Client computers in a Configuration Manager 2007 native mode site require public key infrastructure (PKI) computer certificates to authenticate them to the management point. Without this authentication, Configuration Manager 2007 clients in a native mode site are unmanaged and will send a status message to their fallback status point. Additionally, the management point requires a client certificate so that it can be monitored and send its status to the site server. If you are using the operating system deployment feature, the state migration point also requires a client certificate for monitoring purposes.

The management point and state migration point requires a client certificate even if these site systems do not have installed on them the Configuration Manager 2007 client.

You can install the client computer certificates in a number of ways. Refer to your PKI documentation for more information. The recommended method if you are using a Microsoft PKI is to create the certificates using the version 1 (v1) computer template, or the version 2 (v2) client workstation template, and then automatically auto enroll the certificates to computers using Group Policy.

Other deployment methods include the following:

If you are installing clients using the operating system deployment feature, a client certificate might be required to complete the deployment process. The certificate must be created and then exported to a .PFX file so that it can be imported in Configuration Manager 2007 when configuring the operating system deployment. For more information about this scenario, see How to Export Certificates For Use With Operating System Deployment.

See Also