Setting up PKI Certs for a new SCCM instance in an environment with a SCCM server setup with PKI. I followed the directions from here: https://www.windows-noob.com/forums/topic/16301-how-can-i-configure-system-center-configuration-manager-in-https-mode-pki-part-2/
This is the 4th time I have followed these directions to a tee and the first time having an issue.
The Clients will not change to PKI. I get a bunch of errors that point to a certificate issue.
To start - on the Site Server MPCONTROL.log - I see the entry Call to HttpSendRequestSync failed for port 443 with status code 403, text: Forbidden
The WCM.log, SIteComp.log and MPSetup.log show no errors.
I verified on the Client side that the SCCM Client Certificate is listed.
The ClientIDManagerSTartup.log shows a Client PKI cert available, but has RegTask: Failed to send registration request message. Error: 0x87d00231 and RegTask: Failed to send registration request. Error: 0x87d00231 listed over and over.
On the Site Server, I tried going to https://serverfqdn/SMS_MP/.SMSAUT?MPLIST and it prompts me to choose one of two certs.
I ran the netsh show http sslcert command and it does not show the 0.0.0.:443 entry - only the 8531 entry.
I am almost certain this is a old cert issue, but have not been able to figure out the solution. 98723-mpcontrol.log

