Enterprises who use PKI certificate for communication between Clients and SCCM server, often experience delay in client receiving certificate after OSD Task Sequence is completed. It takes the GPO to apply on systems and then client to fetch the certificate and sccm service to be restarted or system restarted once to get the initial communication working.

You can refer below steps and create a Task Sequence step to request a certificate during the OSD installation.

Once the OS in installed, the last reboot wilk trigger communication between client and SCCM server

STEP 1:

From a known working machine, find the name of Certificate Template used to request SCCM PKI Certificate.

To check TEMPLATE name

• You can either check directly from Local Machine Certificate Store or see the name of Certificate Template used
  
• Then use below command to confirm:
  
  • certutil -Template | find “CertificateTemplateCommonName“
    
• One the same machine delete the certificate and run below command to confirm that the certificate request is successful.
  

  You will have to restart the sccm service once to confirm.
  

  • Get-Certificate -Template ‘CertificateTemplateCommonName‘ -CertStoreLocation “Cert:\LocalMachine\My“
    

To Request Certificate from Template during OSD:

• Create a new step in Task Sequence using the PowerShell command and if you want to redirect the output for any logging purposes.
  
• Get-Certificate -Template ‘CertificateTemplateCommonName‘ -CertStoreLocation “Cert:\LocalMachine\My” -Verbose | fl * | Out-File C:\TempOSD\logs\CertEnroll.txt