Issues With Packaging The Jabber Client For Mac

пятница 07 февраляadmin

Hi:
I would like to get certificates signed from private internal CA for Jabber clients. Cisco documentation says it requires HTTP/Tomcat for CUPS, HTTP/Tomcat for CUCM and UCXN[8.6].
The exiting Tomcat certificate has these two files: tomcat.pem, tomcat.der and a bunch of tomcat-trust certificates as well with associated files.
My question is is there any harm in generating a new tomcat certifcate or could I just generate CSR's for the two existing Tomcat files to be signed? When you generate a new Tomcat certificate does it create or overwrite the .pem and .der? I don't want to break anything in this process so looking for some feedback.
http://www.cisco.com/c/en/us/td/docs/voice_ip_comm/jabber/Windows/9_2_5/JABW_BK_CAAD3F25_00_cisco-jabber-for-windows-release-notes/JABW_BK_CAAD3F25_00_cisco-jabber-for-windows-release-notes_chapter_011.html

Generating a CSR for the Tomcat certificate and installing the signed certificate will replace the .pem/.der file you see listed. Once you sign the CSR and upload the final certificate, you'll need to restart Cisco Tomcat from the CLI for it to pickup the new cert. Anything that is in a -trust store is something that server will accept during a TLS/SSL handshake, not something it uses itself.

