This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(179.20000000000002, 67%, 27%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EJ%3C/text%3E%3C/svg%3E)
Hello,
I'm trying to do a Build and Capture task sequence but the TS always fail at the Install Application step. This step works when the client join the domain but not on workgroup.
I already checked many forums but I'm not able to find a solution.
I found errors in the LocationService.log, it seems that the problem is because the clients don't have a certificate. I don't know how to import the certificate for workgroup clients in Build and Capture TS and if it is what I need to do.
[CCMHTTP] ERROR: URL=https://FQDN_TO_SERVER/SMS_MP/.sms_aut?SITESIGNCERT, Port=0, Options=31, Code=0, Text=CCM_E_NO_CLIENT_PKI_CERT
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=
I use the following parameters to install the SCCM Client : SMSCACHESIZE=10240 SMSMP=FQDN /UsePKICert /NoCRLCheck CCMHTTPSSTATE=31 DNSSUFFIX=DOMAIN
Can you help me on this ?
Do you need to see a specific log ?
Value of the Enhanced Key Usage is : Client Authentication (1.3.6.1.5.5.7.3.2)
Do I need to compare this with something else ?
I joined some logs, I hope that it can help.
88575-smsts.log
88576-clientlocation.log
88592-execmgr.log
88593-locationservices.log
88594-locationservices-20210415-140430.log
Thanks for your help.
It's probably time to open a support case here as there's nothing obvious that jumps out at this point as a root cause.
I would definitely get rid of CCMHTTPSSTATE and DNSSUFFIX from the properties though as CCMHTTPSTATE as noted is unsupported for direct use and DNSSUFFIX is redundant if you are already specifying SMSMP.
Reviewing the IIS log on the MP for corresponding traffic may be helpful as well (you'll have to filter by the client's IP).
Thanks @Jason Sandys .
I removed CCMHTTPSSTATE and DNSSUFFIX and the result is the same.
Is it possible that you take a look onto the clientlocation.log file please ?
There are the message that I mentioned on my first post :
[CCMHTTP] ERROR: URL=http://FQDNTOSCCM/SMS_MP/.sms_aut?SITESIGNCERT, Port=80, Options=480, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
[CCMHTTP] ERROR INFO: StatusCode=403 StatusText=Forbidden
I will check the IIS log, thanks for the advice.
Thanks for pointing me to the IIS log it helped me.
By looking for the following message on internet :
2021-04-19 06:23:05 IP_TO_SCCM GET /SMS_MP/.sms_aut SITESIGNCERT 80 - CLIENT_IP SMS+CCM+5.0 - 403 4 5 1394 43
I found that a user added https:// on SCCM Client parameter /MP:. So I replaced SMSMP=FQDN_TO_SCCM by /MP:https://FQDN_TO_SCCM
I did a try and do not have anymore the above error. Perhaps you have and idea of why this resolved this error ?!
Solving this didn't solve my initial problem unfortunately : Software Installation
It seems that the process hangs on this :
Do you know where I need to look on ?
/mp and SMSMP are two completely, nearly unrelated configurations and are not in any way interchangeable.
As noted, it's time for you to open a support case to dig deeper here.