none
SCCM 1906 and Enabled “Use Configuration Manager-generated certificates for HTTP Site System.” RRS feed

  • Question

  • Hi,

    I have enabled “Use Configuration Manager-generated certificates for HTTP Site System.” on sccm server because of Email Approve request. After enabled it, lost a lot client machines the connection to the sccm server.

    Now I see on the "Devices", no client is installed. I am sure the client were installed. I have no Idea. 

    On the Client status on the sccm server I can see the connection were failed.

    What is here wrong?

    Regards

    Nick


    • Edited by mpng2008 Tuesday, October 15, 2019 9:08 PM
    Monday, October 14, 2019 1:39 PM

Answers

All replies

  • The *only* thing in ConfigMgr that ever sets the client field to No is the "Clear Install Flag" site maintenance task thus what you are are seeing is not directly related to enabling ehttp. Do these resources show as ever having had the client agent installed? Have you checked on the status of this maintenance task?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, October 14, 2019 2:28 PM
  • What is now the next step to check why?


    • Edited by mpng2008 Tuesday, October 15, 2019 9:11 PM
    Monday, October 14, 2019 2:42 PM
  • You are sure how? Have you opened the properties of the resource and reviewed the properties? Just because a resource exists with a name doesn't mean it actually corresponds to a system with an agent installed.

    What I stated above is fact, nothing changes this property except that one maintenance task. SO, once again, have you reviewed the configuration of that maintenance task?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, October 14, 2019 2:51 PM
  • Check the below client logs

    ClientIDManagerStartup.log - Check the registration status of client computer

    Check also the below blog

    http://eskonr.com/2018/08/troubleshooting-client-that-has-no-sccm-agent-in-console-but-still-receive-deployments/
    Monday, October 14, 2019 2:52 PM
  • Yes I am sure because I really installed on Friday new Windows updates.

     the "Clear Install Flag" is enabled, here I did not change any thing

    have you reviewed the configuration of that maintenance task? 

    https://docs.microsoft.com/de-de/sccm/core/servers/manage/maintenance-tasks




    • Edited by mpng2008 Tuesday, October 15, 2019 9:12 PM
    Monday, October 14, 2019 2:54 PM
  • > Yes I am sure because I really installed on Friday new Windows updates.

    That doesn't mean anything technically and same answer, just because you have e a resource in the console doesn't mean it corresponds to a managed system. Names are *not* unique or definitive identifiers. Once again, you need to check the properties of the resources in question.

    Also, have you checked the actual status of the client agents on these systems and their logs?

    For maintenance tasks, see https://docs.microsoft.com/en-us/sccm/core/servers/manage/maintenance-tasks#set-up-maintenance-tasks. For some odd reason the task is called Clear Undiscovered Clients in the Maintenance Tasks tab.


    Jason | https://home.configmgrftw.com | @jasonsandys


    Monday, October 14, 2019 2:59 PM
  • I will check it and let you know.

    the "Clear Install Flag" should enabled?

    Monday, October 14, 2019 3:03 PM
  • It's disabled by default. Whether it should or shouldn't be enabled is up to your requirements -- that's why it's configurable.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, October 14, 2019 3:26 PM
  • Jason,

    I cheched the maintence task and I cannot see any error there. The "Clear Undiscovered Clients" is disabled.

    Could you tell me please what you mean with "you need to check the properties of the resources in question"? Do you mean the properties of client machine? If yes I have checked the properties and reviewed all settings. I cannot really see any error.

    What I have seen on the SCCM server is, the SMS_CLIENT_CONFIG_MANAGER has a warning, because one of client machine does not exist any more in the domain.

    I have to mention that I have remove the old Windows ADK and install the new version 1903 and uodated the Boot image. And I have installed the Windows PE Add-on for the ADK 1903. I cannot believe the new ADK is the reason




    • Edited by mpng2008 Monday, October 14, 2019 10:29 PM
    Monday, October 14, 2019 10:08 PM
  • I cheched the maintence task and I cannot see any error there. The "Clear Undiscovered Clients" is disabled.

    First, stop looking for errors. Troubleshooting isn't just an error hunt. Next, if this task is disabled, then as noted, there is nothing else whatsoever in the product that will reset an existing resource to No for the Client attribute. The resources in the screenshot above are new and not related to other resources or systems that have the client agent installed.

    Could you tell me please what you mean with "you need to check the properties of the resources in question"? Do you mean the properties of client machine? If yes I have checked the properties and reviewed all settings. I cannot really see any error.

    Same answer, stop looking for errors. What's shown in the console are *resources*. These resources usually correspond to managed systems but not necessarily. So when I say check the properties of the resources, I mean right-click on the resource in the console and select Properties. This will give you a properties dialog for that resource with attributes like what Agent Name which tells you which methods discovered the resource, when the resource was created, and many others (most of which will have no value for resources that don't correspond to an actual managed system).

    What I have seen on the SCCM server is, the SMS_CLIENT_CONFIG_MANAGER has a warning, because one of client machine does not exist any more in the domain.

    This is the client push process and this is normal when the system is unreachable during the client agent push process.

    The ADK is completely unrelated to managing systems.

    Honestly, not to be rude or crude here, but you really, really need training. ConfigMgr is not a simple product by any stretch of the imagination and it takes quite a bit of effort and time to grasp all of the moving parts here. Randomly looking at different things to troubleshoot a specific issue, which isn't related to what you are looking at and is probably something you are misinterpreting because you simply don't have the experience and knowledge, is really not a good path to successfully running ConfigMgr. In this case specifically, having resources with the client set to NO can be indicative of multiple things, but as noted, it is not indicative of those clients falling our of management as there is not process for this. Thus, you need to determine where those resources came from, do they actually correspond to the systems in question, what happened to the resources that did correspond to the systems in question, etc. My guess here is that someone deleted those resources but that's purely a guess that only direct examination of your environment could prove out.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, October 15, 2019 2:53 PM
  • As noted, resources in the console don't necessarily correspond to actual systems with the agent installed. Resources are created as the result of a discovery and there's nothing to prevent multiple resources from having the same name thus the resource in your screenshot above could be duplicates as well. Checking the properties as noted will tell you which discovery created them and when they were created.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, October 15, 2019 4:02 PM
  • This issue is now resolved.
    • Marked as answer by mpng2008 Tuesday, October 15, 2019 9:13 PM
    Tuesday, October 15, 2019 9:13 PM
  • Hi,

    I am very happy to hear that you have solved this issue now. Are you willing to share your specific or detailed solution to this issue? Please don't forget to click "Mark as answer" on this solution, It would make the reply to the top and easier to be found for other people who has the similar question.

    Thank you!

    Best regards,
    Larry


    Please remember to mark the replies as answers if they help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, October 18, 2019 9:32 AM