ConfigMrg Native Mode and site signing certificate

By Rikard Ronnkvist, 2010-07-09 09:48 ConfigMgr

After trying to switch to native mode in ConfigMgr we got some errors from SMS_POLICY_PROVIDER saying “SMS Policy Provider has failed to sign one or more policy assignments. It will retry this operation automatically.”

Strange since we did follow a (this one) step-by-step guide from Microsoft.

After a few searches on Google and TechNet I found out that I needed to add a few lines in the request-file… FriendlyName and KeyLength…

[NewRequest]
FriendlyName = "ConfigMgr Site Signing ABC"
Subject = "CN=The site code of this site server is ABC"
MachineKeySet = True
KeyLength = 2048

[RequestAttributes]
CertificateTemplate = ConfigMgrSiteServerSigningCertificate

Then I requested a new cert with that file and used the new certificate instead… and a few minutes later SMS_POLICY_PROVIDER says “SMS Policy Provider successfully updated a settings policy and a settings policy assignment.”

Brandon
2010-11-11 16:57

Which code did you write for the script that actually worked when you said “Then I requested a new cert and used that instead…”
riro
2010-11-12 11:23

When reading that post again I understand why you get confused… I got confused myself.

Did a bit of changes to the text.

Anyway… If you read the Microsoft-guide it doesn’t say anyting about the lines FriendlyName and KeyLength in the request file.

Trackback URI |

ConfigMrg Native Mode and site signing certificate

Leave a comment

Tag cloud

Categories

Archives


Anyone who knows how to get the DFS refferal list on a specific share from a client, in #Powershell

	Rikard Ronnkvist From