IT Consultant Everyday Notes

Just some problems/solutions storage

Tag Archives: co-manageent

SCCM: Co-management setup with SCCM Client installation

I decided to set up a test lab for co-management. Here is what I have:

Azure AD tenant. In addition to Primary *.onmicrosoft.com I have multiple custom domains registered.

SCCM 1806 on-prem

I started from deploying CMG as demonstrated in Justin’s video: https://www.youtube.com/watch?v=kTOPhVHyZtE 

The only difference – I did not use internal domain name for CMG, just left it as myname.cloudapp.net. That allowed me to avoid CNAME requirement.

after that I configured co-management as per https://www.youtube.com/watch?v=rTapalSHv6U

but unfortunately SCCM client was not installed on my test machine joined to Azure AD.

I am using enhanced HTTP on SCCM side; my internal MP operates in HTTP mode and there is no certificate installed on the the Client. I tried to be as close as possible to real BYOD scenario.

After some troubleshooting I sent the question to Technet forums https://social.technet.microsoft.com/Forums/en-US/4a7bb933-0f6e-4588-a5a1-c3b71f38d090/sccm-1806-client-installation-from-cmgdp?forum=ConfigMgrMDM 

Based on the forum discussion I replaced Intune MSI-based SCCM Client deployment to W32 App which Microsoft has currently in preview. Just as Martin recommended: https://www.imab.dk/deploy-the-sccm-client-using-microsoft-intune-and-the-cloud-management-gateway-no-pki-certificates/

Nick provided great help with tokens troubleshooting. I found his article here: https://nhogarth.net/2018/10/26/sccm-1806-cmg-hybrid-azure-ad-failed-to-get-ccm-access-token/

And do not forget to Approve the Client in SCCM console (at least in my case it was a workgroup machine and auto-approval was not enabled on SCCM).

It took ~15 min after approval before the Client got policy from SCCM MP.

After all everything is working, but took some time with research and troubleshooting…

Advertisements