Hello. I had one primary site server running 1903 set up using site code "S01". I have just migrated the data from the 1903 site on 2012 R2 to a 2103 site "S02" on a 2019 server. Also, I have upgraded the certificate server from SHA1 to SHA2 recently. After migrating and setting complete we have done a client push to three domains, two of them which are in the same forest have done the client push successfully but the remaining domain which is in a different forest with forest trust is still using the SHA1 certificate to do the client push and thus unable to install the client on the member machines in that domain. After deleting the SHA1 certificate on the targeted machine, the client push was successful but it failed again after adding the SHA1 certificate back. We are not able to delete the SHA1 certificate just yet so I'd like to ask how can I force the SCCM client to use the SHA2 certificate for client push and make the client push work? Thanks.