Similar Messages

Is there any way to bypass certificate validation and server identification for secure Channels or ChannelSets? I am aware of the existing workaround to import my own certificate into the user's CA chain, but I feel that having greater control on the client-side is preferred.
If there is not a way to bypass client-side certificate validation I will be filing this as a feature request at http://bugs.adobe.com
Thanks,
Karl
When producing a client-server solution it is occasionally useful to override the default behavior of HTTPS certificate validation and server identification. I would like to request the ability to override these systems in the AIR environment for applications installed with the 'UNRESTRICTED' system access option.
Simply allowing the use of self-signed certificates without verification (perhaps signified by a secure protocol identifier other than 'https') would provide adequate functionality, but some users may desire finer control.
This issue is partly addressed by bugs FP-711 and FP-214 but I feel it is important that any enhancement include the BlazeDS Channel in the case that the AIR application has unrestricted system access.
When deploying an AIR client application which is securely connected to a network appliance which is controlled by the same developer it is desirable to bypass the overhead of acquiring a PKI issued certificate for every customer. Independent, open-source, and not-for-profit developers could see increased ability to adopt the AIR platform with this improvement.
When deploying a network appliance to be used with an AIR application the requirement for a PKI issued certificate complicates the deployment of the network appliance by requiring DNS access, and thereby requiring Internet connectivity. Some customer sites require network isolation.
It is possible to generate a developer-specific certificate and import that certificate into the AIR client host's Trusted Root Certification Authorities list. This workaround deteriorates PKI best practices and complicates the installation of AIR software. It is not possible to depend solely on the '.air' packaging for installation with the added requirement to install a new CA on the user's host.
Java provides the requested functionality by allowing developers to provide their own implementations of javax.net.ssl.TrustManager for verification and javax.net.ssl.HostnameVerifier for identification. We have used this technique to communicate over the SDEE protocol with Cisco IDS devices which do not usually have PKI issued certificates.
Hi Robert,
No specific option to controle TOP/First features use.
However other options exist to control IQ resources.
Eg. Query_temp_sopace_limit, Query_Time, Max_IQ_Threads_Per_Connection, Max_Cartesian_Result.
Regards,
Tayeb.
hi,
is there any voice recording solution for the jabber client via expressway E?
seems there is no solution around, is it not supported?
is it possible to use TCS to record the calls made by external jabber client?
thanks.
1. Use span (no span-lessBridge_option) ports (via 'expressway c e' from outside)
2. Use span-lessBridge_option and VPN access to connect from outside (without expressway).
What protocol does the Jabber client use for SIP authentication? I assume it's using HTTP digest based authentication per the SIP standard. Is this true?
SIP authentication typically occurs over port 5060 (TCP, UDP, SCTP) or securely over 5061 (TLS) as per RFC3261 regarding SIP as a transport.
Cisco follows these same standards and refers to the ports used for SIP communication in the Jabber Video Admin Guide.
http://www.cisco.com/en/US/docs/telepresence/endpoint/movi/admin_guide/JabberVideo_Admin_Guide_4-4.pdf
- Scott
I know this should be simple, but I cannot figure this out. I have an AirportExtreme base station that provides my house with wireless. What I want to do is to provide internet access to a client that only has an ethernet connection.
Essentially, I just need the Airport Express to grab the wireless internet signal and send it through its ethernet port to my device. I don't want other wireless devices to connect to it..I'd prefer those only connect to the base station. Is this possible?
Thanks for any help!
Duane- thanks for the info. The AX is g and my TimeCapsule base station is n. So I guess I'll have to use the WDS feature. My network is already setup with WPA2/Personal security.
To clarify what I meant by not allowing wireless clients: I want the AX to just serve as an ethernet 'extension cord' a TiVo on the other side of the hosue (which only has an ethernet port). And I was thinking that since the AX is a G device, I'd rather my laptops use the base station as the wireless provider even if I'm closer the AX. Is that possible?
One last question, in setting up WDS, would I set the AX to be a remote or a relay? I'm not sure I know the difference between those two modes.
Hello everyone
today I am working on a mounted on a Red Hat Enterprise PKI
Linux Server release 5.5 (Tikanga) is Easycert 5.2.2.15. We need to know what are the necessary data that we have to go to the PKI so it can generate certificates of users in Active Directory for use with a USB Token (ACOS5-64 CHIP CRYPTO) functioning as Smart
Card to make the login of users on computers.
On the other hand also we need to know the necessary settings between the third party pki and the domains controllers (Windows 2012).
Greetings and I hope for you response.
TechCach
> It is for Windows 2012.
nothing changed since Windows Server 2003. Here is a KB article:
http://support2.microsoft.com/kb/281245
> Is
the
scenario
supported
by
microsoft?
yes, of course. See KB article above.
My weblog: en-us.sysadmins.lv
PowerShell PKI Module: pspki.codeplex.com
PowerShell Cmdlet Help Editor pscmdlethelpeditor.codeplex.com
Check out new: SSL Certificate Verifier
Check out new:
PowerShell FCIV tool.
