SCCM Report Builder Error – The Certificate Chain was issued by an Authority that is not Trusted

Benoit LecoursSCCM, SSRS13 Comments

If you’re like us and love to create and build awesome reports, you may get an error when running report builder on a remote computer. When editing an SCCM report in Report Builder you may receive the following error: A connection was successfully established with the server, but then an error occurred during the login process. (provider: SSL Provider, error: 0 – The certificate chain was issued by an authority that is not trusted.) SCCM Report Builder error – Cause This error occurs because you don’t have the required SCCM SQL certificate on the computer running Report Builder. Follow the following steps in order to resolve the issue. Export the certificate from your SQL server On the SQL Server Click the Start menu, click Run, and then type mmc. Click Enter. This starts the Microsoft Management Console (MMC) In the console, click the File menu and then click Add/Remove Snap-in On the … Read More

Setup SCCM Cloud Management Gateway (SCCM CMG)

Jonathan LefebvreSCCM38 Comments

The ConfigMgr team is working really hard to make SCCM admins job easier for some of the key components of Modern Management. Starting with SCCM 1806 release, they ease a bit the setup of the SCCM Cloud Management Gateway (CMG). If you are new to the concept of SCCM Cloud Management Gateway, the main advantage is that it doesn’t expose your SCCM servers to the internet. The downside is that it requires an Azure subscription which brings recurring monthly costs. If you’re still unsure which method to use, you can read the Microsoft documentation and see our blog post about internet client management. Make sure that you understand the limitation of using internet clients. We strongly encourage to use the SCCM Cloud Management Gateway if you’ll be managing client on the internet since this feature will evolve with time and the traditional way support should go away. Here the available features … Read More

How to configure SCCM Software Update point in SSL

Jonathan LefebvreSCCM2 Comments

While the requirements of running SCCM/MEMCM in full SSL may be less required theses days with the Cloud Management Gateway being so effective with remote computers management, running the WSUS – Software Update point in SSL is likely to show up as a requirement whenever doing a security audit of your environment. In this post, we will detail the required steps, from the certificate template creation to the client validation on enabling SSL for WSUS and the SCCM Software Update Point. Requirements Any SCCM version Communication on port 8531 must be open on your Firewall Certificate template Creation The first step to enable SSL communication is to create a server certificate for your server. On the server that is running the Certification Authority, open the Certification Authority console (certsrv.mmc), right-click Certificate Templates and select Manage The Certificate Templates management console opens Right-click the Web Server template and then select Duplicate … Read More

How to install a Certificate Registration Point in SCCM 2012

Benoit LecoursSCCM3 Comments

In this part of SCCM 2012 and SCCM 1511 blog series, we will describe how to install SCCM 2012 R2 or SCCM 1511 Certificate Registration Point (CRP). Role Description Using SCCM and Intune, the CRP communicates with a server that runs the Network Device Enrollment Service (NDES) to provision device certificate requests. This is not a mandatory Site System but we recommend to install a CRP if you need to provision client certificates to your devices (like VPN or WIFI). Prerequisites Before the CRP can be installed, dependencies outside SCCM is required. I won’t cover the prerequisite configuration in details as they are well documented on this Technet article and it goes beyond SCCM. Here’s an overview of what needs to be done : Install the NDES role on a Windows 2012 R2 Server Modify the security permissions for the certificate templates that the NDES is using Deploy a PKI certificate that supports client authentication Locate … Read More

SCCM Distribution Point Failed to decrypt Cert PFX Data Error

Benoit LecoursSCCM2 Comments

Symptoms : Distmgr.log shows lot of “Failed to decrypt cert PFX data” errors You have shared DP enabled You have the same numbers of errors than you have shared Distribution Points SCCM Distribution Point Failed decrypt cert PFX data If you are not familiar with Share DP, here’s Microsoft definition : During migration, you can share distribution points from a source hierarchy with the destination hierarchy. You can use shared distribution points to make content that you have migrated from a source hierarchy immediately available to clients in the destination hierarchy without having to recreate that content, and then distribute it to new distribution points in the destination hierarchy. When clients in the destination hierarchy request content that is deployed to distribution points that you have shared, the shared distribution points can be offered to the clients as valid content locations. SCCM Distribution Point Failed decrypt cert PFX data Resolution … Read More