Tag Archives: ConfigMgr 2012 SP1

Monitoring ConfigMgr 2012 SP1 via OpsMgr 2012 SP1

Posted on by
1

This post will describe the setup that is needed in order for your OpsMgr 2012 SP1 environment to monitor your ConfigMgr 2012 SP1 site.
First download the MP via this URL http://www.microsoft.com/en-us/download/details.aspx?id=34709

Execute the installer and you will end up with 4 files:

  • EULA.rtf
  • Microsoft.SystemCenter2012.ConfigurationManager.Discovery.mp
  • Microsoft.SystemCenter2012.ConfigurationManager.Library.mp
  • Microsoft.SystemCenter2012.ConfigurationManager.Monitoring.mp

Import the 3 Management Pack Files for ConfigMgr.

So go the Administration tab –> Management Packs –> choose the Add button from disk.

Then make an Override Management Pack for this MP!

After importing and installing you get a new monitoring view (System Center 2012 Configuration Manager)

For the Configuration Manager monitoring pack to discover objects, you must turn on Agent Proxy on every site server except for the primary site and the central administration site.

It might take some time before your ConfigMgr 2012 SP1 components appear in the OpsMgr 2012 SP1 environment…

After that is done, you can go back to the monitoring tab and choose under SCCM 2012.
Hierarchy Diagram. This will give you a diagram over your SCCM site.

Any alerts (RED X’s) can be clicked and you can drill down to your problem. The MP looks very good and complete.

Be sure to read the manual, a lot of rules are disabled by default. Also performance monitoring is disabled by default.

OpsMgr 2012 Management Packs for Windows Server 2012 and SCCM 2012 SP1

Posted on by
Reply

All Management Packs can be found in Pinpoint:

http://systemcenter.pinpoint.microsoft.com/en-US/applications/search/operations-manager-d11?q=

Here is an overview of Server 2012 MPs:

Monitoring Pack for System Center Configuration Manager 2012 (SCCM) http://www.microsoft.com/en-us/download/details.aspx?id=34709
Exchange Server 2013 Management Pack http://www.microsoft.com/en-us/download/details.aspx?id=39039
Windows Server Hyper-V 2012 http://www.microsoft.com/en-us/download/details.aspx?id=36438
Windows Server DNS 2012 http://www.microsoft.com/en-us/download/details.aspx?id=37141
J2EE, JBoss, Tomcat, Weblogic, WebSphere http://www.microsoft.com/en-us/download/details.aspx?id=29270
Windows Server Cluster http://www.microsoft.com/en-us/download/details.aspx?id=2268
Windows Server Network Load Balancing http://www.microsoft.com/en-us/download/details.aspx?id=13302
Windows Deployment Services http://www.microsoft.com/en-us/download/details.aspx?id=36817
Windows Server File iSCSI & Services http://www.microsoft.com/en-us/download/details.aspx?id=34970
Windows Server Backup http://www.microsoft.com/en-us/download/details.aspx?id=36390
Network Devices with Extended Monitoring Capability http://www.microsoft.com/en-us/download/details.aspx?id=26831
Monitoring Pack for Message Queuing http://www.microsoft.com/en-us/download/details.aspx?id=36775

Change Management console language Configuration Manager 2012 SP1

Posted on by
2

 

When starting the management console the language of the local OS will be detected. Then it will search if a language pack is present. When found, the corresponding language will be shown and troubleshooting will become a lot harder. Try searching errors in Dutch 😉 for instance…

Two solutions are possible to show the interface in English:

1. Change your OS  language from your control panel (Regional settings).

2. Rename the language pack folder within the install directory of your Management console. Default language pack locations of SCCM 2012 SP1 Management console:

  • System Center Configuration Manager 2012:
    C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\bin\{language_code}

Close the management console, rename the language pack folder corresponding to your current OS language, restart the console and the default language (English) will be shown.

Cumulative Update (CU1) Pack for System Center 2012 Configuration Manager Service Pack 1 (SP1)

Posted on by
2

Microsoft has released the first Cumulative Update (CU1) Pack for System Center 2012 Configuration Manager Service Pack 1 (SP1).

This CU1 is available here!

An overview:

Issues that are fixed

Administrator Console

  • A Discovery Data Record (DDR) that contains organizational unit (OU) paths that are longer than 220 characters are not processed. The DDM.log file on the site server contains event messages that resemble the following:

CDiscoverySource::ValidateSchema – array property User OU Name cannot expand size so rejecting.


