Windows Server 2008 R2 gives error after installation: The ConfigMgr Advanced Client received policy that could not be verified.
I installed 2 2008 R2 servers and did an install of the sccm client.
As soon as the client was installed the errors came.
The client has no advertisments assigned
-------------------------------------------------------------------------------------------------------------------------------
The ConfigMgr Advanced Client received policy that could not be verified.
The following errors are seen in de policyagent log
Requesting policy from authority 'SMS:VEL' PolicyAgent_RequestAssignments 23-9-2009 15:11:33 1120 (0x0460)
Raising event:instance of CCM_PolicyAgent_AssignmentsRequested
{
AuthorityName = "SMS:VEL";
ClientID = "GUID:ED09C70C-80D0-4456-B297-1DA047562E6E";
DateTime = "20090923131133.528000+000";
ProcessID = 736;
ResourceName = "S031-1039";
ResourceType = "Machine";
ThreadID = 1120;
};
PolicyAgent_RequestAssignments 23-9-2009 15:11:33 1120 (0x0460)
Processing Machine assignments from 'SMS:VEL'. The new cookie is '2009-09-23 00:05:48.553'. PolicyAgent_ReplyAssignments 23-9-2009 15:11:33 1280 (0x0500)
Raising event:instance of CCM_PolicyAgent_AssignmentsReceived
{
AuthorityName = "SMS:VEL";
ClientID = "GUID:ED09C70C-80D0-4456-B297-1DA047562E6E";
DateTime = "20090923131133.665000+000";
ProcessID = 736;
ReplyType = "Full";
ResourceName = "S031-1039";
ResourceType = "Machine";
ThreadID = 1280;
};
PolicyAgent_ReplyAssignments 23-9-2009 15:11:33 1280 (0x0500)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. PolicyAgent_ReplyAssignments 23-9-2009 15:11:33 1280 (0x0500)
Raising event:instance of CCM_ServiceHost_CertRetrieval_Status
{
ClientID = "GUID:ED09C70C-80D0-4456-B297-1DA047562E6E";
DateTime = "20090923131133.680000+000";
HRESULT = "0x00000000";
ProcessID = 736;
ThreadID = 1280;
};
PolicyAgent_ReplyAssignments 23-9-2009 15:11:33 1280 (0x0500)
Raising event:instance of CCM_PolicyAgent_PolicyAuthorizationFailure
{
ClientID = "GUID:ED09C70C-80D0-4456-B297-1DA047562E6E";
DateTime = "20090923131133.680000+000";
PolicyNamespace = "\\\\S031-1039\\ROOT\\ccm\\Policy\\Machine\\RequestedConfig";
PolicySource = "SMS:VEL";
ProcessID = 736;
ThreadID = 1280;
};
PolicyAgent_ReplyAssignments 23-9-2009 15:11:33 1280 (0x0500)
Answers
The support of Windows Server 2008 R2 comes with ConfigMgr 2007 SP2. But there is already a roll-up update to support the Client OS (for ConfigMgr 2007 SP1) for the problem as discribed by you: http://support.microsoft.com/Default.aspx?kbid=974236
My Blog: http://www.petervanderwoude.nl/- Marked As Answer byLA1976 Wednesday, September 23, 2009 3:44 PM
- Edited byPeter van der Woude Wednesday, September 23, 2009 2:27 PMAdded Client Support
All Replies
- Are these servers in a native mode site and if so, have you confirmed the PKI certificates for them?
- Yes I have the clients have certificates with key usage
Client Authentication (1.3.6.1.5.5.7.3.2)
Server Authentication (1.3.6.1.5.5.7.3.1)
Both (MP and Client) from the same PKI. The support of Windows Server 2008 R2 comes with ConfigMgr 2007 SP2. But there is already a roll-up update to support the Client OS (for ConfigMgr 2007 SP1) for the problem as discribed by you: http://support.microsoft.com/Default.aspx?kbid=974236
My Blog: http://www.petervanderwoude.nl/- Marked As Answer byLA1976 Wednesday, September 23, 2009 3:44 PM
- Edited byPeter van der Woude Wednesday, September 23, 2009 2:27 PMAdded Client Support
- It says your cert store is empty. Check the ClientIDManagerStartup.log to see what is going on, if it is infact finding the client cert. On the server check the mpcontrol.log file to make sure all is correct with the MP.
http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com
