ConfigMrg Native Mode and site signing certificate
After trying to switch to native mode in ConfigMgr we got some errors from SMS_POLICY_PROVIDER saying “SMS Policy Provider has failed to sign one or more policy assignments. It will retry this operation automatically.”
Strange since we did follow a (this one) step-by-step guide from Microsoft.
After a few searches on Google and TechNet I found out that I needed to add a few lines in the request-file… FriendlyName and KeyLength…
[NewRequest] FriendlyName = "ConfigMgr Site Signing ABC" Subject = "CN=The site code of this site server is ABC" MachineKeySet = True KeyLength = 2048 [RequestAttributes] CertificateTemplate = ConfigMgrSiteServerSigningCertificate
Then I requested a new cert with that file and used the new certificate instead… and a few minutes later SMS_POLICY_PROVIDER says “SMS Policy Provider successfully updated a settings policy and a settings policy assignment.”