CDiscoverDataManager::ProcessDDRs – Unable to update data source.

  • The Allow clients to use a fallback source location for content option is missing from the Distribution Points tab of the package properties.

Site systems

  • Replication Configuration Manager incorrectly reports the link status as Degraded and then reports the status as Activeone minute later.
  • Site replication fails after a site database is restored to a new server. Additionally, the Rcmctrl.log file contains the following error message:

ERROR: Received unhandled SQL exception, printing info and throwing it again. This will be retried in next cycle.
SqlException number: [8115]
ERROR: Exception message: [Arithmetic overflow error converting expression to data type int.~~The ‘spGetChangeTrackingMinValidVersion’ procedure attempted to return a status of NULL, which is not allowed. A status of 0 will be returned instead.]


Device management

  • The Configuration Manager client cannot be installed on devices that contain newer ARM processors. Additionally, the following error message is logged in the DmClientSetup log file:

    Fail to get the CAB file name because of unsupported processor type: 0

Software updates

  • The Allow clients to share content with other clients on the same subnet option in the properties of a Software Update Group Deployment is ignored. Additionally, the DataTransferService.log file contains the following message:

    Not using branch cache option.

  • When a custom port is configured for software updates, an Internet only client may append the custom port to the URL for the Windows Update service. Additionally, when the custom port is set to 880, log entries that resemble the following may be logged in the DataTransferService.log file:

    UpdateURLWithTransportSettings(): OLD URL – http://download.windowsupdate.com/msdownload/update.cab

    UpdateURLWithTransportSettings(): NEW URL – http://download.windowsupdate.com:880/msdownload/update.cab

  • The Schedule Updates Wizard does not list content for Windows Server 2012. For more information about this issue, click the following article number to view the article in the Microsoft Knowledge Base:

    2793237 FIX: The Schedule Updates Wizard does not list content for Windows Server 2012 in System Center 2012 Configuration Manager Service Pack 1

Client

  • The MicrosoftPolicyPlatformSetup.msi file is now correctly signed.
  • The selection of multiple targeted applications in Software Center will fail if the calendar region is set to Arabic (Saudi Arabia). Additionally, Software Center displays the following error message:

    Software Center cannot be loaded. There is a problem loading the required components for Software Center. You can try launching Software Center at a later time. If the problem continues, you can contact your helpdesk.

  • The hardware inventory on a computer that is running a 32-bit version of Windows Server 2003 R2 may cause the Wmiprvse.exe process to exit unexpectedly. Additionally, when you view the results of the fault, the details of the fault resemble the following:

    Faulting application wmiprvse.exe, version 5.2.3790.4455, faulting module msvcr90.dll, version 9.0.30729.6161, fault address 0x00056b1d

  • PXE support is added for IA-32 EFI computers.

PowerShell

  • When the Clear-CMPxeDeployment cmdlet is run, you receive the following error message:

    The method or operation is not implemented.

  • When the Update-CMDistributionPoint –DeploymentTypeName cmdlet is run, you receive the following error message:

    Key not Found Exception.

  • When the New-CMDeviceCollection cmdlet is run, the refreshschedule parameter is not defined in theNewByLimitName parameter set.
  • When the New-CMDeviceCollection cmdlet is run together with the LimitingCollectionName option, the cmdlet is unsuccessful. Additionally, you receive the following error message:

    Unable to cast object of type ‘Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlArrayItems’ to type’System.Management.ManagementBaseObject’.

  • When the .GetType method is used for the object that is returned by the New-CMSchedule cmdlet, the method is unsuccessful. Additionally, you receive the following error message:

    The adapter cannot get property “GetType” for instance of SMS_ST_RecurInterval.

  • When the Import-CMComputerInformation -CollectionName “All Systems” -ComputerName “Computer01” -MacAddress “xx:xx:xx:xx:xx:xx command is run, the command is unsuccessful. Additionally, you receive the following error message:

    WARNING: The collection All Systems does not exist or is not suitable for adding the new device.

Functionality that is updated

PowerShell

Help for PowerShell is updated for the cmdlets that are included in Configuration Manager Service Pack 1 and in this cumulative update. In a PowerShell environment, use the Update-Help –Module ConfigurationManager cmdlet to retrieve the latest Help information from Microsoft.