Hi All,
i've configure cisco IM and Presence v10 integrated to CUCM v10 some service running well (UDS, CTI Deskphone, VM, Presence) but Jabber client cannot connect to Softphone (SIP) and i was configure ucsf(Client Service Framework) for jabber client.
please your advice.
thank you
Hi amit Kumar
thanks for your information and i've configure it. i found CTLSEP not found from wireshark capture .
Is there something wrong?
thank you
Hi,
I am trying to make an Http request through a proxy. So my code looks like:
System.setProperty('http.proxyHost', 'myproxy.hello.net');
System.setProperty('http.proxyPort', '8080');However, I believe this setting is now valid for the entire JVM. I do not want my setting to affect other programs that are running in the same JVM. The program I am writting is a servlet. So by setting the system properties I am affecting all other servlets under the same web container.
What I would like to know is whether there is a way to specify an http proxy to be used only for my connection.
It seems strange if there is no way to do this. Doesn't this raise synchronization issues as well? What if another servlet is trying to change the same system property at the same time?
Thanks in advance!
I see that the trick using
URL url = new URL('http', 'myproxy.hello.net', 8080, 'http://www.target.com:8000/');is not correct because it sends the proxy host as the Host HTTP header:
Host: myproxy.hello.net
instead of the final target. So it's very likely that the target or the proxy will get confused. Is there any other way of doing this?
THanks
I work for a foster care organization and cant decide on how long we should have our Validity period last. These certificates will be used for digitally signing word docs. The problem im running into is we have to keep adopted files for 100 years and
all other files for 7 years. We are moving all of our files to electronic format but cant decide how to handle the adoption files. Do we put the validity to 100 years? or shorter? But if it is shorter than how do we manage when employees leave and then the
certs become invalid after so and so years. Is that acceptable to have the cert expire but leave the docs published?
Running server 2008 r2 and windows 7
Hi,
Based on my research, it is not recommended to configure the certificate validity for too long, because the longer validity period brings the greater risk of the certificate being exposed.
Another thing is that every Certificate Authority (CA) has its own certificate, so every CA has built-in
expiration date.
Certificate Services enforces a rule that a CA never issues a certificate to be valid
beyond the expiration date of its own certificate.
Therefore, once the CA’s certificate expired, all certificates issued by it became invalid.
Actually you can just configure an appropriate validity to certificates, not too long or too short, the certificates can be renewed by CA, and CA’s certificate can also be
renewed. As long as Certificates Services are running smoothly, there won’t be issues about your document signing.
Here are some related links below that could be useful to you:
Renew a Certificate
http://technet.microsoft.com/en-us/library/cc730605.aspx
Renewing a certification authority
http://technet.microsoft.com/en-us/library/cc740209(v=WS.10).aspx
Certificate Services Best practices
http://technet.microsoft.com/en-us/library/cc738786(v=WS.10).aspx
Certificate validity period:
http://social.technet.microsoft.com/Forums/windowsserver/en-US/b82a18eb-1597-4cfc-bf8d-71360ee91e81/certificate-validity-period?forum=winserversecurity
I hope this helps.
Best Regards,
Amy Wang
I'm setting up DAP rules for AnyConnect clients. When I set the default policy to terminate, I get the right results from AnyConnect connections, but all IPSec clients cannont connect. I know I need to set up a DAP rule for IPSec clients to allow them through, but can't remember how to set that up.
Ok, that worked. Follow-up question though. So the only thing I'm looking at doing right now is setting up a policy to look at Anti-virus and disallow if the signature is more than a week old. Works fine with the AnyConnect. But if I add that to the IPSec rule (app = ipsec and av exists (< 7 days), it won't let the IPSec client connect at all. I seem to recall something about if we're doing posturing with IPSec client, we have to use endpoint assesment or pre-login policy? Is that the case; it would be nice to do it all w/in one DAP rule.
Thanks
Brian
Hello,
I want to setup OS X Server to serve as an authentication server for Mac-, Windows- and Linux-clients. I have the services DHCP, DNS, OpenDirectory (as Open Directory Master) and Windows (as PDC) running.
So far there is no problem to login on the three different platforms via LDAP. In WGM I set the home directory for Mac-clients and activated the virtual homes feature for windows. On both clients I get the network home functional but on the linux client the home does not appear.
How do I configure the server to realize that? I thought that the linux clients would use the samba share that the windows clients use.
iMac G5 (iSight) 20' Mac OS X (10.4.6)
When you log in to the linux machine, do you get an error that states that the home directory for the user cannot be found? That error message should give you the path that is set in the LDAP directory as the home directory for that user. This directory needs to be added to the Linux filesystem, and then the Users folder on the OS X Server needs to be NFS mounted (rw) on the Linux machine.
For ease of transition, I softlink /home to this directory on the Linux machines.
I have installed on my Windows 7 (64 bit Professional w/SP1)
a Self-Signed CA (IDS_MstrCert) that has been accepted by the system certificate 'store'. via mmc & certmgr
I generated this CA on my Redhat Linux 7 server using the openssl utilities.
