If your Configuration Manager 2007 hierarchy contains computers that are configured with computer names that use double-byte character sets (DBCS) and your sites will be configured for native mode, you might need to take additional configuration steps before these computers can operate in native mode.

Public key infrastructure standards do not currently allow for double-byte character sets, which affects the following computers in a native mode Configuration Manager 2007 site:

The four site systems use Secure Sockets Layer (SSL) and therefore must be configured with a certificate that contains the server name in the subject name or the subject alternative name. This server name must match the server name configured in Configuration Manager 2007. If these site systems in Configuration Manager 2007 are configured with computer names that contain double-byte characters, rename them so that they have computer names using only single-byte characters.

Client certificates for native mode require a unique value in the certificate subject name or the certificate subject alternative name. This unique value does not have to contain the computer name, although this is usual practice and the default value if you are deploying client certificates with a Microsoft Enterprise certification authority, using templates and autoenrollment with Group Policy.

When you have clients that are configured with computer names that consist of double-byte characters, ensure that client certificates do not use double-byte characters for their unique value. If you are using a Microsoft public key infrastructure (PKI) Enterprise certification authority, some possible solutions are as follows:

If you are using a non-Microsoft PKI solution, consult your PKI documentation for solutions on how to generate client certificates that do not use double-byte character sets.

See Also