Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Client install through SSL #181

Open
imperatorviken opened this issue Oct 6, 2021 · 6 comments
Open

Client install through SSL #181

imperatorviken opened this issue Oct 6, 2021 · 6 comments

Comments

@imperatorviken
Copy link

Hi Team

Since we moved our environnement to SSL i cannot install the client anymore through your script
Each time i have the message an error occured
Can you tell me what's going on ?

Thanks for your help
@pilgi3
Copy link

pilgi3 commented May 3, 2022

You have to modify the script which is placed in the file "SCCMCliCtrWPF.exe.config". You will find it in the install location.
Change "http" to "https" should fix the issue.
grafik

@pilgi3 pilgi3 mentioned this issue May 6, 2022
Open
@mickykar
Copy link

mickykar commented May 6, 2022

This doesn't work even changing to https may be if we can get the script to install client in https method that would be great

@pilgi3
Copy link

pilgi3 commented May 6, 2022

Do you using the script "SCCM-UNINSTALL-REINSTALL.ps1" or the button "Install Agent" under Tab Install / Repair?

@mickykar
Copy link

mickykar commented May 6, 2022

Yes i do that in sccm-uninstall-reinstall script the uninstall works perfect but the re-install doesn't work most of the time and when i click the install agent tab i get the error.

Below is the script i modified for HTTPS we have also we have PKI environment for client authentication , but still it doesnt work.

$CMMP='contso.com'
$CMSiteCode='P01'

$ErrorActionPreference = "SilentlyContinue"

try
{
#Get ccm cache path for later cleanup...
try
{
$ccmcache = ([wmi]"ROOT\ccm\SoftMgmtAgent:CacheConfig.ConfigKey='Cache'").Location
} catch {}

#download ccmsetup.exe from MP
$webclient = New-Object System.Net.WebClient
$url = "https://$($CMMP)/CCM_Client/ccmsetup.exe"
$file = "c:\windows\temp\ccmsetup.exe"
$webclient.DownloadFile($url,$file)

#stop the old sms agent service
stop-service 'ccmexec' -ErrorAction SilentlyContinue

#Cleanup cache
if($ccmcache -ne $null)
{
try
{
dir $ccmcache '*' -directory | % { [io.directory]::delete($_.fullname, $true) } -ErrorAction SilentlyContinue
} catch {}
}

#Cleanup Execution History
#Remove-Item -Path 'HKLM:\SOFTWARE\Wow6432Node\Microsoft\SMS\Mobile Client*' -Recurse -ErrorAction SilentlyContinue
#Remove-Item -Path 'HKLM:\SOFTWARE\Microsoft\SMS\Mobile Client*' -Recurse -ErrorAction SilentlyContinue

#kill existing instances of ccmsetup.exe
$ccm = (Get-Process 'ccmsetup' -ErrorAction SilentlyContinue)
if($ccm -ne $null)
{
$ccm.kill();
}

#run ccmsetup
$proc = Start-Process -FilePath 'c:\windows\temp\ccmsetup.exe' -PassThru -Wait -ArgumentList "/mp:$($CMMP) /source:https://$($CMMP)/CCM_Client CCMHTTPPORT=443 RESETKEYINFORMATION=TRUE SMSSITECODE=$($CMSiteCode) SMSSLP=$($CMMP) FSP=$($CMMP)"
Sleep(5)
"ccmsetup started..."
}

catch
{
"an Error occured..."
$error[0]
}

@pilgi3
Copy link

pilgi3 commented May 9, 2022

In our environment we run into the problem called second hop when using the button "Install Agent"
This is a security feature so it is not possible without further configuration to connect to a client/server in a remote powershell on a client.
https://docs.microsoft.com/en-us/powershell/scripting/learn/remoting/ps-remoting-second-hop?view=powershell-7.2

We where able to do a workaround with the local ccmsetup.exe.

`$CMMP = 'Management Point FQDN'
$CMSiteCode = 'xxx'

$ErrorActionPreference = "Stop"
try
{

##download ccmsetup.exe from MP share
$source = "C:\windows\ccmsetup" 
$destination = "C:\windows\temp"
$files = @("ccmsetup.exe")
foreach ($file in $files) {
    If (Test-Path -Path $file) { Remove-Item -Path $file -Force }
    Copy-Item -Path "$source\$file" -Destination "$destination\$file" -Force
}

## delete / rename local ccmsetup folder
If (Test-Path -Path "C:\windows\ccmsetup_old") { Remove-Item -Path "C:\windows\ccmsetup_old" -Recurse -Force }
Rename-Item -Path "C:\Windows\ccmsetup" -NewName "ccmsetup_old" -Force

## delete ccmache folder
If (Test-Path -Path "C:\windows\ccmcache") { Remove-Item -Path "C:\windows\ccmcache" -Recurse -Force }

#run ccmsetup 
$proc = Start-Process -FilePath 'c:\windows\temp\ccmsetup.exe' -PassThru -Wait -ArgumentList "/service /ForceInstall /ignoreskipupgrade /mp:$($CMMP) SMSSITECODE=$($CMSiteCode)"

If (((Get-Service ccmsetup).Status) -eq 'Running') {
    Remove-Item -Path "C:\windows\ccmsetup_old" -Recurse -Force
    Write-Output "Reinstallation of client started - will take some minutes for completion."
} else {
    Write-Output "Error starting reinstallation."
}

}
Catch
{
Write-Output "[$($_.Exception.Message)]"
}
`

@mickykar
Copy link

mickykar commented May 9, 2022

Let me test this script once

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@pilgi3 @mickykar @imperatorviken