Automated Deployment of Distribution Point Role with PKI Certificate
i want to install/deploy a distribution point with an pki cert (.pfx). i solved (almost 🙂 ) this by powershell cmdlet and task sequence engine. For a better insight, i list my steps for you:
- Request and export certificate - Works!
- Install ConfigMgr Console (to use ConfigMgr CmdLets) - Works!
- Install and Configure Distribution Point - Works one time, unfortunately!
The last point drives me crazy! Every Distribution Point Server gets his own certificate. But, if one time the DP role is installed, ConfigMgr save this information, and its not possible to "Re-install" the DP Role fully automated. Even if a new certificate is requested. Powershell create a "Warning" (orange highlighted text) something like: This certificate is used. Are you sure to used this certificate? and ended as an error. Also set the variable $ErrorAction or $WarningAction brings no effect. If i do this via console, i get a "Warning" Dialog with two Choices. Yes or No.
So, my question is: Which indicator is used to check is the certificate is used or not? I already extend (DebugLogging) the smsprov.log to read out the WQL or something. Unfortunetaly, there is only a WMI Method? see here: https://docs.microsoft.com/de-de/sccm/develop/reference/core/servers/configure/isusedcert-method-in-...
I didn´t unterstand the definition of "Used". Moreover a certificate could have two status in ConfigMgr Console (Blocked or Unblocked). Furthermore, imho, if the dialogue has two options, does it need to be usable in Powershell ?!
Maybe somebody has an idea to identify or to fix this issue. Thanks for reading and any helping input.
Something here might help.
or also reach out to experts in dedicated forums over here.