I'm having some troubles getting SCS up and running with these options.

1. Integrated with Active Directory

2. Remote configuration of the clients.

3. TLS authentication (prefer mutual).

My main confusion is over the certificates and where they come into play. I've obtained a verisign certificate and have validated that verisign is one of the built in hashes for my client devices. I've installed the certificate on the SCS server and ran the loadcert utility.

Now for TLS. I think for TLS I have to use an internal certificate from my PKI server. I've requested a certificate for my SCS server and installed it for the website running the AMTSCS and AMTSCS-RCFG. At this point it's confusing to me how to setup the profile for my devices. What Entries go into the "TLS Server Certificate Details" fields and what needs to be setup under the "Mutual Authentication" button.

I ran the RCT utility on the client to start the configuration process and I'm real close. I was able to successfully get a system to the "Provisioned" stateand verified the device was added to active directory. One thing that seems wrong to me is the "Authorized" field is false.Immediately afterthis theSCS server started logging messages that it is unable to communicate with the device. I'm getting exception messages stating"there is another process currently working on the device" and also SOAP (22) errors.

I cannot connect to theclient in a browser (port 16992 or 16993). But I can telnet to those ports and get a response

I'm running 3.1.0.7 of SCS. Since I'm just getting started if it would be beneficial to upgrade to 3.2 I can do so without a problem.