Reassigning a Configuration Manager Client Across Hierarchies

Reassigning a Configuration Manager Client Across Hierarchies

  • Comments 2
  • Likes

[Today's post comes to us from Carol Bailey]

When you reassign a Configuration Manager client from one hierarchy to another, the client already has a trusted root key from its original hierarchy. Reassigning the client to a new hierarchy means that the client will also be assigned to a new management point. When both the trusted root key and the management point changes, by default, the client will become unmanaged. In this scenario, the Advanced Client component will send the status message ID 10822 to the site, with a description that it encountered a certificate for a management point that it could not verify. Additionally, the client log file Locationservices.log will display the following error: The trusted key, mp certificate and the mp machine have changed on server. The client cannot validate the authentication information.

If you want to just reassign a client to a new hierarchy without reinstalling it, you have two options:

Alternatively, when you reassign the client, you can also reinstall it by using a method that includes the trusted root key.  For example:

--Carol Bailey

This posting is provided "AS IS" with no warranties, and confers no rights.

 

Your comment has been posted.   Close
Thank you, your comment requires moderation so it may take a while to appear.   Close
Leave a Comment
  • In case you missed them, the following posts were published on the System Center Configuration Manager

  • we are migrating our clients to new domain. Our current sccm server is in native mode old domain. we built the new sccm server in mixed mode, .i am trying to find out what is the best way to migrate the clients to a new domain..i was thinking following

    create a new sccm client install group policy in new domain so when the machine joined the new domain then they get the new sccm client install policy and it overwrites the existing client with new one..when all the workstaitons are migrated also by that time they got the new workstation authtenticaton cert also..so then flip the switch the new sccm server to native mode?

    do i need to uninstall the existing client and then install the new one?