It shows: This certificate is intended for the following purpose(s):
All issuance policies
All application policies
It is enabled for ALL purposes (However I did not generate with ALL purpose set)
Under Certification Path:
Certificate Status: This Certificate is OK
I have also installed a Client Certificate (winxclient) (also generated by my Redhat Linux 7 server)
That has been 'signed' by my CA (IDS_MstrCert)
I added it successfully to the system certificate 'store' via mmc & certmgr.
However when I open the certificate I see the following message: This Certificate not valid for the selected purpose
When I view the Certificate path I see the following:
IDS_CA (friendly name for the CA)
-----> VPNIKEv2cli (friendly name for the client certificate)
Certificate Status: This certificate is OK
In the Intended Purposes field: ServerAuthentication, ClientAuthentication
How do I resolve this problem ? This Certificate not valid for the selected purpose
When I attempt my vpn/ikev2 connection (using machine certificates) I get the 13806 error.
Best Regards
Guy Rich
Hi,
In my opinion, this is not Windows system problem. You need to make troubleshoot with the Certificate.
I made a research with this error message, the link below might be helpful:
http://support.persits.com/show.asp?code=PS030304105
Please remember to mark the replies as answers if they help, and unmark the answers if they provide no help. If you have feedback for TechNet Support, contact [email protected]
I've just purchased a third gen iPad and I'd like to be able to use the VPN connection in conjunction with an iChat client to communicate with my office's internal iChat/jabber server. However, none of the apps I've tried are able to successfully connect? I've tried Monal, IM+, IMO, munduIM OSE and Talkonaut. No joy.
I use Messages (beta) on the desktop, but there's no way to setup anything other than an Apple ID in Messages on the iPad. I'd love to keep it unified.
Any thoughts or suggestions? I've heard that Beejive is the way to go, but (call me a cheapskate) I don't want to pay for another app just to find out it won't do what I want!
You almost certainly have a misconfigured router/firewall for jabber. I can confirm that OS X Lion Server works with the iPad and iPhone IM apps imo and BeeJiveIM.
To track down your problem, which almost certainly is simply a port getting blocked or not forwarded at some point between your router and server, I'd suggest getting an nmap executable (e.g., get Xcode via app store, then macports, then sudo port install nmap) and download the old feature-rich Airport Utility 5.6 from Apple. First try this:
$ nmap -p 5222 localhost
$ nmap -p 5222 server_ip_on_LAN
$ nmap -p 5222 server_ip_on_INTERNET
This port should be open for each probe. When I first set up my server, Messages beta added a port forwarding entry on my Airport router, but this had a duplicate entry with another port forward, so I had to use Airport Utility 5.6 to track down and delete the superfluous port forward entry. I also had to use Server Admin to open all the iChat ports.
One thing I was hoping for is an iOS app that supports video/voice over jabber, but all the apps I see are strictly IM. Can anyone recommend an app for this?
hello all,
i've just deployed os x server 10.5 (standard configuration, upgraded to 10.5.3) and i have some users that are using ms windows. i can't seem to get google talk or any other windows jabber clients to successfully connect to the ichat server. i've tried to use the same server settings that i'm using when i create a new jabber account in ichat with google talk and a few others with no success. am i missing something? does anyone know of a windows jabber client that is currently working? if so, can you also share with me your findings (the settings or best practices for setting up this windows jabber client). the os x server ichat docs state several times that google talk should work. but after some research here, it looks as if it doesn't current work. any insight would be greatly appreciated.
thanks,
tsul
Message was edited by: tsul
I think Pidgin is the solution for you. It's quite easy to configure and seems quite reliable! It works well for me. I have use a portable version of it to connect from Windows XP/2000 to a 10.5.3 Server.
http://www.pidgin.im/
Hi ,
I am facing cache issue with Cisco Jabber client for Windows. If I do any change related to modification or deletion of contacts in Active Directory/ Callmanager, it does not reflect in the Jabber. Because jabber takes the contacts from the locally stored cache file in the Windows system.
Every time I have to remove the cache file to overcome this issue, practically it's not possible to do the same with all the Widows users. As, if any employee leaves the company and still I can see his contact appears in the 'Cisco Jabber client'. I have not seen this issue with Android/Apple iOS.
Is there any automated way to remove the cache file?
Here is the detail of CUCM,Presence and Jabber.
CUCM version: 9.1.x
Presence : 9.1.X
Jabber : 10.5 and 10.6
Hello
On our environment we had to install a dedicated Microsoft Certificate Authority 'just for Cisco Jabber usage' to house the
Network Device Enrollment Service.
Our certificate for the CUPS were generated on this Certification Authority too.
I discussed this certificate matter with my colleagues this afternoon and nobody seems to remember how these certificates were deployed into the
Enterprise Trust store for the users.
But I think they asked all 400 users to accept the 3 certificates by answering 'yes' to the popup instead of using a script deployed by GPO..
I wish you success with that deployment and really hope you have a technical partner that *Knows* this subject.
Our partner left us alone with that unfortunately.
Florent
EDIT: If the 'Certutil script method' works, please let me know. This could be useful in our own deployment.

