locked
Issue in Secondary Site RRS feed

  • Question

  • Hi Experts, 

    Due to some unrecoverable OS issues we had to change to a new VM from the existing VM, so we have the VM built with the same configuration and everything like the old server & we have renamed the old server and renamed the new server to have the old server name.

    Enabled the same roles that was in the OLD server and added included to SCCM as secondary site since the old machine is alsosecondary site. After adding we have given recover secondary site from administrator option to make sure the new server is also upto the current production version. Now we have everything is up and running fine. But all of sudden we are facing issues Software center is not working in the machines in which in control panel it is pointing to this seconday server in Proxy management point and Resident management point. 

    while checking in the server for logs BgbServer.log we are getting this error repeatedly

    ERROR: Can't find corresponding certificate used in client registration for client (Type: SCCM ID: GUID:93733F00-461F-498E-9F9A-

    now if we are getting a different error 

    Failed to decode message body with message header (<Message><SourceType>SCCM</SourceType><SourceID>GUID:51941AA1-4C6C-4510-B215-D21AC6EF2D2E</SourceID><Hooks><Hook Name="Authentication"><Property Name="PayloadSignature" Value="LqHgKQXixup4lEj2mGvZ7IT7xWDJOSBK9ITDPrP0MG7D5MzhZinjF3HL6TYbzD8I&#xA;ye3YcD2Lqj4Qn2D+WImCbEtJ2d/PQRwTtsjPgSTXr/AWWPnD48Av+H5NgGdqEe/6&#xA;/XekTFL9K6E1MKcyH30ckrqIPzPcMTQ9eR+76QjpXe1xEve6SXwmNL6zcP6znZWJ&#xA;9VX9AaoSEG5dnDZQ3WZl7QLJ5Xe+H7+YFoBahzZt31QtEjU+NbcpWkj5nwSUt5XF&#xA;+9HDw7bV2sT+abv8aDSZxr9m9ddyn01NHP/Foa3c9gWzllUfReY5fi+o6o29o5fN&#xA;DmmlHLrYZF7qVaaOzk+Lrw=="/></Hook></Hooks></Message>) SMS_NOTIFICATION_SERVER 7/27/2017 11:39:13 AM 6008 (0x1778)
    Failed to process SignIn message from client IP Address:62438. SMS_NOTIFICATION_SERVER 7/27/2017 11:39:13 AM 6008 (0x1778)
    ERROR: SQL exception when retrieve client certificate from DB. Exception: System.Data.SqlClient.SqlException (0x80131904): The EXECUTE permission was denied on the object 'sp_GetPublicKeyForSMSID', database 'DB Engine', schema 'dbo'.~~   at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action`1 wrapCloseInAction)~~   at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose)~~   at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady)~~   at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData()~~   at System.Data.SqlClient.SqlDataReader.get_MetaData()~~   at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString, Boolean isInternal, Boolean forDescribeParameterEncryption)~~   at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite, Boolean inRetry, SqlDataReader ds, Boolean describeParameterEncryptionRequest)~~   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource`1 completion, Int32 timeout, Task& task, Boolean& usedCache, Boolean asyncWrite, Boolean inRetry)~~   at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method)~~   at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method)~~   at System.Data.SqlClient.SqlCommand.ExecuteReader()~~   at Microsoft.ConfigurationManager.BgbServerChannel.BgbCertificateCache.GetClientCertificate(ClientIdentity clientId, Boolean forceRefresh)~~ClientConnectionId:2ef0fa4c-1725-49c1-9d9a-2a6f509e0d99~~Error Number:229,State:5,Class:14 -2146232060 SMS_NOTIFICATION_SERVER 7/27/2017 11:39:13 AM 6008 (0x1778)
    Can't do post authentication without client certificate stored in registration. SMS_NOTIFICATION_SERVER 7/27/2017 11:39:13 AM 6008 (0x1778)
    Failed to authenticate with client  addressSMS_NOTIFICATION_SERVER 7/27/2017 11:39:13 AM 6008 (0x1778)

    Kindly suggest on what we can do to fix this issue. 

    Thanks 

    Balaji S

    Thursday, July 27, 2017 6:13 PM

Answers

  • we have build the new server with the same configuration and same site code but with a different server name with all the roles enabled, once we have removed the actual server from network we have swapped the name with the help of windows team and this caused the issue in DB. we had to clear lot of entries in Database for the server to report as normal. 

    Finally now everything is working fine as expected. 

    the best option i would suggest is don't change the server name after configuring the roles in the server, use the recover secondary site option to complete the recovery of the site. 

    Thanks.

    Balaji S

    Wednesday, August 30, 2017 1:14 PM

All replies

  • Did you restore the CM12 or just rebuild it exactly the same including the site code? if you have done the later you are in for a world of hurt. You need to clean up all the old environment including all the certificates, system management container,  etc.

    It might be even easier to store over, this time with a new site code. For that matter, I would take the time to upgrade to CMCB and get off the old CM12 stuff.


    Garth Jones

    Blog: http://www.enhansoft.com/blog Old Blog: http://smsug.ca/blogs/garth_jones/default.aspx

    Twitter: @GarthMJ Book: System Center Configuration Manager Reporting Unleased

    Thursday, July 27, 2017 7:57 PM
  • we have build the new server with the same configuration and same site code but with a different server name with all the roles enabled, once we have removed the actual server from network we have swapped the name with the help of windows team and this caused the issue in DB. we had to clear lot of entries in Database for the server to report as normal. 

    Finally now everything is working fine as expected. 

    the best option i would suggest is don't change the server name after configuring the roles in the server, use the recover secondary site option to complete the recovery of the site. 

    Thanks.

    Balaji S

    Wednesday, August 30, 2017 1:14 PM
  • > "the best option i would suggest is don't change the server name after configuring the roles in the server"

    It's not just the best option, it's the only supported option. Changing the name of a site server or site system is not supported and will break things.


    Jason | https://home.configmgrftw.com | @jasonsandys

    Wednesday, August 30, 2017 1:32 PM