Generating a New SCCM Client GUID

  • Stop the SCCM service in Powershell using Stop-Service ccmexec and then wait for it to fully stop.
  • Rename the C:\Windows\SMSCFG.INI file to something like C:\Windows\SMSCFG.old.INI
  • Force the computer to update it’s AD certificate:
$certs = Get-Certificate -CertStoreLocation Cert:\LocalMachine\My -Template Machine
$thumbprint = $certs.Certificate.Thumbprint
certreq.exe -enroll -q -machine -cert "*$thumbprint*" Renew
  • Delete the computer object out of SCCM.
  • Restart the SCCM service using Start-Service ccmexec and then it should start up, generate a new GUID and re-create it’s object in SCCM with the new GUID.
  • Run Machine Policy Retreval & Evaluation Cycle in the SCCM client Control Panel.

One thought on “Generating a New SCCM Client GUID

  1. You’ll find a lot of comments online about people removing certs in the SMS Certificate store on the local machine, but in our case that wasn’t sufficient. The GUID is generated based on property about the machine, and a cert. We have PKI in place so it appears the first place the ClientIDManagerStartup process looks is for a key issued by that PKI system, which is why we need to regen that certificate.

    If you don’t have PKI, it may be looking at those SMS certificates, in which case you can delete them and I think the client will regenerate them, with different thumbrints.

    All of this can be found by looking at ClientIDManagerStartup.log and the C:\Windows\SMSCFG.ini file.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.