locked
unable to approve Linux machines in sccm console "failed to approve those computers to join this site" RRS feed

  • Question

  • I have follow below step.

    1.        CentOS Version 6 client machines
    2.        chmod 777 install
    3.  ./install -mp fkipl-nm-sccm1.fkipl.com  -sitecode MUM ccm-Universalx86.tar

    Checking Prerequisites...

    Checking existence of /lib/libssl.so.1.0.0-fips and /lib/libcrypto.so.1.0.0-fips   ...

    Checking existence of /lib/libssl.so.1.0.0- and /lib/libcrypto.so.1.0.0- ...

    Checking existence of /lib/libssl.so.1.0.0 and /lib/libcrypto.so.1.0.0 ...

    Checking existence of /lib/libssl.so.1.0.0 and /lib/libcrypto.so.1.0.0 ...

    Checking existence of /lib/libssl.so.1.0.0 and /lib/libcrypto.so.1.0.0 ...

    Checking existence of /usr/lib/libssl.so.1.0.0-fips and /usr/lib/libcrypto.so.1.0.0-fips ...

    Checking existence of /usr/lib/libssl.so.1.0.0- and /usr/lib/libcrypto.so.1.0.0-  .

    Checking existence of /usr/lib/libssl.so.1.0.0 and /usr/lib/libcrypto.so.1.0.0 .   ..

      Found /usr/lib/libssl.so.1.0.0 and /usr/lib/libcrypto.so.1.0.0 ...

    Running preinstall validator

    All pre-install tests succeeded!

    Beginning installation of Config Manager in /opt/microsoft/configmgr

    Creating install directory...

    Extracting archive file to /opt/microsoft/configmgr...

    Installing OMI

    Generating a 2048 bit RSA private key

    .........................................+++

    ................+++

    writing new private key to '/opt/microsoft/omi/etc/ssl/certs/omikey.pem'

    -----

    omi already configured

    Successfully installed OMI under: /opt/microsoft/omi/.

    Checking existence of /lib/libssl.so.1.0.0-fips and /lib/libcrypto.so.1.0.0-fips  ..

    Checking existence of /lib/libssl.so.1.0.0- and /lib/libcrypto.so.1.0.0- ...

    Checking existence of /lib/libssl.so.1.0.0 and /lib/libcrypto.so.1.0.0 ...

    Checking existence of /lib/libssl.so.1.0.0 and /lib/libcrypto.so.1.0.0 ...

    Checking existence of /lib/libssl.so.1.0.0 and /lib/libcrypto.so.1.0.0 ...

    Checking existence of /usr/lib/libssl.so.1.0.0-fips and /usr/lib/libcrypto.so.1.0.0-fips ...

    Checking existence of /usr/lib/libssl.so.1.0.0- and /usr/lib/libcrypto.so.1.0.0-...

    Checking existence of /usr/lib/libssl.so.1.0.0 and /usr/lib/libcrypto.so.1.0.0 .   ..

      Found /usr/lib/libssl.so.1.0.0 and /usr/lib/libcrypto.so.1.0.0 ...

    Setting CM_HOME in omiserver...

    Disabling HTTP Ports...

    Modifying install scripts for OMI

    Registering Providers...

    Created /opt/microsoft/omi/./etc/omiregister/root-cimv2/scxcmprovider.reg

    Performing post installation cleanup...

    Linking startup script...

    Initializing data store.  This may take a few minutes...

    Installing boot-time scripts...

    Starting Configuration Manager...

    Installation complete.

    After successfully installed linux agent unable to approve client machine in sccm console. We are getting error "failed to approve those computers to join this site"

    Thanks in advance 



    Regards Sheetla Maurya

    Thursday, March 31, 2016 11:29 AM

Answers


  • It is resolved now, flow this step hope it is use full for you...

    Login with domain user (The user must have enroll permission on template and administrator permission on the client machine) on a client machine.
    Open ConfigMgrClientCertificate.inf file in notepad and replace Linux host name with host name as example:
    Open command prompt with Administrator and execute below command like below:
    C:\Linux>certreq -new ConfigMgrClientCertificate.inf ConfigMgrClientCertificate.req

           Generate certificate through below command:
    C:\Linux>certreq -submit ConfigMgrClientCertificate.req ConfigMgrClientCertificate.cer

           Install certificate through below commands:
    C:\Linux>certreq -accept ConfigMgrClientCertificate.cer

    Open RUN and type MMC à FileàAdd/Remove Snap-in à select Certificates à Add à select Computer Account à click Finish à again click on Finish à click OK  à Expand Certificate à Open Personal à Certificates à export certificate with Private key.
    Transfer client setup files & generated to Linux machine.
    Install through below command:

    ./install -mp <FQDN> -sitecode <sitecode> -UsePKICert <PFX certificate> -certpw <password>1234 -NoCRLCheck <Linux client setup file>

    Example:

    ./install -mp pri.ab.com -sitecode PRI -UsePKICert host.pfx -certpw 1234 -NoCRLCheck ccm-Universalx64.1.0.0.4580.tar
    Friday, May 27, 2016 11:04 AM

All replies

  • Dear Sir,

        If you click the "Details" will you get more information about this error?