Configure client settings

Use the default client settings to configure enrollment for Mac computers. You can't use custom client settings. To request and install the certificate, the Configuration Manager client for Mac requires the default client settings.

In the Configuration Manager console, go to the Administration workspace. Select the Client Settings node, and then select Default Client Settings.
On the Home tab of the ribbon, in the Properties group, choose Properties.
Select the Enrollment section, and then configure the following settings:
1. Allow users to enroll mobile devices and Mac computers: Yes
2. Enrollment profile: Choose Set Profile.
In the Mobile Device Enrollment Profile dialog box, choose Create.
In the Create Enrollment Profile dialog box, enter a name for this enrollment profile. Then configure the Management site code. Select the Configuration Manager primary site that contains the management points for these Mac computers.
Note
If you can't select the site, make sure that you configure at least one management point in the site to support mobile devices.
Choose Add.
In the Add Certification Authority for Mobile Devices window, select the certification authority server that issues certificates to Mac computers.
In the Create Enrollment Profile dialog box, select the Mac computer certificate template that you previously created.
Select OK to close the Enrollment Profile dialog box, and then the Default Client Settings dialog box.
Tip
If you want to change the client policy interval, use Client policy polling interval in the Client Policy client setting group.

The next time the devices download client policy, Configuration Manager applies these settings for all users. To initiate policy retrieval for a single client, see Initiate policy retrieval for a Configuration Manager client.

In addition to the enrollment client settings, make sure that you have configured the following client device settings:

Hardware inventory: Enable and configure this feature if you want to collect hardware inventory from Mac and Windows client computers. For more information, see How to extend hardware inventory.
Compliance settings: Enable and configure this feature if you want to evaluate and remediate settings on Mac and Windows client computers. For more information, see Plan for and configure compliance settings.

For more information, see How to configure client settings.

Download the client for macOS

Download the macOS client file package, Microsoft Endpoint Configuration Manager - macOS Client (64-bit). Save ConfigmgrMacClient.msi to a computer that runs Windows. This file isn't on the Configuration Manager installation media.
Run the installer on the Windows computer. Extract the Mac client package, Macclient.dmg, to a folder on the local disk. The default path is C:Program FilesMicrosoftSystem Center Configuration Manager for Mac client.
Copy the Macclient.dmg file to a folder on the Mac computer.
On the Mac computer, run Macclient.dmg to extract the files to a folder on the local disk.
In the folder, make sure that it contains the following files:
- Ccmsetup: Installs the Configuration Manager client on your Mac computers using CMClient.pkg
- CMDiagnostics: Collects diagnostic information related to the Configuration Manager client on your Mac computers
- CMUninstall: Uninstalls the client from your Mac computers
- CMAppUtil: Converts Apple application packages into a format that you can deploy as a Configuration Manager application
- CMEnroll: Requests and installs the client certificate for a Mac computer so that you can then install the Configuration Manager client

Enroll the Mac client

Enroll individual clients with the Mac computer enrollment wizard.

To automate enrollment for many clients, use the CMEnroll tool.

Enroll the client with the Mac computer enrollment wizard

After you install the client, the Computer Enrollment wizard opens. To manually start the wizard, select Enroll from the Configuration Manager preference page.
On the second page of the wizard, provide the following information:
- User name: The user name can be in the following formats:
  - domainname. For example: contosomnorth
  - user@domain. For example: mnorth@contoso.com
    Important
    When you use an email address to populate the User name field, Configuration Manager automatically populates the Server name field. It uses the default name of the enrollment proxy point server and the domain name of the email address. If these names don't match the name of the enrollment proxy point server, fix the Server name during enrollment.
    The user name and corresponding password must match an Active Directory user account that has Read and Enroll permissions on the Mac client certificate template.
- Server name: The name of the enrollment proxy point server.

Client and certificate automation with CMEnroll

Use this procedure for automation of client installation and requesting and enrollment of client certificates with the CMEnroll tool. To run the tool, you must have an Active Directory user account.

Lenovo g580 network controller drivers for mac. Windows Vista Home Basic. Windows 10 Mobile. Windows Vista Enterprise (Microsoft Windows NT 6.0.6000.0). Please Note: There are particular operating systems known to have problems with Lenovo G Series Laptops Lenovo G580 - 2189:.

On the Mac computer, navigate to the folder where you extracted the contents of the Macclient.dmg file.
Enter the following command: sudo ./ccmsetup
Wait until you see the Completed installation message. Although the installer displays a message that you must restart now, don't restart, and continue to the next step.
From the Tools folder on the Mac computer, type the following command: sudo ./CMEnroll -s <enrollment_proxy_server_name> -ignorecertchainvalidation -u '<user_name>'
After the client installs, the Mac Computer Enrollment wizard opens to help you enroll the Mac computer. For more information, see Enroll the client by using the Mac computer enrollment wizard.
Example: If the enrollment proxy point server is named server02.contoso.com, and you grant contosomnorth permissions for the Mac client certificate template, type the following command: sudo ./CMEnroll -s server02.contoso.com -ignorecertchainvalidation -u 'contosomnorth'
Note
If the user name includes any of the following characters, enrollment fails: <>'+=,. Use an out-of-band certificate with a user name that doesn't include these characters.
For a more seamless user experience, script the installation steps. Then users only have to supply their user name and password.
Type the password for the Active Directory user account. When you enter this command, it prompts for two passwords. The first password is for the super user account to run the command. The second prompt is for the Active Directory user account. The prompts look identical, so make sure that you specify them in the correct sequence.
Wait until you see the Successfully enrolled message.
To limit the enrolled certificate to Configuration Manager, on the Mac computer, open a terminal window and make the following changes:
1. Enter the command sudo /Applications/Utilities/Keychain Access.app/Contents/MacOS/Keychain Access
2. In the Keychain Access window, in the Keychains section, choose System. Then in the Category section, choose Keys.
3. Expand the keys to view the client certificates. Find the certificate with a private key that you installed, and open the key.
4. On the Access Control tab, choose Confirm before allowing access.
5. Browse to /Library/Application Support/Microsoft/CCM, select CCMClient, and then choose Add.
6. Choose Save Changes and close the Keychain Access dialog box.
Restart the Mac computer.

