Migrate Clients to a ConfigMgr HTTPS Site

Chiyo OdikaConfigMgr, SCCMLeave a Comment

Happy Holidays friends! I’ve been rather busy with several riveting initiatives of recent, and thought I’d share one of them. In this case, some ideas on migrating clients to a ConfigMgr destination hierarchy that is configured for HTTPS which means that all client to server communication happens over HTTPS. This article will expressly cover ideas on said migration. This article will not cover the steps for configuring HTTPs communication in ConfigMgr. Refer to the links below for some guidance on HTTPS configuration for ConfigMgr. https://blogs.technet.microsoft.com/configmgrdogs/2015/01/21/configmgr-2012-r2-certificate-requirements-and-https-configuration/ https://docs.microsoft.com/en-us/sccm/core/plan-design/network/pki-certificate-requirements I strongly recommend that you acquaint yourself with the concepts and material covered in both articles and elesewhere steps before continuing with this article. Additionally, I recommend reading the fairly detailed conceptual guidelines on … Read More

Chiyo OdikaMigrate Clients to a ConfigMgr HTTPS Site

SCOM 2016 Certificate Errors. Event ID 20049

Chiyo OdikaSCOM, WINDOWS SERVERLeave a Comment

In this article, I’ll review SCOM Certificate Event ID 20049. This error event can be seen during an attempt to initiate mutual authentication across untrusted boundaries such as in a gateway or workgroup boundary scenario. In SCOM, certificates will need to be used for mutual authentication between the management servers and any gateway servers/ agents when Kerberos-based mutual authentication is not possible. If there’s an issue with the certificate, mutual authentication will fail, and one of the errors you could likely encounter is as shown below: The event detail reads:  “The specified certificate could not be loaded because the key Usage specified does not meet OpsMgr requirements. The certificate must have the following usage types: Digital Signature, Key Encipherment.” This … Read More

Chiyo OdikaSCOM 2016 Certificate Errors. Event ID 20049

Create a Certificate Template from a Server 2012 R2 CA

Chiyo OdikaWINDOWS SERVER7 Comments

In order to export the private key for a certificate, you will need to base the certificate on a template that has that option enabled. While this task can be easily accomplished using PowerShell, I’ll document a step by step using the GUI to show what this entails. Open Server Manager in your CA, click Tools, select Certificate Authority Select your CA, select and right-click Certificate Templates, and right-click Manage In the Certificate Templates Console, select the relevant Template Display Name (Web Server in my case), right-click and select Duplicate Template In the resulting Properties of New Template window, leave the default compatibility settings for backward compatibility with older clients Click on the General tab, and enter the Template display … Read More

Chiyo OdikaCreate a Certificate Template from a Server 2012 R2 CA

Certificate Private Key Error

Chiyo OdikaWINDOWS SERVERLeave a Comment

While working with certificates today, I stumbled upon an error that indicated something was amiss with my CA certificate templates. Ordinarily I make only certificate templates with exportable private keys available in my CA web enrollment pages, and I’d explicitly requested and installed the certificate with the thumbprint shown in the error below.   So I donned my sleuth knickers, and decided to delve a little deeper. An attempt to manually export the certificate with its private key from the certificate store indicated that there was no private key to be exported, as that option was greyed out     I identified the certificate template from which the certificate was created in the MMC | Certificates snap-in, and then reviewed … Read More

Chiyo OdikaCertificate Private Key Error