The following cmdlets are added to the PowerShell module:

  • Add-CMDistributionPoint
  • Import-CMAntiMalwarePolicy
  • Import-CMDriver
  • New-CMAppVVirtualEnvironment
  • New-CMMigrationJob
  • New-CMPackage
  • New-CMSoftwareUpdateAutoDeploymentRule
  • New-CMTaskSequence
  • New-CMTaskSequenceInstallUpdateAction
  • New-CMTaskSequenceMedia
  • New-CMUserDataAndProfileConfigurationItem
  • Remove-CMTaskSequenceInstallUpdateAction
  • Set-CMTaskSequenceGroup
  • New-CMTaskSequenceGroup
  • Remove-CMTaskSequenceGroup
  • Set-CMApplicationCatalogWebsitePoint
  • Set-CMAppVVirtualEnvironment
  • Set-CMClientPushInstallation
  • Set-CMClientSetting
  • Set-CMDistributionPoint
  • Set-CMDriver
  • Set-CMEndpointProtectionPoint
  • Set-CMEnrollmentPoint
  • Set-CMEnrollmentProxyPoint
  • Set-CMHierarchySetting
  • Set-CMManagementPointComponent
  • Set-CMOperatingSystemImageUpdateSchedule
  • Set-CMOutOfBandManagementComponent
  • Set-CMReportingServicePoint
  • Set-CMSite
  • Set-CMSoftwareUpdateAutoDeploymentRule
  • Set-CMSoftwareUpdatePointComponent
  • Set-CMStateMigrationPoint
  • Set-CMStatusSummarizer
  • Set-CMSystemHealthValidatorPointComponent
  • Set-CMTaskSequence
  • Set-CMTaskSequenceInstallUpdateAction
  • Set-CMUserDataAndProfileConfigurationItem
  • Start-CMDistributionPointUpgrade

ConfigMgr 2012 Compliance Settings

Posted on by
Reply

 

Compliance Settings in SCCM 2012 SP1. This was called ‘Desired Configuration Management’ in SCCM 2007. Compliance Settings consist of ‘Configuration Items’ and ‘Configuration Baselines’. There is another node here: ‘User Data and Profiles’. This one is not a Compliance Setting but Folder Redirection from within the ConfigMgr Console…(hmm well that’s what GPO’s are for, aren’t they?)

The Compliance Settings help you to assess the compliance of Users and/or Devices for all kind of configurations in your organization. For instance: right OS version, updates, hotfixes, applications, application settings, prohibited applications etc.

The Configuration Items do all the magic. They can be of various kinds:

  • Windows;
  • Mobile Device;
  • Mac OS X.

And can query through various ways. Configuration Items can also remediate non-compliant settings if you like!

Compliance is evaluated by defining a configuration baseline that contains the configuration items that you want to evaluate and settings and rules that describe the level of compliance you must or like to have. You can import this configuration data from Microsoft System Center Configuration Manager Configuration Packs which can contain best practices that are defined by Microsoft and other vendors, into ConfigMgr. You can create new configuration items and configuration baselines yourself for your own applications.

After a configuration baseline is defined, you can deploy it to users and devices through collections and evaluate its settings for compliance on a schedule. Client devices can have multiple configuration baselines deployed to them.

Configuration items: A collection of settings, values, and criteria that defines what is compared, checked, or evaluated on a target system.

Configuration baselines: Contains one or multiple configuration items. Configuration items must be part of a configuration baseline to be assigned for evaluation on a collection of systems.

 

To use Compliance Settings in your environment there are a few steps you have to take:

  • Enable Compliance Settings on your clients;
  • Reporting Services must be installed as a site role.

 

Enable Compliance Settings on your clients.

Go to: Administration, Client Settings

Edit or Create ‘Client Device Settings

Select ‘Compliance Settings

And select ‘Enable compliance evaluation on clients‘ to Yes

Then deploy the Client Device Settings to a collection.

 

Reporting Services must be installed as a site role.


The Reporting services point is installed.

 

Now you can Add Configuration Items and Define Configuration Baselines!

That’s next time!

HTTPS Communication SCCM 2012 SP1 (Part 3)

Posted on by
3

If you do a default installation of ConfigMgr 2012 the clients will communicate over HTTP with the Management Point. Also all traffic from the Distribution Point will be over HTTP. And if you use the Application Catalog, well that’s HTTP also.

