locked
SCCM 2012 Configuration Manager - Agent Installation Issues RRS feed

  • Question

  • Dear Experts,

    SCCM 2012 Client Installation on WS 2008 Machines. After Completing the SCCM 2012 Client Installation it is observed that only 2 Actions (Machine Policy Retrieval & User Policy Retreival) can see

    Verified the LocationServices.Log, CCMSetup.LOG, Client Location Log - Which is assigned to correct Site Code & MP

    Boundary Type : IP Address Range

    1. SCCM Client Installation Performed using Client Push Account
    2. After Verifiying the Configuration Manager Applet, can see only with 2 Policies from the Action Tab
    3. Verified the ClietID Manager Startup Log File - This Log shows that "Server Rejected registration request: 3" as shown

    4. After Verifying the MP control Manager Log - It says the error as MP Reg: Client in-band certificate is not valid due to failures in certificate chain validation, Raising status event. Failure HR = 0x800b010a (As shown)

    5. Tried with SQL Management Studio for finding Select * from ClientKeyData where isrevoked = 1 to see but the impacted end points are having the value as 0.

    6. Tried with Uninstalling using CCMCleanup Tool, Cleared the Certificate, Rebooted, Cleared the SMSCFG.Ini files

    7. Re-install Client using SCCM Client Push & Manually - Still no luck

    Any help pls


    Veera

    Thursday, November 3, 2016 10:52 AM

All replies

  • This isn't about the client being revoked so querying the DB for a revoked client is meaningless.

    #4 tells you what's the cause of the issue: a cert chain in use is not trusted.

    Can you please post the entire relevant snippet of that log showing the error (just posting errors is pointless without the context)?

    Are you using HTTPS client communication?

    Are other clients having the same issue?

    Are there other client auth certificates on this client?

    Please also post the entire relevant potion of the clientidmanagerstartup.log (and not a screenshot) showing cert selection.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Thursday, November 3, 2016 12:53 PM
  • Thank you for your quick attention.

    I agree with you.

    With Regards to 4 - Certificate Chain is Not Trusted.

    Yes, This Occurred only on few Client Machines. Other Machines are working well and good.


    Veera

    Thursday, November 3, 2016 1:15 PM
  • Please find the Log File.

