none
SCCM Client cannot be installed RRS feed

All replies

  • Are you using client push installation?if yes did you see any error on ccm.log?

    Are boundaries and boundary groups in place ?. Ensure File And Printer Sharing and WMI is opened on the clients Firewall to allow the client push to work correctly.

    Check the below blog for firewall exclution
    http://prajwaldesai.com/configuring-firewall-settings-for-configuration-manager-2012-r2/

    Also try the below steps

    net stop winmgmt
    rename--  Windows\system32\wbem\repository
    net start winmgmt
    rundll32 wbemupgd, RepairWMISetup


    Tuesday, October 15, 2019 3:24 PM
  • Hi,

    "Client is on internet ccmsetup"

    Please note that the client Push installation is not supported if the client is on Internet connection (Intenret-Based Management Client).

    Are you running a manual installation ? What is the used ccmsetup.exe command line?

    Make sure that the boundaries and boundary groups are correctly configured for Internet client with her Management Point.

    Regards,

    SAAD Youssef

    Tuesday, October 15, 2019 3:42 PM
  • Client push installation doesnt work in our environment.

    Tried manual installation. Boundaries and boundary groups in place as the log says it can reach MP.

    I can connect WMI via WMImgmt.msc.

    How do i check whether file and printer sharing is enabled?

    Tuesday, October 15, 2019 4:11 PM
  • This is the command line used. "C:\WINDOWS\ccmsetup\ccmsetup.exe" /runservice  SMSSITECODE="""

    Yes running a manual installation.

    I am concerned about this error in the log. What does this mean?

    "Couldn't verify 'C:\WINDOWS\ccmsetup\{5263BAD3-800F-4BD7-A9ED-FCA2063B6CC8}\client.msi' authenticode signature. Return code 0x800b010c"


    • Edited by Thang Raj Wednesday, October 23, 2019 3:19 PM
    Tuesday, October 15, 2019 4:15 PM
  • I don't see that error in the log above. Please, when posting log files, post them to a file sharing service and then post a link to them here.

    As for what it means, it means that the OS on the system doesn't trust the file.

    Is the latest CU installed on the system in question?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, October 15, 2019 4:36 PM
  • Client push installation doesnt work in our environment.

    Tried manual installation. Boundaries and boundary groups in place as the log says it can reach MP.

    I can connect WMI via WMImgmt.msc.

    How do i check whether file and printer sharing is enabled?

    To check this, in the site server, open Run window (Windows + R), type \\Hostname.domain\c$ (change hostname.domain related to the FQDN of your client), more details about Windows Firewall and Port settings for SCCM clients:

    https://docs.microsoft.com/en-us/sccm/core/clients/deploy/windows-firewall-and-port-settings-for-clients

    What is your SCCM and Windows client version? For the second one, type winver in CMD

    Tuesday, October 15, 2019 6:27 PM
  • I would recommend to do client installation through server, if there is some communication or permission issue you can fixed it during the client push installation itself.

    initiate client push and monitor ccm.log.

     
    Wednesday, October 16, 2019 7:09 AM
  • Hi,

    Deploying Configuration Manager clients in your environment has some prerequisites, Please refer to the following article for more details.

    https://docs.microsoft.com/en-us/sccm/core/clients/deploy/prerequisites-for-deploying-clients-to-windows-computers

    Please note that each client deployment method has its own dependencies that must be met for client installations to be successful.
    Also, starting in version 1906, clients require support for the SHA-2 code signing algorithm.


    Best regards,
    Larry


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, October 16, 2019 8:52 AM
  • Hi SAAD,

    File and printer sharing is enabled.

    SCCM CB 1902 & Win10 CB1809

    Wednesday, October 16, 2019 11:54 AM
  • Hi Kalyan,

    Client push is disabled and cant be enabled in our environment.

    Wednesday, October 16, 2019 11:55 AM
  • Hi Jason,

    The latest CU is installed on the system. This issue is not across but machine specific.

    What could be the reason that the OS is not trusting the file. The file in question client/msi is the same used across all clients.

    Is there any way/alternate way to make this file trustable on this machine?

    Friday, October 18, 2019 8:09 AM
  • No, you can't force the trust, that defeats the whole point of checking whether or not the file is valid and trusted.

    You need to determine why the file isn't trusted. Authenticode relies on timestamps so you need to validate that the time on the target systems is correct and that they can reach the Internet as well to check the time. Also, have you reviewed the properties (Digital Signatures page) of the MSI file itself on the system where the validation fails and reviewed the certificate there?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, October 18, 2019 1:13 PM
  • Hi Jason,

    The time on the target system is correct and has same time zone as site server.

    The digital signatures page of MSI file says " The certificate was explicitly revoked by an issuer"

    Friday, October 18, 2019 2:45 PM
  • Well, there's you root cause. Now you need to trace back the source of that file.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Friday, October 18, 2019 4:21 PM
  • Hi,


    How are things going? I just checked in to see if there are any updates. Please feel free to feedback and if the above reply is helpful, please kindly click “Mark as answer”. It would make the reply to the top and easier to be found for other people who has the similar question.

    Thank you!


    Best regards,

    Larry



    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Monday, October 21, 2019 2:14 AM
  • Hi Jason,

    The file client.msi sourced from client folder under SCCM site server installed directory.

    This file is trusted on other machines.

    Monday, October 21, 2019 7:52 AM
  • It's possible that the file was tampered with in transit or at rest though which is the whole point of signing the file. There's no way for me to know. I'd suggest recopying the file manually and validating the hash of the file as well.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, October 21, 2019 1:25 PM
  • Hello,

    can you please check your ccmsetup parameter. You said you use the parameter "runservice". But I think this parameter is not valid.

    Best Regards,

    Udo


    News from Forum

    Monday, October 21, 2019 2:28 PM
  • Hi Jason,

    Have manually recopied and ran it but issue remains same. Validated the hash and its same on both source and destination.

    Monday, October 21, 2019 3:18 PM
  • Hi Udo,

    The ccmsetup parameter is simple as it just includes the SMSSITECODE

    Monday, October 21, 2019 3:19 PM
  • Then there's an issue with the OS itself. I unfortunately can't tell you what it is. Perhaps someone has tampered with the trusted root authorities on the systems having the issue. Have you reviewed the certificate trust chain of the certificate used to sign the file?

    Have you also validated that the CDP for that certificate is reachable by the clients: http://www.microsoft.com/pkiops/crl/MicCodSigPCA2011_2011-07-08.crl?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, October 21, 2019 3:47 PM
  • Hi Jason,

    The trust chain of certificates are available on the client machine and have validated that the CDP is reachable from the client machine.

    Tuesday, October 22, 2019 3:40 PM
  • At this point you need to open a support case with Microsoft as I think we've reached the extent of possible troubleshooting here in the forums.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, October 22, 2019 6:05 PM
  • The issue wierdly occuring only on one VIP user's machine however.

    Thanks Jason for all the support.

    Wednesday, October 23, 2019 7:37 AM