In this 3 post series I will explain the steps to go from HTTP to HTTPS communication.
The first post (HERE) I explained the Certificates needed, the second (HERE) and third one (this one) will do the actual work of transforming ConfigMgr from HTTP to HTTPS.

What is going to happen:

  • Have HTTPS traffic from and to the Distribution Point

 

So I have got my clients communicating over HTTPS, with my PKI Infrastructure, to the Management Point. Nice!
But now I want the traffic from and to the Distribution Point also over HTTPS.

 

ConfigMgr Configuration

Under Administration – Overview – Site Configuration – Servers and Site System Roles select the server with the Distribution Point Role. Select Properties.

Import Certificate.
You need the ConfigMgr Client Distribution Point certificate (the .PFX), supply the password and OK.

 

And now the data is flowing secure from and to your DP.

 

Part 1 Here.

Part 2 Here.

HTTPS Communication SCCM 2012 SP1 (Part 2)

Posted on by
7

If you do a default installation of ConfigMgr 2012 the clients will communicate over HTTP with the Management Point. Also all traffic from the Distribution Point will be over HTTP. And if you use the Application Catalog, well that’s HTTP also.

In this 3 post series I will explain the steps to go from HTTP to HTTPS communication.
The first post (HERE) I explained the Certificates needed, the second (this one) and third one (HERE) will do the actual work of transforming ConfigMgr from HTTP to HTTPS.

What is going to happen in this post:

  • Have the Clients talk over HTTPS to the site server (Management Point)

 

With all the certificates in place let’s see if I can change the Client to communicate over PKI and HTTPS instead of HTTP and a self-signed certificate.

 

Site Server Communication

Export the Root CA Certificate as a DER encoded binairy X.509 (.CER) Certificate.

In the ConfigMgr console go to Administration – Overview – Site Configuration – Sites and select your Site.

Right-click and select Properties.

Go to the tab Client Computer Communication and change the setting to HTTPS Only. If you still have clients with HTTP then you can select HTTP or HTTPS.

Under Trusted Root Certification Authorities select your Root CA Certificate.

 

For a client that has already been deployed just wait and the Client Certificate will change to PKI.

And I am communicating over HTTPS with my PKI:

As I can also see in my ClientLocation.log

 

From the ccmsetup.log is visible that all communication is secure.

 

Part 1 Here.

Part 3 Here.

HTTPS Communication SCCM 2012 SP1 (Part 1)

Posted on by
3

If you do a default installation of ConfigMgr 2012 the clients will communicate over HTTP with the Management Point. Also all traffic from the Distribution Point will be over HTTP. And if you use the Application Catalog, well that’s HTTP also.

In this 3 post series I will explain the steps to go from HTTP to HTTPS communication.
The first post (this one) I explained the Certificates needed, the second (HERE) and third one (HERE) will do the actual work of transforming ConfigMgr from HTTP to HTTPS.

As you could read in previous post my PKI Infrastructure is already in place.
Time to put it to its full use!

For full background details look here: http://technet.microsoft.com/en-us/library/gg682023.aspx#BKMK_clientdistributionpoint2008_cm2012

 

ConfigMgr 2012 SP1 needs 3 certificates to fully function:

  1. Client Certificate
  2. Web Server Certificate
  3. Client certificate for Distribution Points

 

The Client Certificate will be deployed through Active Directory with an auto-enrollment GPO. The other 2 will be imported on the SCCM 2012 SP1 server.

The Web Server Certificate will be configured in Internet Information Server (IIS), and the Client certificate for Distribution Points will be used authenticate the Distribution Point to HTTPS and for PXE support to clients. This will be configured in SCCM 2012 SP1.

 

Client Certificate

On the Certificate Authority (CA) server open up your CA and Duplicate Template.
The template you need for this is the Workstation Authentication.
Make sure to select ‘Windows Server 2003 Enterprise’ as ‘Windows Server 2008 Enterprise’ is NOT supported by ConfigMgr 2012 SP1!

On the security tab select ‘Read’ and ‘Autoenroll’ for Domain Computers, do not clear ‘Enroll’.

Back in the CA console, right-click Certificate Templates, New and Certificate Template to Issue. Choose your Client Certificate.


 

Auto-enrollment of the Client Certificate

For auto-enrollment use a Group Policy Object (GPO).

