locked
New clients are not getting the policies RRS feed

  • Question

  • I just noticed that new clients are not getting the policies.  Only Machine Policy Retrieval & Evaluation Cycle and User Policy Retrieval & Evaluation Cycle show up in the Actinos section of ConfigMgr properties.

    I have verified/tried---

    Installing the clients manually and from the console.  They DO show up in the console.

    Logs appear that they are talking with the Management Point.

    I upgraded to 2012 SP1 about 6 months back, but I think they have worked since then.  Regardless, I made sure that "Negotiate" was the top option in Windows Authentication.

    I have reinstalled the Management Point.  This is a single site environment

    Verified that boundary groups are set up properly.

    Any suggestions on what else could be causing the issue??

    PolicyAgent.log does have a few interesting pieces -

    Requesting User policy from authority 'SMS:RAV'

    Skipping request for user policy assignments due to agent configuration for authority 'SMS:RAV'.

    Requesting Machine policy assignments PolicyAgent_RequestAssignments 1/28/2014 3:36:08 PM 3392 (0x0D40)
    Requesting Machine policy from authority 'SMS:RAV' PolicyAgent_RequestAssignments 1/28/2014 3:36:08 PM 3392 (0x0D40)
    Raising event:

    instance of CCM_PolicyAgent_AssignmentsRequested
    {
    AuthorityName = "SMS:RAV";
    ClientID = "GUID:8A9872FF-4EA0-4D2D-BF45-F1EF3597D130";
    DateTime = "20140128213608.218000+000";
    ProcessID = 2884;
    ResourceName = "A20034";
    ResourceType = "Machine";
    ThreadID = 3392;
    };
    PolicyAgent_RequestAssignments 1/28/2014 3:36:08 PM 3392 (0x0D40)
    Processing Machine assignments from 'SMS:RAV'. The new cookie is ''. PolicyAgent_ReplyAssignments 1/28/2014 3:36:08 PM 3392 (0x0D40)
    Raising event:

    instance of CCM_PolicyAgent_AssignmentsReceived
    {
    AuthorityName = "SMS:RAV";
    ClientID = "GUID:8A9872FF-4EA0-4D2D-BF45-F1EF3597D130";
    DateTime = "20140128213608.280000+000";
    ProcessID = 2884;
    ReplyType = "Full";
    ResourceName = "A20034";
    ResourceType = "Machine";
    ThreadID = 3392;
    };
    PolicyAgent_ReplyAssignments 1/28/2014 3:36:08 PM 3392 (0x0D40)
    Already processed Machine assignments from 'SMS:RAV' with the cookie ''. PolicyAgent_ReplyAssignments 1/28/2014 3:36:08 PM 3392 (0x0D40)

    Tuesday, January 28, 2014 9:42 PM

All replies

  • Here is your solution from another blog.  I don't have the link, but I kept it in my notes.

    Symptoms:

    ccmsetup.log error: CcmSetup is exiting with return code 0

    policyagent.log: Already processed Machine assignments from ‘SMS:*site code*’ with the cookie ”.

    policyagent.log: Skipping request for user policy assignments due to agent configuration for authority ‘SMS:*site code*’.

    ccmexec.log: System task ‘SMS*_Startup’ returned error code 0x87d0027f

    Configuration manager symptoms for client:

    1.) Components are installed but not enabled

    2.) Actions tab only shows Machine Policy Retrieval & Evaluation Cycle

    3.) User Policy Retrieval & Evaluation Cycle

    4.) Site tab has the correct site code

    And the client shows in SCCM but the properties of the system shows “Not approved”

    Resolution:

    1. First of all, to fix this issue you must setup a boundary and boundary group. If the clients are in a  workgroup; I have used subnet/IP range when creating the boundary for the workgroup
    2. Also you can use DNS if your network uses one. If not then you will have to create an entry in the host file c:\windows\system32\drivers\etc\hosts for the server
    • I have setup a batch file and used the command below:
    • ccmsetup.exe smssitecode=SHA smsmp=ndinwput1 CCMHTTPPort=80 “/mp:http://servername.domain.name”
    • echo 206.241.31.70 NDINWPUT1.NTIS2.GOV >> C:\Windows\System32\drivers\etc\hosts
    1. Then install the client. Once the install is correct you will see the system in SCCM and will have to approve the system in SCCM by right-click on the system and select “Approve”,
    2. Refresh the client policy with policy spy found here http://www.microsoft.com/en-us/download/details.aspx?id=29265 or let the default refresh happen. If you want a manual refresh open configuration manager in the control panel of the client, click on actions tab and run all of the actions.
    3. When troubleshooting client install, pay close attention to the logs below; It’s best to use cmtrace when opening the files :
    • ccmsetup.log: found in C:\Windows\ccmsetup\logs folder of client
    • clientlocation.log found in C:\Windows\CCM\Logs folder of client
    • locationservices.log found in C:\Windows\CCM\Logs folder of client
    • policyagent.log found in C:\Windows\CCM\Logs folder of client
    • policyevaluator.log found in C:\Windows\CCM\Logs folder of client


    Best, Jacob I'm a PC.

    Wednesday, January 29, 2014 1:48 AM
  • Wednesday, February 5, 2014 6:12 AM
  • You can take a look at MP_RegistrationManager and see if your server receives registration request from clients
    Wednesday, February 5, 2014 8:22 AM
  • It's normally either a boundary or DNS issue

    Cheers

    Paul | sccmentor.wordpress.com

    Wednesday, February 5, 2014 8:24 AM