Certificate profile deployment failed with the error ‘22004: Unsupported certificate configuration’

This week a short blog post about an issue that I ran into, and tweeted about, the other week. Due to the strange error message I thought it would definitely be blog worthy. The error description was 22004: Unsupported certificate configuration. However, the actual issue did not come close to what the description would imply. This post will provide a brief overview of the scenario, the issue and the solution. Scenario Let’s start with a brief overview of the scenario. The environment contains Active Directory Federation Services (AD FS) and Web Application Proxy (WAP) for providing single sign-on (SSO) to the cloud services of Office 365 and Microsoft Intune. Microsoft Intune is used in a hybrid configuration with ConfigMgr and is fully configured to deploy …

Read more

Key configurations steps for implementing the ability to deploy certificate profiles with ConfigMgr 2012

This blog post is about key configuration steps, which are often forgotten, for implementing the ability to deploy certificate profiles with ConfigMgr 2012. By key configuration steps, I’m talking about the key configurations of every component used for creating the ability to deploy certificate profiles. That means Internet Information Services (IIS), Network Device Enrollment Service (NDES), the Certificate Registration Point site system role, the Configuration Manager Policy Module and even Web Application Proxy (WAP). To understand these steps, knowledge of certificates, IIS and ConfigMgr is required, because it’s not a step-by-step configuration guide. Good step-by-step information can be found in the More information section of this blog. Internet Information Services The first component I would like to mention is probably the most known component, which …

Read more

Deploying Certificate Profiles with ConfigMgr 2012

This week I want to devote a post to something new in ConfigMgr 2012 R2, which is still in a preview state, called Certificate Profiles. These profiles integrate directly with Active Directory Certificate Services (ADCS), and the Network Device Enrollment Service (NDES) role, to provision managed devices with authentication certificates. This means that another Group Policy setting is coming to ConfigMgr AND, maybe even bigger, this creates a possibility to automatically deploy certificates to non-domain devices.  Prerequisites Even though this sounds, to me, really promising for the future of ConfigMgr, there is a small catch. That small catch is the third bullet of the prerequisites, following now: Configuration Manager 2012 Service Pack 1 R2 Install and configure the Certificate Registration Point (which requires the NDES …

Read more