Best practice is to use a separate GPO for the auto-enrollment.
In the Group Policy Management console, Create a GPO in this domain, and Link it here.
(be sure to point to the right Organizational Unit (OU)).

Now go to Computer Configuration – Policies – Windows Settings – Security Settings – Public Key Policies.

 

Right-click and Enable auto-enrollment:


 

Web Server Certificate

On the Certificate Authority (CA) server open up your CA and Duplicate Template.
The template you need for this is the Web Server.
Make sure to select ‘Windows Server 2003 Enterprise’ as ‘Windows Server 2008 Enterprise’ is NOT supported by ConfigMgr 2012 SP1!

On the security tab select ‘Read’ and ‘Enroll’ for your SCCM Site (IIS) Server(s), clear ‘Enroll’ for Enterprise Admins.

On the Subject Name tab be sure the Supply in the request is selected.

Back in the CA console, right-click Certificate Templates, New and Certificate Template to Issue. Choose your ConfigMgr Web Server Certificate.

 

Enrollment of the ConfigMgr Web Server Certificate

Open a MMC and add the Certificate snapin for Local Computer.

Right-click Certificates and Request New Certificate. Select the ConfigMgr Web Server Certificate you created.

Select More information is required to enroll for this certificate. Click here to configure settings.

In the Certificate Properties dialog box, in the Subject tab, do not make any changes to the Subject name. This means that the Value box for the Subject name section remains blank. Instead, from the Alternative name section, click the Type drop-down list, and then select DNS.

In the Value box, specify the FQDN values that you will specify in the Configuration Manager site system properties, and then click OK to close the Certificate Properties dialog box.

Examples:

  • If the site system will only accept client connections from the intranet, and the intranet FQDN of the site system server is sccm2012.lab.local: Type sccm2012.lab.local, and then click Add.
  • If the site system will accept client connections from the intranet and the Internet, and the intranet FQDN of the site system server is sccm2012.lab.local and the Internet FQDN of the site system server is sccm2012.wibier.me:
    • Type sccm2012.lab.local, and then click Add.
    • Type sccm2012.wibier.me, and then click Add.

 

Configure IIS to use the ConfigMgr Web Server Certificate

On the SCCM Web Server open Internet Information Services (IIS) Manager.

Expand Sites, right-click your site (usually ‘Default Web Site’) and select Edit Bindings.

Select the HTTPS entry and Edit.

OK and Close.

(You can check the site by opening Internet Explorer and browse to your site with https://. There should not be a warning about a certificate.)

 

Client certificate for Distribution Points

On the Certificate Authority (CA) server open up your CA and Duplicate Template.
The template you need for this is the Workstation Authentication.
Make sure to select ‘Windows Server 2003 Enterprise’ as ‘Windows Server 2008 Enterprise’ is NOT supported by ConfigMgr 2012 SP1!

On the security tab select ‘Read’ and ‘Enroll’ for your SCCM Site Server(s), clear ‘Enroll’ for Enterprise Admins.

On the Request Handling tab select the Allow private key to be exported.

Back in the CA console, right-click Certificate Templates, New and Certificate Template to Issue. Choose your ConfigMgr Client Certificate for Distribution Points.

 

Enrollment of the Client certificate for Distribution Points

Open a MMC and add the Certificate snapin for Local Computer.

Right-click Certificates and Request New Certificate. Select the Client certificate for Distribution Points you created.

After that Export the certificate WITH the private key.

Part 2 HERE!

Part 3 HERE!

Create Cloud Distribution Point on Windows Azure with SCCM 2012 SP1 (Part 2)

Posted on by
1

Cloud, everybody is talking about that.
And with the new ConfigMgr 2012 SP1 fully integrating with Windows Azure it’s time to see how this works.

You need to have some things in place first, so here we go:

  • A Windows Azure subscription (duh)
  • A working PKI Infrastructure
  • 2 (a .cer and a .pfx) certificates to talk to the Management service of Windows Azure
  • A certificate (the .cer) added to the Management service of Windows Azure
  • Your Windows Azure Subscription ID. This can be found on the Management Portal of Windows Azure.
  • And well, uh SCCM 2012 SP1 😉

 

In Part 1 I took care of the setup of the necessary PKI Infrastructure and take care of the Certificate part..
In Part 2 I will configure SCCM 2012 SP1 for talking to that big Cloud called Windows Azure.

 

So we took care of the Certificate, now we have upload it to Windows Azure.

