Introduction:
In this blog post, we will go through several important
steps to help with SCCM (System Center Configuration Manager) client
management, including clearing old configurations, removing certificates, and
installing the SCCM client using PKI certificates. We will also cover starting
and stopping services, handling the Windows firewall, and ensuring a proper configuration when working with SCCM clients.
Step 1: Stop the SCCM Client Service (ccmexec)
The first step in the cleanup process is to stop the ccmexec
service, which is the core service for the SCCM client. This will prevent the
client from attempting to run while we perform our cleanup operations.
To stop the ccmexec service, run the following
command in an elevated Command Prompt:
net stop ccmexec
This will stop the service temporarily and ensure no
background operations are running while you perform the necessary cleanup
steps.
Step 2: Delete the SMSCFG.INI File
The SMSCFG.INI file holds important configuration
information for the SCCM client. Deleting this file can help resolve issues
where the client is incorrectly configured or when you want to reset the
client’s configuration to its default state.
Run the following command to delete the file:
del c:\Windows\SMSCFG.INI
This will remove the configuration file. It will be
re-generated the next time the SCCM client is initialized.
Step 3: Remove the SCCM Certificate from the SMS Store
In certain cases, you may need to delete the certificate
from the SMS certificate store (this could happen when you are
troubleshooting issues with certificates or when you want to reset the
certificates). To remove the certificate, you can use the certutil command.
Run the following command to delete the certificate from the
SMS store:
certutil -delstore SMS SMS
This command deletes the certificate from the SMS
store. Be cautious when using this, as it removes the certificate needed for
secure communication between the client and the server.
Step 4: Restart the SCCM Client Service (ccmexec)
After performing the cleanup steps, you need to restart the ccmexec
service to reinitialize the client. You can do so using the following command:
net start ccmexec
This will start the SCCM client service again, and the
client will begin communicating with the SCCM server once more.
Step 5: Start the Windows Firewall Service (if it's
stopped)
If the Windows Firewall service is stopped, it can cause
communication issues between the SCCM client and the server. To ensure the
firewall is running, you can start the service (if it's stopped) by running:
net start mpssvc
This command starts the Windows Firewall service
(mpssvc), ensuring that the necessary firewall rules are applied, and the
client can communicate over the required ports.
Step 6: Install SCCM Client Using PKI Certificates
If you're setting up the SCCM client and need to configure
it to use PKI (Public Key Infrastructure) certificates, you can use the CCMSetup.exe
command. This command installs the SCCM client while ensuring that it uses PKI
certificates for secure communication with the management point.
Here is the command you will use:
CCMSetup.exe /mp:YOURMP /UsePKICert
- /mp:YOURMP:
Replace YOURMP with the fully qualified domain name (FQDN) of your Management
Point (MP). The MP is a key component in the SCCM infrastructure that
communicates with the client.
- /UsePKICert:
This flag tells the client to use PKI certificates for secure
communication.
When this command is executed, it will install the SCCM
client on the machine and ensure that the client communicates securely with the
management point using the certificates issued by your PKI infrastructure.
Conclusion
By following these steps, you can troubleshoot SCCM client
issues, remove old certificates, reset configurations, and install a new SCCM
client using PKI certificates. These operations are crucial for maintaining a
healthy SCCM infrastructure and ensuring secure communication between clients
and servers.
No comments:
Post a Comment