Topic last updated—November 2007

It is useful to identify native mode and Internet-based client management configuration for Configuration Manager 2007 clients for both auditing and troubleshooting purposes. You can also use this information to create query-based collections if you need to target computers with a particular configuration with a script, or software distribution package.

The native mode and Internet-based client management configurations described in the following table are stored in the client's hardware inventory, under SMS Advanced Client SSL Configuration.

Note
There is a known issue with Windows XP and Windows Server 2003 64-bit operating systems that do not display this data. This issue is not known to occur on these 64-bit operating systems with Service Pack 2.

Value Description

Certificate Selection Criteria

Displays the type of certificate selection method and criteria, if specified. The syntax used is the same as the CCMSetup client.msi property CCMCERTSEL. For more information, see About Configuration Manager Client Installation Properties.

Certificate Store

Displays the type of certificate selection method and criteria, if specified. The syntax used is the same as the CCMSetup client.msi property CCMCERTSEL. For more information, see About Configuration Manager Client Installation Properties.

Client Always On Internet

If the client has been installed with the CCMSetup client.msi property CCMALWAYSINF=1, this value displays 1 to indicate that the client will always be Internet-based and cannot be managed as an intranet client. If the client has not been installed with this CCMSetup client.msi property, this value displays 0 to indicate that the client can be managed on both the Internet and on the intranet. For more information, see About Configuration Manager Client Installation Properties.

Https State Flags

This displays a bitmask value to indicate whether the client is configured for native mode, CRL checking, and HTTP for site assignment and roaming:

  • 0 = mixed mode communication.

  • 31 = native mode communication only.

  • 63 = native mode communication and CRL checking.

  • 95 = native mode and HTTP for roaming and site assignment.

  • 127 = native mode communication, CRL checking, and HTTP for roaming and site assignment.

Instance Key

Displays SMSSSLConfiguration.

Internet MP Host Name

Displays the specified Internet-based management point.

Select First Certificate

Displays 0 or 1, to indicate the action to take if the Configuration Manager client finds more than one valid certificate for native mode communication, based on the certificate settings specified:

  • 0 indicates that none of the certificates will be used to attempt a connection. The client will not attempt communication with its management point, and instead it will send an error message to its assigned fallback status point.

  • 1 indicates that the client will select any valid and matching certificate for native mode communication if multiple valid certificates are found in the certificate store, unless the client is running Configuration Manager 2007 SP1, in which case the certificate with the longest validity period is selected. If a connection is not successfully made with this certificate, the other certificates found will not be tried and the client will send an error message to its assigned fallback status point.

Use the following procedures to view this configuration information on a single computer by using Resource Explorer, or for multiple computers by creating and running a Configuration Manager query.

To view a client's native mode and Internet-based client management configuration using Resource Explorer

  1. In the Configuration Manager console, navigate to System Center Configuration Manager / Site Database / Computer Management / Collections.

  2. Expand Collections, and select the collection that contains the client whose native mode and Internet-based client management configuration you want to view.

  3. Right-click the client name, click All Tasks, and then click Start Resource Explorer.

  4. Navigate to Resource Explorer / Hardware / SMS Advanced Client SSL Configurations, and then view the details in the results pane.

  5. Close Resource Explorer.

To view all clients' native mode and Internet-based client management configuration using a Configuration Manager query

  1. Copy and paste the following Configuration Manager query into a text editor, such as Notepad:

      Copy Code
    select SMS_R_System.NetbiosName, SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS.CertificateSelectionCriteria, SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS.CertificateStore, SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS.ClientAlwaysOnInternet, SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS.HttpsStateFlags, SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS.InstanceKey, SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS.InternetMPHostName, SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS.SelectFirstCertificate from  SMS_R_System inner join SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS on SMS_G_System_ADVANCED_CLIENT_SSL_CONFIGURATIONS.ResourceId = SMS_R_System.ResourceId
    
  2. Remove any configuration options from the query that you do not need to display, and then copy the text to the clipboard.

  3. Create the query by right-clicking the Queries node, click New, and then click Query to launch the New Query Wizard.

  4. On the General page, specify a query name, such as Client native mode configuration and, optionally, specify a description in the Comment box.

  5. Ensure that System Resource is selected as the Object Type, and then click Edit Query Statement.

  6. In the Query Statement Properties dialog box, click Show Query Language.

  7. In the Query Statement Properties dialog box, paste the query into the Query Statement edit box, replacing the text displayed.

  8. Click OK to save the query, and close the Query Statement Properties dialog box.

  9. Click Next on the General wizard page, and then click Finish.

  10. In the Queries results pane, double-click the query that you just created to view the configuration values for each client that has reported this information with their hardware inventory data.

See Also