How to add Configuration Manager Distribution Point Remotely with PowerShell

If you are trying to add a Configuration Manager Distribution Point remotely you may end up with issue:

WARNING: The self-signed certificate could not be created successfully

Validation of input parameters failed. Cannot Continue

DP_Certificate_Issue

Code example

Invoke-Command -ScriptBlock { #Step 1 Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") #Step 2 $SiteCode = Get-PSDrive -PSProvider CMSITE #Step 3 Set-Location "$($SiteCode.Name):\" #Step 4 Add-CMDistributionPoint -SiteSystemServerName TestServer.corp.viamonstra.com -SiteCode $SiteCode.Name ` -ClientConnectionType Intranet -MinimumFreeSpaceMB 50 -PrimaryContentLibraryLocation Automatic ` -SecondaryContentLibraryLocation Automatic -PrimaryPackageShareLocation Automatic -EnablePxeSupport ` -SecondaryPackageShareLocation Automatic -CertificateExpirationTimeUtc ((Get-Date).AddYears(100)) -ErrorAction STOP } -ComputerName CM01.corp.viamonstra.com

If you take same code and run it locally on your Primary Site Server, then it works correctly but what is the problem then? The problem is that you haven’t enabled CredSSP on your site server and your admin PC. There are so many different posts in internet that explains the second hop scenario and I will not explain it in this but you can read it from here .

To fix this problem you need to run this command on you admin PC. Please change the DeletegateComputer parameter value

Enable-WSManCredSSP -Role Client -DelegateComputer *.corp.viamonstra.com -Force

And this command on your Primary Site Server

Enable-WSManCredSSP -Role Server -Force

To add the Distribution Point successfully remotely you need to execute the Invoke-Command like that

Invoke-Command -ScriptBlock { #Step 1 Import-Module $env:SMS_ADMIN_UI_PATH.Replace("\bin\i386","\bin\configurationmanager.psd1") #Step 2 $SiteCode = Get-PSDrive -PSProvider CMSITE #Step 3 Set-Location "$($SiteCode.Name):\" #Step 4 Add-CMDistributionPoint -SiteSystemServerName TestServer.corp.viamonstra.com -SiteCode $SiteCode.Name ` -ClientConnectionType Intranet -MinimumFreeSpaceMB 50 -PrimaryContentLibraryLocation Automatic ` -SecondaryContentLibraryLocation Automatic -PrimaryPackageShareLocation Automatic -EnablePxeSupport ` -SecondaryPackageShareLocation Automatic -CertificateExpirationTimeUtc ((Get-Date).AddYears(100)) -ErrorAction STOP } -ComputerName CM01.corp.viamonstra.com -Credential (Get-Credential) -Authentication Credssp

Happy Scripting :)


Comments (%):

  1. Travis Knight says:

    Hello:

    Thanks for this valuable post. However, CredSSP is not solving “WARNING: The self-signed certificate could not be created successfully” for me. I can successfully execute with one account (mine), but not with a service account. It seems to be related to CM permission/Role (though is a Full Administrator) or something with the svc account Windows profile. Just can’t nail it down. Any additional insight would be appreciated.

    Cheers

Leave a Reply