I am trying to set up distribution server for SCCM, we are using https, so I need to install the certificate from our CA. the certificates for both the Server and clients have been created, and the clients are working properly, with auto enroll. The issue is coming to enrolling our servers that will be used as distribution points. I created an AD group, in a sub domain of where the CA is, and I added the necessary servers (all members of the sub domain) for SCCM, and gave that group read
and enroll rights to the Server certificate. On the server when I try to enroll, I can see the certificate, but when it tries to install, I get an access denied. What is odd is, if I add that same server to certificate directly, and give read
and enroll, it installs fine. I also tested it on another sever, this time a domain controller, adding it to the same initial group with the same effect. However, using a built in group (domain controllers), again giving that group read and enroll,
the server installs just fine. I have made the group, Universal, Domain Local, and Global, yet all fail.
↧