Home Remote Manage

SSL in Remote Manage

Austin_WongCarterAustin_WongCarter Customer IT Monkey ✭
edited April 2017 in Remote Manage
I saw that SSL is enabled in Remote manage, but I am having trouble making it work because the FQDN is the Common Name in a computer certificate. 

I can connect to the computer using the FQDN ComputerName.domain.com, but It won't give me any information from the SCCM Server, OR I can connect to the computer using ComputerName and it will pull the Device collections, but give an error:
"The SSL certificate contains a common name (CN) that does not match the hostname." and not populate any information from the computer itself.

Any ideas?

Answers

  • jtuffinjtuffin Member IT Monkey ✭
    I too have the same issue. We have WinRM locked down to SSL only so we are forced to use SSL.

    Like you mentioned if I enter the FQDN of the machine it connects but then SCCM won't find the object. If I try to connect without the FQDN SCCM finds the object but Remote Manage fails to connect because of the mismatch to the certificate.

    A solution to this would be great so we can trial this tool.

    Thanks

    Joel
  • Austin_WongCarterAustin_WongCarter Customer IT Monkey ✭
    I've been debating trying to create a cert that would include the NetBIOS name as an alternative name, I think that would work, but I'm not sure security would like it.
  • wally_meadwally_mead Member Advanced IT Monkey ✭✭✭
    Hi guys,

    I honestly don't know that answer to this, but will ask the dev of the tool who implemented the SSL support if he knows how that is to work. Either he or I will update when we have something else to share.

    Wally
  • F_ChristiansenF_Christiansen Cireson Dev Advanced IT Monkey ✭✭✭
    Hi guys,

    Wally pinged me on this and you are right; there is an issue with getting collections and inventory data from ConfigMgr when using SSL with FQDN as specified client name.

    The suggest @Austin_WongCarter has with a certificate including the netbios name would solve it if such certificate can be created.
    The problem is that ConfigMgr expects a netbios name for the client and we are not converting the FQDN into that currently.

    We will fix this issue in an upcoming release.

    Best regards
    Flemming Appelon Christiansen
This discussion has been closed.