

November 20th, 2018|2 Comments

ConfigMgr Software Center crashing with “SCClient has stopped working” on Windows 10

July 21st, 2017|0 Comments