To verify that the client installation is successful, open the Configuration Manager item in System Preferences on the Mac computer. Also update and view the All Systems collection in the Configuration Manager console. Confirm that the Mac computer appears in this collection as a managed client.

Tip

To help troubleshoot the Mac client, use the CMDiagnostics tool included with the Mac client package. Use it to collect the following diagnostic information:

A list of running processes
The Mac OS X operating system version
Mac OS X crash reports relating to the Configuration Manager client including CCM*.crash and System Preference.crash.
The Bill of Materials (BOM) file and property list (.plist) file created by the Configuration Manager client installation.
The contents of the folder /Library/Application Support/Microsoft/CCM/Logs.

The information collected by CmDiagnostics is added to a zip file that is saved to the desktop of the computer and is named cmdiag-<hostname>-<datetime>.zip

Manage certificates external to Configuration Manager

You can use a certificate request and installation method independent from Configuration Manager. Use the same general process, but include the following additional steps:

When you install the Configuration Manager client, use the MP and SubjectName command-line options. Enter the following command: sudo ./ccmsetup -MP <management point internet FQDN> -SubjectName <certificate subject name>. The certificate subject name is case-sensitive, so type it exactly as it appears in the certificate details.
Example: The management point's internet FQDN is server03.contoso.com. The Mac client certificate has the FQDN of mac12.contoso.com as a common name in the certificate subject. Use the following command: sudo ./ccmsetup -MP server03.contoso.com -SubjectName mac12.contoso.com
If you have more than one certificate that contains the same subject value, specify the certificate serial number to use for the Configuration Manager client. Use the following command: sudo defaults write com.microsoft.ccmclient SerialNumber -data '<serial number>'.
For example: sudo defaults write com.microsoft.ccmclient SerialNumber -data '17D4391A00000003DB'

Renew the Mac client certificate

This procedure removes the SMSID. The Configuration Manager client for Mac requires a new ID to use a new or renewed certificate.

Important

After you replace the client SMSID, when you delete the old resource in the Configuration Manager console, you also delete any stored client history. For example, hardware inventory history for that client.

Create and populate a device collection for the Mac computers that must renew the computer certificates.
In the Assets and Compliance workspace, start the Create Configuration Item Wizard.
On the General page of the wizard, specify the following information:
- Name: Remove SMSID for Mac
- Type: Mac OS X
On the Supported Platforms page, select all Mac OS X versions.
On the Settings page, select New. In the Create Setting window, specify the following information:
- Name: Remove SMSID for Mac
- Setting type: Script
- Data type: String
In the Create Setting window, for Discovery script, select Add script. This action specifies a script to discover Mac computers configured with an SMSID.
In the Edit Discovery Script window, enter the following shell script:
Choose OK to close the Edit Discovery Script window.
In the Create Setting window, for Remediation script (optional), choose Add script. This action specifies a script to remove the SMSID when it's found on Mac computers.
In the Create Remediation Script window, enter the following shell script:
Choose OK to close the Create Remediation Script window.
On the Compliance Rules page, choose New. Then in the Create Rule window, specify the following information:
- Name: Remove SMSID for Mac
- Selected setting: Choose Browse and then select the discovery script that you previously specified.
- In the following values field: The domain/default pair of (com.microsoft.ccmclient, SMSID) does not exist.
- Enable the option to Run the specified remediation script when this setting is noncompliant.
Complete the wizard.
Create a configuration baseline that contains this configuration item. Deploy the baseline to the target collection.
For more information, see How to create configuration baselines.
After you install a new certificate on Mac computers that have the SMSID removed, run the following command to configure the client to use the new certificate:

Issues With Packaging The Jabber Client For Mac

Issues With Packaging The Jabber Client For Mac

Similar Messages

Maybe you are looking for

Configure client settings

Download the client for macOS

Enroll the Mac client

Enroll the client with the Mac computer enrollment wizard

Client and certificate automation with CMEnroll

Manage certificates external to Configuration Manager

Renew the Mac client certificate

See also