Innovative Technology Weblog

The last couple of days I’ve been playing around with the SCCM 2007 SP1/R2 beta. I wanted to try out the NAP (network access protection) features, which require Windows Server 2008 on the SCCM server. So I went ahead and created some virtual machines, a domain controller and a SCCM server. I wanted to do it right, so I decided to install Windows Server 2008 on the domain controller as well. To build the PKI required by native mode I followed the excellent walkthrough at http://technet.microsoft.com/en-us/library/bb694035.aspx. And then I ran into trouble…..
There are two issues with getting the Site Server Signing certificate on the SCCM server. First, because the CA is running on a Windows Server 2008 machine, when you duplicate the ‘Computer’ certificate template, you get the choice which versions of Windows should support this template. Considering the fact that all servers in my environment are running Windows Server 2008, I went with that. And that was my mistake. If you select “Windows Server 2008, Enterprise Edition” the certificate template will not show up while enrolling it from the web interface, so you should select “Windows Server 2003, Enterprise Edition”.
The second issue I ran into was related to the requesting client being a Windows Server 2008 machine. When this is the case, the web interface no longer shows the option to store the certificate in the local computer certificate store. Just continue as you normally would and after that, open an MMC on the SCCM server. Add two certificates snap-ins, one for the current user, the other for the local computer. All you have to do is drag the certificate you just enrolled from the web interface from the Personal/Certificates store under the current user branch to th Personal/Certificates store under the local computer branch.
After this, in my case the SCCM installation automatically detected my certificate and installation went smoothly.

 Please note that I have posted a follow-up to this post, because although installation will go smoothly, you will have some errors if you do it the way I descibed above. Here’s the correct way to do it:  http://www.buit.org/2008/05/22/installing-sccm-2007-sp1r2-in-native-mode-on-windows-server-2008-part-2/

This entry was posted on Sunday, May 18th, 2008 at 8:19 pm and is filed under Configuration Manager, Server 2008, System Center. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.