Our SCCM 2007 R2 environment, which runs in native mode, just had its PXE client certificates renewed. Now, the site server automatically blocks the old certificates, but it appears that there is no functionality to actually delete them.
I know it doesn't really affect anything other than aesthetics, but as we've had a few renewals now, the certificate list is getting long and cluttered (and unlike my desk, I like to try to keep our servers neat and organized). Does anyone know of a way to remove the old certs?
It kind of looks like there isn't a "supported" way to do this.
Remove PXE Certificate
It does mention possibly deleting the certificate from the sms_pxecertificateinfo WMI class. However, with how picky SCCM can be at times who knows if that will cause problems later down the road.
I have fortunately never had to deal with this as at my organization we use mixed mode and for the particular site I manage we do not use PXE either. That said if I find anything else new I will update this post. If I find the time I may do some testing on my test domain at home that does use native mode and PXE and all the good stuff.
I would certainly like to know if you find a real answer to this as if I ever do move to native mode, having multiple blocked, expired certificates would drive me nuts as well.
How do I get the SCCM server to direct the clients so they get DHCP, and connect to the SCCM server?
Do I need to have the WDS role installed? Is this a requirement?
In short yes, "The Transport Server WDS role service is required for PXE support"
see: Planning for PXE Initiated Operating System Deployments
Also I think it's pretty important that you install WDS then do nothing else related to WDS. SCCM configures it for you.