locked
SCCM 2012 R2 Client on Distribution Point doesn't complete registration - SOLVED RRS feed

  • Question

  • This post is not really looking for an answer to a problem but rather to provide a solution to one should someone else out there have the same issue I had today. There were several other troubleshooting steps along the way today but only the relevant information to the problem and solution are below.

    I installed a VM with Server 2012 R2 that was going to be a distribution point. In preparation for getting it ready all pre-requisites were completed and DP client certificate requested.

    I deployed the DP role through the console and set the PKI cert to the DP Client cert that was exported, everything completed and was setup without issue. Next I deployed the client agent to the server but noticed that it wasn't completing registration and showing active in the CM Console. I checked the client and noticed the Certificate was listed as none instead of PKI and also noticed the only actions listed were the machine and user cycle so I knew something wasn't right and did what most of do and googled the problem I was having.

    I couldn't find any definitive solutions for my exact problem but one post mentioned to look at the MP_REGISTRATIONMANAGER.LOG which I did and noticed an error "A client is trying to re-register with an
    administrator revoked certificate”. This seemed odd because there shouldn’t have been 
    any revoked certificates for this server. I cross referenced the thumbprints listed for the certificates on my CA and noticed that the referenced certificate were the Client Distribution Point certificate and not the Client certificate. I researched some more to find similar situations but nothing pointed to this exact problem and what to do to resolve it. I finally decided that since it was referencing the wrong certificate to remove that certificate on the server and revoke it in the CA as well as remove the reference to it in the Distribution Point properties. After removing it from these places the server client agent registered with SCCM and the errors went away in the log. I then requested a new certificate for the Distribution Point, exported it and imported it into the DP properties in the CM Console. Everything works properly now.

    Both the Client and the DP Client certs are workstation certificates. I still do not understand why it was trying to use one over the other for the client installation.

    Lesson learned was to install the client before requesting the DP Client certificate.

    Wednesday, July 30, 2014 10:01 PM

Answers

All replies

  • If solved then please mark the thread as answered so that we know you are OK.

    Wally Mead

    Wednesday, July 30, 2014 10:22 PM
  • If solved then please mark the thread as answered so that we know you are OK.

    Wally Mead


    The option to mark as answered is not available
    Thursday, July 31, 2014 1:17 PM
  • The option to mark as answered is not available


    Change the forum post type from a Discussion to Question post.

    Garth Jones | My blogs: Enhansoft and Old Blog site | Twitter: @GarthMJ

    Thursday, July 31, 2014 1:24 PM
  • Yup, can't 'answer' a discussion, however a 'question' can be answered :-)

    Wally Mead

    Thursday, July 31, 2014 3:28 PM