Failed To Get A Non Empty Installation Appid

admin

System Center Configuration Manager 1706 simplified the capability to install (bootstrap) the client over internet, this blog post walks through two scenarios -

  1. AAD joined device – Modern management of Windows 10 devices leveraging Azure.
  2. Workgroup device – Servers on DMZ without corporate network access

The table below lists the requirements for each scenario -

Scenario

Client PKI

Cloud DP

CMG

HTTPS MP

Sync AAD Users

Azure Web/Client Apps

Intune

AAD Joined Device

No

Yes

Yes

Yes

Yes

Yes

Yes (Optional)

Workgroup Device

Yes

Yes

Yes

No

No

No

No

Client PKI -

App ID and password. Bot security is configured by the Microsoft App ID and Microsoft App Password that you obtain when you register your bot with the Bot Framework. These values are typically specified within the bot's configuration file and used to retrieve access tokens from the Microsoft Account service.

For AAD Joined devices you don't need one as ConfigMgr leverages Azure authentication

For Workgroup devices, we need a PKI certificate from an internal CA or Public CA.

Cloud DP –

Required for both the scenarios to provide content.

Instructions to setup a Cloud DP - https://social.technet.microsoft.com/wiki/contents/articles/37914.cloud-distribution-point-part-1.aspx

Additional Reference -

CMG –

Required for both the scenarios. Oracle bi publisher report.

Instructions to setup a CMG - https://blogs.technet.microsoft.com/arnabm/2016/12/19/step-by-step-cloud-management-gateway/

Additional Reference -

HTTPS MP –

Required only for AAD Joined Devices to authenticate in an absence of a PKI certificate.

Its optional for Workgroup Devices but recommended.

Sync AAD Users & Azure Web/Client Apps

Required only for AAD Joined Devices.

Instructions to create Azure Web & Client Apps and sync AAD Users - https://blogs.technet.microsoft.com/arnabm/2017/06/10/modern-management-of-internet-clients/

Intune –

For AAD Joined devices to push the ConfigMgr agent (CCMSetup.MSI), the source files will be downloaded from the CMG. Refer the above blog post for instructions to deploy applications via Intune.

If you don't have Intune, leverage an alternate tool to push CCMSetup.exe/msi [Refer the command lines below]

#AAD Command Line

ccmsetup.exe /nocrlcheck /mp:https://CONTOSO.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037937951 CCMHOSTNAME=CONTOSO.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037937951 SMSMP=https://remote1.contoso.net SMSSiteCode=CS1 AADTENANTID=256ed977-4388-a224-3d441dfb0def AADTENANTNAME=Contoso AADCLIENTAPPID=45b4c32c-89f9-4770-8a8b-a37d34fd2632 AADRESOURCEURI=https://contoso.onmicrosoft.com/d098acfa-8874-4ef6-a610-07440fb52c7c

#AAD Command Line for Intune [uses CCMSetup.MSI, below are parameters for the MSI]

Internal error failed to get a non empty installation appid

CCMSETUPCMD='/nocrlcheck /mp:https://CONTOSO.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037937951 CCMHOSTNAME=CONTOSO.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037937951 SMSMP=https://remote1.contoso.net SMSSiteCode=CS1 AADTENANTID=256ed977-4388-a224-3d441dfb0def AADTENANTNAME=Contoso AADCLIENTAPPID=45b4c32c-89f9-4770-8a8b-a37d34fd2632 AADRESOURCEURI=https://contoso.onmicrosoft.com/d098acfa-8874-4ef6-a610-07440fb52c7c'

#Workgroup Command Line

ccmsetup.exe /nocrlcheck /mp:https://CONTOSO.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037937951 CCMHOSTNAME=CONTOSO.CLOUDAPP.NET/CCM_Proxy_MutualAuth/72057594037937951 SMSSiteCode=CS1 /UsePKICert CCMALWAYSINF=1

Table reference for command line switch –

Thanks,

Arnab Mitra