    <![LOG[[----- STARTUP -----]]LOG]!><time="13:04:25.706+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmidstore.cpp:414">
    <![LOG[Machine: MSHSRMNSUKD1374]LOG]!><time="13:04:25.800+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmid.cpp:1408">
    <![LOG[OS Version: 6.1 Service Pack 1]LOG]!><time="13:04:25.800+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmid.cpp:1412">
    <![LOG[SCCM Client Version: 5.00.8239.1000]LOG]!><time="13:04:25.800+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmid.cpp:1416">
    <![LOG['RDV' Identity store does not support backup.]LOG]!><time="13:04:25.800+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmidstore.cpp:372">
    <![LOG[CCM Identity is in sync with Identity stores]LOG]!><time="13:04:25.800+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmid.cpp:1455">
    <![LOG[PopulateRegistrationHint: Client has an SMSID, certificates, and has no CCM_ClientIdentificationInformation=@ instance, setting the hint.]LOG]!><time="13:04:25.815+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmid.cpp:1930">
    <![LOG[Retrieved Certificate options successfully]LOG]!><time="13:04:25.815+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmgencert.cpp:3643">
    <![LOG[Failed in GetCertificate(...): 0x87d00281
    ]LOG]!><time="13:04:25.815+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="2" thread="4836" file="ccmcert.cpp:2764">
    <![LOG[PopulateRegistrationHint: Using the Certificate selected by the current version of SCCM to set the hint.]LOG]!><time="13:04:25.815+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmid.cpp:2000">
    <![LOG[Client is set to use HTTPS when available. The current state is 224.]LOG]!><time="13:04:25.815+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmutillib.cpp:414">
    <![LOG[CCMCreateAuthHeadersEx failed (0x80004005).]LOG]!><time="13:04:26.940+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="3" thread="4836" file="clientauthutil.cpp:1248">
    <![LOG[PopulateRegistrationHint failed (0x80004005), expected upon first start of non-upgrade client.]LOG]!><time="13:04:26.940+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="2" thread="4836" file="ccmid.cpp:2037">
    <![LOG[Generated a new Signing certificate]LOG]!><time="13:04:28.815+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmid.cpp:1107">
    <![LOG[Generated a new Encryption certificate]LOG]!><time="13:04:28.831+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmid.cpp:1151">
    <![LOG[[----- SHUTDOWN -----]]LOG]!><time="13:04:40.270+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4836" file="ccmidstore.cpp:512">
    <![LOG[[----- STARTUP -----]]LOG]!><time="13:04:40.973+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmidstore.cpp:414">
    <![LOG[Machine: MSHSRMNSUKD1374]LOG]!><time="13:04:40.988+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmid.cpp:1408">
    <![LOG[OS Version: 6.1 Service Pack 1]LOG]!><time="13:04:40.988+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmid.cpp:1412">
    <![LOG[SCCM Client Version: 5.00.8239.1000]LOG]!><time="13:04:40.988+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmid.cpp:1416">
    <![LOG['RDV' Identity store does not support backup.]LOG]!><time="13:04:40.988+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmidstore.cpp:372">
    <![LOG[CCM Identity is in sync with Identity stores]LOG]!><time="13:04:40.988+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmid.cpp:1455">
    <![LOG[Deleted Certificate ID from registry successfully]LOG]!><time="13:04:41.004+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmgencert.cpp:3601">
    <![LOG[Client is set to use HTTPS when available. The current state is 224.]LOG]!><time="13:04:41.004+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmutillib.cpp:414">
    <![LOG[[----- SHUTDOWN -----]]LOG]!><time="13:04:43.270+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4264" file="ccmidstore.cpp:512">
    <![LOG[[----- STARTUP -----]]LOG]!><time="13:06:21.467+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmidstore.cpp:414">
    <![LOG[Machine: MSHSRMNSUKD1374]LOG]!><time="13:06:21.498+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmid.cpp:1408">
    <![LOG[OS Version: 6.1 Service Pack 1]LOG]!><time="13:06:21.498+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmid.cpp:1412">
    <![LOG[SCCM Client Version: 5.00.8239.1000]LOG]!><time="13:06:21.498+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmid.cpp:1416">
    <![LOG['RDV' Identity store does not support backup.]LOG]!><time="13:06:21.498+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmidstore.cpp:372">
