2

Our SCCM 2007 R2 environment, which runs in native mode, just had its PXE client certificates renewed. Now, the site server automatically blocks the old certificates, but it appears that there is no functionality to actually delete them.

I know it doesn't really affect anything other than aesthetics, but as we've had a few renewals now, the certificate list is getting long and cluttered (and unlike my desk, I like to try to keep our servers neat and organized). Does anyone know of a way to remove the old certs?

newmanth
  • 3,943
  • 4
  • 26
  • 47

1 Answers1

0

It kind of looks like there isn't a "supported" way to do this.

Remove PXE Certificate

It does mention possibly deleting the certificate from the sms_pxecertificateinfo WMI class. However, with how picky SCCM can be at times who knows if that will cause problems later down the road.

I have fortunately never had to deal with this as at my organization we use mixed mode and for the particular site I manage we do not use PXE either. That said if I find anything else new I will update this post. If I find the time I may do some testing on my test domain at home that does use native mode and PXE and all the good stuff.

I would certainly like to know if you find a real answer to this as if I ever do move to native mode, having multiple blocked, expired certificates would drive me nuts as well.

New Guy
  • 356
  • 2
  • 5
  • 13
  • I saw that post as well. I'm a little leery of trying it, since the WMI class does not expose a delete method (so that implies to me that MS didn't intend for the certs to be deleted). Oh well. I'll make an update if I discover additional information. – newmanth Mar 29 '12 at 13:59