VRMGuestAgent on Server 2012 R2 deployed via SCCM 2012 Task Seqeunce - [info] [ssl client] Client certificate chain filenot specified

Afternoon,

I have a vRa/vCo setup that deploys Server 2012 R2 by building the VM, pre-provisioning its AD object, adding it to a collection in SCCM and then starting it. This will then run the Task Sequence to deploy the OS. This is working fine.

I want to install and configure the VRMGuestAgent to run some post SCCM deployment tasks. I'm calling it this as this is the folder name it needs to be installed to according to the document. I have version 6.2.2.4020.

I provision a new machine as above and then log in locally. I copy the VRMGuestAgent folder to the root of C:\ and run winservice.exe -i -h <FQDN of IAAS Server>:443 -p ssl to install the Service. I start the service and run doagentsvc.bat. This populates a 2KB cert.pem file eventually.

C:\VRMGuestAgent\axis2\logs\gugent-axis.log has the line:

[info]  [ssl client] Client certificate chain filenot specified in it.

C:\VRMGuestAgent\GuestAgent.log repeats the two lines

Application.MachineQuery: [Information] uuid = 971e1e42-7d5b-d485-6341-06ae15cfce7c

Application: [Debug] Uninitializing subsystem: Logging Subsystem

I can run C:\VRMGuestAgent\bin>openssl.exe s_client -connect <FQDN of IAAS Server>:443 and get the two errors

verify error:num=20:unable to get local issuer certificate

verify error:num=21:unable to verify the first certificate

IaaS is running on a windows server 2012 machine and the IIS website is for some reason secured by a self signed cert that looks like: IaaS-20150414113240. If I change the cert to one issued to the IaaS server by our CA infrastructure and run C:\VRMGuestAgent\bin>openssl.exe s_client -connect <FQDN of IAAS Server>:443 I still get errors. If I add the switch -CAfile and point to a root CA cert converted to .pem it validates everything successfully.

Either way, doagentsvc.bat has the line c:\VRMGuestAgent\DynamicOps.Agent.Guest.exe /host=<FQDN of IAAS Server>::443 /ssl /config=c:\VRMGuestAgent\gugent.properties /script=c:\VRMGuestAgent\site and this doesn't work as it never pulls down the workitem.xml file. I think its to do with the certificate chain error from gugent-axis.log.

I have:

opened firewall ports for 443. also testing on a network with no firewall

disabled tls 1.2 compliance on the IaaS server 2012 R2 box

Any ideas/guides on getting this working would be greatly appreciated

Cheers,

Rob.