Share via

Automatically approved computers in trusted domain is not working

N Kerr 6 Reputation points
2023-06-19T12:00:38.15+00:00

We have noticed that the Automatically approve computers in trusted domain is not working. If we manually approve the PCs, they register just fine. We have tired selecting the manually approve each computer, then switched back to the automatically approve. Did not fix the issue.

Microsoft Configuration Manager Deployment
Microsoft Configuration Manager Deployment
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Deployment: The process of delivering, assembling, and maintaining a particular version of a software system at a site.
1,049 questions
Microsoft Configuration Manager Application
Microsoft Configuration Manager Application
Microsoft Configuration Manager: An integrated solution for for managing large groups of personal computers and servers.Application: A computer program designed to carry out a specific task other than one relating to the operation of the computer itself, typically to be used by end users.
516 questions
Microsoft Configuration Manager
0 comments

5 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. AllenLiu-MSFT 48,356 Reputation points Microsoft External Staff
    2023-06-20T07:35:08.93+00:00

    Hi, @N Kerr

    Thank you for posting in Microsoft Q&A forum.

    You might need to update the Trusted Root Certification Authorities list on the Client Computer Communication tab in the Site Properties dialog box to include the issuer of the public key infrastructure (PKI) certificate.

    User's image

    https://learn.microsoft.com/en-us/mem/configmgr/core/plan-design/security/plan-for-certificates#pki-trusted-root-certificates

    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Add comment".

    0 comments
  2. N Kerr 6 Reputation points
    2023-06-20T13:33:08.5866667+00:00

    Hi,

    The clients are using a self-signed certificate. Clients check the certificate revocation list (CRL) for the site is not selected.

    We also have a 3rd party SSL cert for Digicert on the server.

    0 comments
  3. AllenLiu-MSFT 48,356 Reputation points Microsoft External Staff
    2023-06-21T06:14:31.52+00:00

    Hi, @N Kerr

    You may check if your SCCM server has sufficient permissions to access the trusted domain. This can be done by verifying that the SCCM server's computer account is added to the "Pre-Windows 2000 Compatible Access" group in the trusted domain.

    0 comments
  4. N Kerr 6 Reputation points
    2023-06-21T14:04:55.3766667+00:00

    Added the SCCM server's computer account to the "Pre-Windows 2000 Compatible Access" group in the trusted domain. Did not make any difference.

  5. N Kerr 6 Reputation points
    2023-06-26T17:29:50.0566667+00:00

    On the Communication Security tab, we have the following selected:

    HTTPS or HTTP

    Use Configuration Manager generated certificates for the HTTP site systems

    Use PKI client certificate (client authentication capability) when available

    There are no Trusted Root Certification Authorities selected.

    There is no SMS Role SSL Certificate on the server.

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.