 

Upload Certificate

Log on to the Windows Azure Management Portal.
Under Settings you can upload your Certificate (this will be the .CER one)

And the result is visible:

Create the Windows Azure Cloud Distribution Point:

Now it’s time to create the Distribution Point in the Cloud!

Launch you ConfigMgr Console and let’s start.

Under Administration – Overview – Hierarchy Configuration – Cloud is the Create Cloud Distribution Point.

 

And here you need your Subscription ID and Certificate (the .PFX one)

 

Select your Region, and Certificate:

 

Specify the alerts:

 

And off we go

 

Look good:

 

You can follow the process by looking in the CloudMgr.log.

 

This can take a while! So be patient, it will come eventually.

Still working:

 

 

 

And there we are!

 

And also in the Windows Azure Management Portal:

 

Distribute content to the Windows Azure Cloud Distribution Point:

There are no extra steps needed to distribute content to a Windows Azure DP.
You take an application and distribute it to the Cloud.

Logging under DistrMgr.log.

 

And in the console:

 

Cloud rules!

 

Read Part 1 Here!

Create Cloud Distribution Point on Windows Azure with SCCM 2012 SP1 (Part 1)

Posted on by
2

Cloud, everybody is talking about that.
And with the new ConfigMgr 2012 SP1 fully integrating with Windows Azure it’s time to see how this works.

You need to have some things in place first, so here we go:

  • A Windows Azure subscription (duh)
  • A working PKI Infrastructure
  • 2 (a .cer and a .pfx) certificates to talk to the Management service of Windows Azure
  • A certificate (the .cer) added to the Management service of Windows Azure
  • Your Windows Azure Subscription ID. This can be found on the Management Portal of Windows Azure.
  • And well, uh SCCM 2012 SP1 😉

 

The subscription isn’t much of a hassle. Takes about 10 min!

In Part 1 I will setup the necessary PKI Infrastructure and take care of the Certificate part..
In Part 2 I will configure SCCM 2012 SP1 for talking to that big Cloud called Windows Azure.

 

PKI Infrastructure

Nothing fancy here as this is a lab environment. Just setup the PKI infrastructure.

Add Server Role à Active Directory Certificate Services

 

Certificate Authority:

 

Enterprise:

 

Root CA:

 

New private key:

 

Select 2048 for Key character length:

 

CA Name:

 

Validity period (I don’t think my lab will last this long ;-))

 

Now Install the CA.

 

Deploy the Certificate

 

So that’s up and running, now for the fun part.

Microsoft has some good info on what certificates you need.

 

Source:

  • Deployment of the PKI Certificates for Configuration Manager:

http://technet.microsoft.com/en-us/library/230dfec0-bddb-4429-a5db-30020e881f1e#BKMK_clouddpcreating2008

  • PKI Certificate Requirements for Configuration Manager:

http://technet.microsoft.com/en-us/library/gg699362.aspx

We will go from there.

  • Create a Security Group that contains the member servers to install System Center 2012 Configuration Manager SP1 primary site servers that will manage cloud-based distribution points.
  • On your Certificate Authority (CA) server go to the console and right-click Certificate Templates, choose Manage.
  • Right-click the entry that displays Web Server in the column Template Display Name, and then click Duplicate Template.
  • Select Windows Server 2003, Enterprise Edition
  • On the General tab enter a name (ConfigMgr Cloud-Based Distribution Point Certificate)
  • On the Request Handling tab – Allow private key to be exported.
  • Security tab – Remove Enroll for Enterprise Admins and Add your Security Group.
  • Click OK and close the Template console.
  • Right-click Certificate Templates, NewCertificate Template to Issue.
  • Select your Template and select OK.

Request the Certificate

Now we have to request the certificate.

  • Go to your site server.
  • Open up a MMC and add Certificates – Local computer as snap-in.
  • Go to Personal and in All Tasks select Request New Certificate.

Now you have to enter some information:

The info you need for Windows Azure is:
– the name of your Windows Azure Cloud Distribution Point

 

  • Select and Enroll.

 

 

  • Enrollment successful.

 

 

  • The Certificate will be visible in the CA console under Issued Certificates.

 

Export the Certificate

You will have to export the Certificate twice, once with and once without the private key!

  • Without the Private Key:

 

  • And with the Private Key:

 

The certificate is now ready to be imported when you create a cloud-based distribution point.

In Part 2 I will continue!