    <![LOG[CCM Identity is in sync with Identity stores]LOG]!><time="13:06:21.498+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmid.cpp:1455">
    <![LOG[Deleted Certificate ID from registry successfully]LOG]!><time="13:06:21.498+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmgencert.cpp:3601">
    <![LOG[Client is set to use HTTPS when available. The current state is 224.]LOG]!><time="13:06:21.514+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmutillib.cpp:414">
    <![LOG[[RegTask] - Executing registration task synchronously.]LOG]!><time="13:06:27.905+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4276" file="regtask.cpp:891">
    <![LOG[Read SMBIOS (encoded): 56004D0077006100720065002D00340032002000300030002000390039002000330065002000350030002000640038002000610032002000390039002D0039006200200066006400200034003500200065003100200036006600200038003000200030003800200066003300]LOG]!><time="13:06:27.921+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4276" file="smbiosident.cpp:118">
    <![LOG[Evaluated SMBIOS (encoded): 56004D0077006100720065002D00340032002000300030002000390039002000330065002000350030002000640038002000610032002000390039002D0039006200200066006400200034003500200065003100200036006600200038003000200030003800200066003300]LOG]!><time="13:06:27.952+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4276" file="smbiosident.cpp:184">
    <![LOG[No SMBIOS Changed]LOG]!><time="13:06:27.952+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4276" file="smbiosident.cpp:65">
    <![LOG[SMBIOS unchanged]LOG]!><time="13:06:27.952+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4276" file="ccmid.cpp:671">
    <![LOG[SID unchanged]LOG]!><time="13:06:27.968+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4276" file="ccmid.cpp:688">
    <![LOG[HWID unchanged]LOG]!><time="13:06:30.124+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4276" file="ccmid.cpp:705">
    <![LOG[RegEndPoint: Event notification: CCM_RemoteClient_Reassigned]LOG]!><time="13:06:31.812+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4640" file="regendpoint.cpp:348">
    <![LOG[RegEndPoint: Received notification for site assignment change from '<none>' to 'PR1'.]LOG]!><time="13:06:31.812+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="4640" file="regendpoint.cpp:380">
    <![LOG[[----- SHUTDOWN -----]]LOG]!><time="13:06:32.109+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="2496" file="ccmidstore.cpp:512">
    <![LOG[[----- STARTUP -----]]LOG]!><time="13:06:32.530+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmidstore.cpp:414">
    <![LOG[Machine: MSHSRMNSUKD1374]LOG]!><time="13:06:32.562+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmid.cpp:1408">
    <![LOG[OS Version: 6.1 Service Pack 1]LOG]!><time="13:06:32.562+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmid.cpp:1412">
    <![LOG[SCCM Client Version: 5.00.8239.1000]LOG]!><time="13:06:32.562+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmid.cpp:1416">
    <![LOG['RDV' Identity store does not support backup.]LOG]!><time="13:06:32.562+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmidstore.cpp:372">
    <![LOG[CCM Identity is in sync with Identity stores]LOG]!><time="13:06:32.562+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmid.cpp:1455">
    <![LOG[Client is set to use HTTPS when available. The current state is 448.]LOG]!><time="13:06:32.577+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmutillib.cpp:414">
    <![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="13:06:32.577+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmcert.cpp:4541">
    <![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="13:06:32.577+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmcert.cpp:4700">
    <![LOG[Begin to select client certificate]LOG]!><time="13:06:32.577+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmcert.cpp:4856">
    <![LOG[Begin validation of Certificate [Thumbprint EC0E174CFD3DDAFB4C0AAD403125EE933B3441DE] issued to 'MSHSRMNSUKD1374.mnsukdev.adrootdev.marksandspencerdev.com']LOG]!><time="13:06:32.577+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmcert.cpp:1715">
    <![LOG[Completed validation of Certificate [Thumbprint EC0E174CFD3DDAFB4C0AAD403125EE933B3441DE] issued to 'MSHSRMNSUKD1374.mnsukdev.adrootdev.marksandspencerdev.com']LOG]!><time="13:06:32.593+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmcert.cpp:1862">
    <![LOG[>>> Client selected the PKI Certificate [Thumbprint EC0E174CFD3DDAFB4C0AAD403125EE933B3441DE] issued to 'MSHSRMNSUKD1374.mnsukdev.adrootdev.marksandspencerdev.com']LOG]!><time="13:06:32.593+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmcert.cpp:5000">
    <![LOG[Raising event:

