PKI setup fails during Parallels Mac Management installation (CA is installed on Windows Server 2008)

0 users found this article helpful

Symptoms

Unable to complete Parallels Mac Management installation with a following error:

alttext

Cause

Invalid provider type specified for certificate template.

Resolution

To enable connection of Macs to HTTPS-enabled SCCM infrastructure those Macs should obtain certificates from Certificate Authority (CA) trusted by SCCM. PKI certificates secure the communication between the Mac computers and the Configuration Manager site by using mutual authentication and encrypted data transfers.

1. Creating a Certificate Template for Parallels Configuration Manager Proxy

  1. Open Certification Authority console by click Start → Administrative Tools → Certification Authority.

  2. Right click on Certificate Templates in Certification Authority (Local) → and click Manage.

  3. Right click on Web Server certificate template in templates list in Certificate Templates Console and click Duplicate Template in opened context menu.

  4. Choose Windows Server 2003 Enterprise and click OK in opened Duplicate Template dialog.

  5. Type name in Template display name field in General tab of Properties of New Template dialog.

  6. Ensure that Minimum key size is 2048 and check Allow private key to be exported in Request Handling tab of Properties of New Template dialog.

  7. Ensure that Supply in the request is chosen and check Use subject information from existing certificates for autoenrollment renewal requests in Subject Name tab of Properties of New Template dialog.

  8. Add Client Authentication to Description of Application Policies in Extensions tab of Properties of New Template dialog.

  9. Add computer, where CM Proxy is installed, and user, under which CM Proxy is being ran to Group or user names and grant them Enroll and Autoenroll permissions in Security tab of Properties of New Template dialog. Note: if user, under which CM Proxy is being ran, is LocalSystem - only computer name must be added.

  10. Click OK in Properties of New Template dialog

  11. Right click on Certificate Templates in Certification Authority (Local) → and click New → Certificate Template to Issue in opened context menu

  12. Select just created template for CM Proxy (PMM CM Proxy certificate) and click OK in Enable Certificate Templates dialog

Creating a Certificate Template for Mac Computers

  1. Open Certification Authority console by click Start → Administrative Tools → Certification Authority.

  2. Right click on Certificate Templates in Certification Authority (Local) → and click Manage.

  3. Right click on Workstation Authentication certificate template in templates list in Certificate Templates Console and click Duplicate Template in opened context menu.

  4. Choose Windows Server 2003 Enterprise and click OK in opened Duplicate Template dialog.

  5. Type name in Template display name field in General tab of Properties of New Template dialog.

  6. Ensure that Minimum key size is 2048 and check Allow private key to be exported in Request Handling tab of Properties of New Template dialog.

  7. Click on CSPs... button and select Requests must use one of the following CSPs: Microsoft DH SChannel Cryptographic Provider and Microsoft RSA SChannel Cryptographic Provider:

  8. Choose Supply in the request in Subject Name tab of Properties of New Template dialog and click OK in appeared Certificate Templates message.

  9. Check Use subject information from existing certificates for autoenrollment renewal requests in Subject Name tab of Properties of New Template dialog.

  10. Ensure that there is Client Authentication in Description of Application Policies in Extensions tab of Properties of New Template dialog.

  11. Add user, under which CM Proxy service is being ran and computer, where CM Proxy is installed (if user is Local System – add only computer), to Group or user names and grant them Enroll and Autoenroll permissions in Security tab of Properties of New Template dialog.

  12. Click OK in Properties of New Template dialog.

  13. Right click on Certificate Templates in Certification Authority (Local) → and click New → Certificate Template to Issue in opened context menu.

  14. Select just created template for CM Proxy (PMM Client certificate) and click OK in Enable Certificate Templates dialog.

Was this article helpful?

Tell us how we can improve it.