we are still experiencing this problem for all fresh OS deployments.
Roundabout 1250 Clients got certificates in state "provisioning", though "automatically approve new certificates" is checked.
Manually Approving a certificate from state "provisioning" works fine, the client is then able to contact CSA.
0 Clients have certificates in state "unapproved"
1900 Client have certificates in state "approved"
we have the same problem and we need to manually approve certificates in Provisioning state. It is very annoying, but we live with it and hoping for fix in next releases :-)
It would be great if there was a solution.
P.S. If you start manually approving - do it in small batches - CSA does not like large amount if certs to be synchronized.
You can "auto authorise" new certificates -- that option is meant for use during large deployments and shouldn't be used as a default.
You can find that option at the bottom of the Client Access screen here:
One alternative to consider might be - set up a "dummy" Core server who's job it is to provision your boxes (with auto-accept) and install / change the agent config over to your "Production server" when you've got the boxes proisioned, for instance.
One way to do it ... it's one of those problems with enhanced security ... they do tend to come at a cost of convenience.
Hope that helps .
Thanks for your reply
Automatically approve new certificates is checked.
Sorry I didn't really make that clear and the screenshot didn't show it. Tried to say that by "We already auto-approve requests."
I did manually approve ~1300 Certificates stuck in "Provisioning" state yesterday, since then other OS deployments did take place. That's the current result:
I can't say I've run into that ... and the fact that this is something of a "systemic" event makes me wonder whether you're running afoul of a defect.
COULD be a config issue (I don't have the setup to proof of concept test this at the moment) -- ... but with such numbers / consistency, I'd argue it's possible you' ve run into some sort of defect possibly.
You may want to check in with support as a result (and let us know if this ends up being a defect with the defect ID).
Does that make sense?
we do have the same problem ...
LDMS 10.1.0.168 SU3 (2016.3.3)
When agent is installed manually it is automatically approved, when by provisioning it has the state "Provisioning"
Is there perhaps a step in provisioning, which can be triggered to approve or say the "provisioning is done" to CSA ?