    instance of CCM_ServiceHost_CertRetrieval_Status
    {
     DateTime = "20161103130632.593000+000";
     HRESULT = "0x00000000";
     ProcessID = 2696;
     ThreadID = 1068;
    };
    ]LOG]!><time="13:06:32.593+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="event.cpp:715">
    <![LOG[Failed to submit event to the Status Agent. Attempting to create pending event.]LOG]!><time="13:06:32.593+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="2" thread="1068" file="event.cpp:737">
    <![LOG[Raising pending event:

    instance of CCM_ServiceHost_CertRetrieval_Status
    {
     DateTime = "20161103130632.593000+000";
     HRESULT = "0x00000000";
     ProcessID = 2696;
     ThreadID = 1068;
    };
    ]LOG]!><time="13:06:32.593+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="event.cpp:770">
    <![LOG[Client PKI cert is available.]LOG]!><time="13:06:32.593+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="1068" file="ccmgencert.cpp:3704">
    <![LOG[Initializing registration renewal for potential PKI issued certificate changes.]LOG]!><time="13:06:34.421+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="regtask.cpp:485">
    <![LOG[Succesfully intialized registration renewal.]LOG]!><time="13:06:34.421+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="regtask.cpp:527">
    <![LOG[[RegTask] - Executing registration task synchronously.]LOG]!><time="13:06:34.421+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="regtask.cpp:891">
    <![LOG[Read SMBIOS (encoded): 56004D0077006100720065002D00340032002000300030002000390039002000330065002000350030002000640038002000610032002000390039002D0039006200200066006400200034003500200065003100200036006600200038003000200030003800200066003300]LOG]!><time="13:06:34.437+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="smbiosident.cpp:118">
    <![LOG[Evaluated SMBIOS (encoded): 56004D0077006100720065002D00340032002000300030002000390039002000330065002000350030002000640038002000610032002000390039002D0039006200200066006400200034003500200065003100200036006600200038003000200030003800200066003300]LOG]!><time="13:06:34.437+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="smbiosident.cpp:184">
    <![LOG[No SMBIOS Changed]LOG]!><time="13:06:34.437+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="smbiosident.cpp:65">
    <![LOG[SMBIOS unchanged]LOG]!><time="13:06:34.437+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="ccmid.cpp:671">
    <![LOG[SID unchanged]LOG]!><time="13:06:34.437+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="ccmid.cpp:688">
    <![LOG[HWID unchanged]LOG]!><time="13:06:36.546+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="ccmid.cpp:705">
    <![LOG[Windows To Go requires a minimum operating system of Windows 8]LOG]!><time="13:06:38.469+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="util.cpp:3241">
    <![LOG[GetSystemEnclosureChassisInfo: IsFixed=FALSE, IsLaptop=FALSE]LOG]!><time="13:06:38.500+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="ccmid.cpp:215">
    <![LOG[Windows To Go requires a minimum operating system of Windows 8]LOG]!><time="13:06:38.594+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="util.cpp:3241">
    <![LOG[Computed HardwareID=2:C60E826ED142E317A04E4901A08DD5116CBD1A8B
     Win32_SystemEnclosure.SerialNumber=<empty>
     Win32_SystemEnclosure.SMBIOSAssetTag=<empty>
     Win32_BaseBoard.SerialNumber=None
     Win32_BIOS.SerialNumber=VMware-42 00 99 3e 50 d8 a2 99-9b fd 45 e1 6f 80 08 f3
     Win32_NetworkAdapterConfiguration.MACAddress=00:50:56:80:38:5A]LOG]!><time="13:06:38.594+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="ccmid.cpp:476">
    <![LOG[[RegTask] - Client is not registered. Sending registration request for GUID:F4397D58-956A-489B-B784-2E4FC02865D8 ...]LOG]!><time="13:06:38.609+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="regtask.cpp:1609">
    <![LOG[[RegTask] - Server rejected registration request: 3]LOG]!><time="13:06:43.532+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="3" thread="3040" file="regtask.cpp:1675">
    <![LOG[Sleeping for 292 seconds before refreshing location services.]LOG]!><time="13:06:45.532+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="regtask.cpp:196">
    <![LOG[Windows To Go requires a minimum operating system of Windows 8]LOG]!><time="13:11:37.919+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="util.cpp:3241">
    <![LOG[GetSystemEnclosureChassisInfo: IsFixed=FALSE, IsLaptop=FALSE]LOG]!><time="13:11:37.935+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="ccmid.cpp:215">
    <![LOG[Windows To Go requires a minimum operating system of Windows 8]LOG]!><time="13:11:37.950+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="util.cpp:3241">
    <![LOG[Computed HardwareID=2:C60E826ED142E317A04E4901A08DD5116CBD1A8B
     Win32_SystemEnclosure.SerialNumber=<empty>
     Win32_SystemEnclosure.SMBIOSAssetTag=<empty>
     Win32_BaseBoard.SerialNumber=None
     Win32_BIOS.SerialNumber=VMware-42 00 99 3e 50 d8 a2 99-9b fd 45 e1 6f 80 08 f3
     Win32_NetworkAdapterConfiguration.MACAddress=00:50:56:80:38:5A]LOG]!><time="13:11:37.950+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="ccmid.cpp:476">
    <![LOG[[RegTask] - Client is not registered. Sending registration request for GUID:F4397D58-956A-489B-B784-2E4FC02865D8 ...]LOG]!><time="13:11:37.966+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="regtask.cpp:1609">
    <![LOG[[RegTask] - Server rejected registration request: 3]LOG]!><time="13:11:38.029+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="3" thread="3040" file="regtask.cpp:1675">
    <![LOG[Sleeping for 296 seconds before refreshing location services.]LOG]!><time="13:11:41.029+00" date="11-03-2016" component="ClientIDManagerStartup" context="" type="1" thread="3040" file="regtask.cpp:196">


    Veera

    Thursday, November 3, 2016 1:19 PM
  • So are you trying to use HTTPS client communication?

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Thursday, November 3, 2016 1:49 PM
  • Dear Jason,

    The Client Communication with DP is HTTP:


    Veera

    Thursday, November 3, 2016 2:15 PM
  • What about the MP? Have you configured anything for HTTPS?

    If the MP is the same and you haven't configured anything for HTTPS, then you should disable the use of PKI client certs in your site configuration (site->Properties->Client Communication tab) because this client is choosing a client auth cert to use and is trying to communicate using HTTPS.


    Jason | http://blog.configmgrftw.com | @jasonsandys


    Thursday, November 3, 2016 2:31 PM
  • Yes, Please refer the below one.


    Veera

    Thursday, November 3, 2016 2:50 PM
  • Yes what? You should disable the option to use PKI client certs as I noted.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Thursday, November 3, 2016 4:01 PM
  • But this is working on most of the machines.

    Only few machines are not getting installed with SCCM Agent.

    Based on the change, any other impact on the existing working machines.


    Veera

    Thursday, November 3, 2016 5:09 PM
  • Because only those few machines probably have client auth certs as I noted and is clearly shown in the log above. If you do not intended to use HTTPS client communication, having that checkbox checked makes zero sense.

    Jason | http://blog.configmgrftw.com | @jasonsandys

    Thursday, November 3, 2016 7:39 PM