Restart the SCCM service using Start-Service ccmexec and then it should start up, generate a new GUID and re-create it’s object in SCCM with the new GUID.
Run Machine Policy Retreval & Evaluation Cycle in the SCCM client Control Panel.
You’ll find a lot of comments online about people removing certs in the SMS Certificate store on the local machine, but in our case that wasn’t sufficient. The GUID is generated based on property about the machine, and a cert. We have PKI in place so it appears the first place the ClientIDManagerStartup process looks is for a key issued by that PKI system, which is why we need to regen that certificate.
If you don’t have PKI, it may be looking at those SMS certificates, in which case you can delete them and I think the client will regenerate them, with different thumbrints.
All of this can be found by looking at ClientIDManagerStartup.log and the C:\Windows\SMSCFG.ini file.
You’ll find a lot of comments online about people removing certs in the SMS Certificate store on the local machine, but in our case that wasn’t sufficient. The GUID is generated based on property about the machine, and a cert. We have PKI in place so it appears the first place the ClientIDManagerStartup process looks is for a key issued by that PKI system, which is why we need to regen that certificate.
If you don’t have PKI, it may be looking at those SMS certificates, in which case you can delete them and I think the client will regenerate them, with different thumbrints.
All of this can be found by looking at ClientIDManagerStartup.log and the C:\Windows\SMSCFG.ini file.
LikeLike
is there any more explaintation for the guide?
LikeLike