Libelle1055
About Libelle1055
Posts by :
Backup Home Assistent with a shedue job
Batch Job
net use p: 192.168.0.141config /user:user Password
@ECHO OFF &SETLOCAL enableDelayedExpansion
FOR %%a IN (Monday Tuesday Wednesday Thursday Friday Saturday Sunday) DO SET /a cnt+=1&SET “DOW!cnt!=%%a”
FOR /f “tokens=1-4” %%a in (‘wmic path win32_currenttime get Day^,Month^,Year^,DayOfWeek^|findstr /v “^$”‘) DO (
IF %%a LEQ 9 (SET “Day=0%%a”) ELSE SET “Day=%%a”
IF %%c LEQ 9 (SET “Month=0%%c”) ELSE SET “Month=%%c”
SET “Year=%%d”
SET “DayOfWeek=%%b”
)
ROBOCOPY “p:” “G:My DriveBackup HomeAssistentAutomaticBackup!DOW%DayOfWeek%!_%Day%%Month%%Year%” /MIR
MECM Client install failed with HTTPs Config
Skip Certificate witch is the Client Certificate it should use
Unable to find any Certificate based on Certificate Issuers
Our History Creating Digital Experiences
https://austrianalex.com/system-center-configuration-manager-sccm-2012-client-pki-and-subordinate-ca-woes.html
Our Services What We Offer
Client Testimonials What Our Clients Say
Verify HTTPS enabled MECM Management Points with PowerShell and IE
IE
Normaly you can brows to
- http://<mp_server_name>/sms_mp/.sms_aut?mplist
- http://<mp_server_name>/sms_mp/.sms_aut?mpcert
- http://<mp_server_name>/sms_mp/.sms_mp/.sms_aut?MPKEYINFORMATION
and see the responce from the MP but with SSL enabled MP you will get an 403 error
to work around you can import the DP certificate with Private Kex to the IE – Settings –> Conntend –> Certificate –> Importe the Cetificate.
Restart the Browser and you can Access the URL
Get it with Powershell
Get the Certificate list
Get-ChildItem -Path “cert:\LocalMachine\My”
The certificate you need to find should be a certificate used for Client Auth and from the template you specified setting up you CM in HTTPS mode. Once you have the correct cert you can run the following command:
$cert = Get-ChildItem -Path "cert:\LocalMachine\My\<ThumbprintOfCert>"
Invoke-WebRequest -Uri "https://<mp_server_name>/sms_mp/.sms_aut?mplist" -Certificate $cert
One thing I noticed if that you try and run these command from a client that allows TLS 1.0 or TLS 1.1 against an MP that is running on Windows Server 2019 it will fail. This is because WS 2019 only accepts TLS1.2 traffic. To force PowerShell and Invoke-WebRequest to use TLS1.2 the following line must be specified before you run the above commands:
[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12This is only valid for the current PowerShell session and must be specified every time you start a new session.
