This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 67%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello,
I'm trying to do a Build and Capture task sequence but the TS always fail at the Install Application step. This step works when the client join the domain but not on workgroup.
I already checked many forums but I'm not able to find a solution.
I found errors in the LocationService.log, it seems that the problem is because the clients don't have a certificate. I don't know how to import the certificate for workgroup clients in Build and Capture TS and if it is what I need to do.
[CCMHTTP] ERROR: URL=https://FQDN_TO_SERVER/SMS_MP/.sms_aut?SITESIGNCERT, Port=0, Options=31, Code=0, Text=CCM_E_NO_CLIENT_PKI_CERT
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=
I use the following parameters to install the SCCM Client : SMSCACHESIZE=10240 SMSMP=FQDN /UsePKICert /NoCRLCheck CCMHTTPSSTATE=31 DNSSUFFIX=DOMAIN
Can you help me on this ?
Do you need to see a specific log ?
Are you using boot media or PXE for this?
Directly using CCMHTTPSSTATE is unsupported.
As noted, no, manually specifying CCMHTTPSSTATE is unsupported.
On the PXE enabled DP, is there a valid PKI-issued, client auth certificate configured as part of the DPs configuration?
Hello Jason,
I'm currently using PXE.
Is it not supported on Boot Media or PXE ?
Yes, I think that I configured the IIS, DP and Client certificates correctly following the Microsoft article :
DP Cert has been configured for Intranet clients only (Subject blank and added FQDN for DNS).
I also added the Root certificate on Site properties.
The log above is showing an error of having no PKI cert though. During OSD when PXE booted, the client auth cert assigned to the DP is used throughout the process.
You need to review the entire smsts.log here to help in tracking down the issue.
Although why perform a build and capture at all? That is generally considered an antiquated approach that requires additional time and overhead. The commonly used path with Windows 10 is to use and deploy the image from the media, serviced to include the latest CU, and then layer on all additional customizations, applications, settings, etc. during the deployment task sequence. This eliminates a ton or work and re-work in the long run and greatly simplifies the process.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(313.6, 42%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ET%3C/text%3E%3C/svg%3E)
I love it when people give this answer. The reason to do a build and capture is so your OSD doesn't take all day to install things like office each time they image a machine. With 500,000 endpoints I would have a lot of upset techs if we didn't. The previous admin didn't do this and imaging would take a ridiculous amount of time, now it takes them about 20 min.