    Best regards,

    Jimmy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Friday, April 1, 2016 7:46 AM

  • Stack Trace:
       at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String methodClass, String methodName, Dictionary`2 methodParameters, Boolean traceParameters)
       at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String methodClass, String methodName, Dictionary`2 methodParameters)
       at Microsoft.ConfigurationManagement.AdminConsole.CollectionMenuActions.CollectionMemberAction.ApproveMembers(Object sender, ScopeNode scopeNode, ActionDescription action, IResultObject selectedResultObject, PropertyDataUpdated dataUpdatedDelegate, Status status)

    -------------------------------

    System.Management.ManagementException
    Generic failure 


    Stack Trace:
       at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String methodClass, String methodName, Dictionary`2 methodParameters, Boolean traceParameters)
       at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String methodClass, String methodName, Dictionary`2 methodParameters)
       at Microsoft.ConfigurationManagement.AdminConsole.CollectionMenuActions.CollectionMemberAction.ApproveMembers(Object sender, ScopeNode scopeNode, ActionDescription action, IResultObject selectedResultObject, PropertyDataUpdated dataUpdatedDelegate, Status status)

    -------------------------------

    Regards Sheetla Maurya

    Monday, April 4, 2016 7:18 AM
  • Dear Sir,

        Nothing useful here. You may have to check if the client have been installed successfully or not on those Linux devices by examining the scxcm.log, also check your client installation parameter (MP server FQDN, site code).Note that a client cannot be approved until it has been installed successfully and assigned to a site.

    Best regards,

    Jimmy 


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, April 7, 2016 7:58 AM
  • Hi Jimmy,

    we are using below command line (./install -mp fkipl-nm-sccm1.fkipl.com  -sitecode MUM ccm-Universalx86.tar) 

    please check  log file.

    [root@SCCM-TEST-3 bin]# tail -f /var/opt/microsoft/scxcm.log
    2016-04-07T11:55:17,201Z Trace      [scx.client.scheduler.TaskQueueManager.TaskThreadProc:451:3831:140535312875264] TaskThreadProc: Launching task execution  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312875264 (0x7fd0ed66ee28)>
    2016-04-07T11:55:17,202Z Trace      [scx.client.messaging.Message:257:3831:140535312101120] The message originated from a local endpoint to local endpoint : direct:PolicyAgent_PolicyEvaluator  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312101120 (0x7fd0ed5b0eb8)>
    2016-04-07T11:55:17,202Z Trace      [scx.client.messaging.Message:258:3831:140535312101120] Skipping Message Authentication Verification.  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312101120 (0x7fd0ed5b0eb8)>
    2016-04-07T11:55:17,202Z Trace      [scx.client.messaging.Message:343:3831:140535312101120] Size of paylaod stream:76  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312101120 (0x7fd0ed5b12a8)>
    2016-04-07T11:55:17,202Z Trace      [scx.client.messaging.Message:389:3831:140535312101120] UTF data: <EvaluatePolicy ResourceType='User'/>[0x000] (* Message contained unprintable (?) characters *)  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312101120 (0x7fd0ed5b1258)>
    2016-04-07T11:55:17,202Z Warning    [scx.client.agents.policy.PolicyEvaluatorEndpoint:37:3831:140535312875264] Request to evaluate policies received when there was already an evaluation in progress.  Second request is ignored.  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312875264 (0x7fd0ed66ed08)>
    2016-04-07T11:55:17,203Z Trace      [scx.client.scheduler.TaskQueueManager.TaskThreadProc:457:3831:140535312875264] TaskThreadProc: Task execution complete  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312875264 (0x7fd0ed66ee28)>
    2016-04-07T11:55:17,203Z Trace      [scx.client.agents.policy.PolicyMessageHandler:40:3831:140535312101120] Policy scheduled message received : <EvaluatePolicy ResourceType='User'/>[0x000] (* Message contained unprintable (?) characters *)  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312101120 (0x7fd0ed5b16a8)>
    2016-04-07T11:55:17,203Z Warning    [scx.client.agents.policy.PolicyMessageHandler:97:3831:140535312101120] Processing of User policies are not supported.  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312101120 (0x7fd0ed5b16a8)>
    2016-04-07T11:55:17,204Z Trace      [scx.client.scheduler.TaskQueueManager.TaskThreadProc:457:3831:140535312101120] TaskThreadProc: Task execution complete  $$<LinuxUNIXClient><04-07-2016 17:25:17.000+330><thread=140535312101120 (0x7fd0ed5b1e28)>


    Regards Sheetla Maurya

    Thursday, April 7, 2016 12:05 PM
  • Dear Sir,

        Will it work if you reinstall the client?

    Best regards,

    Jimmy


    Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, April 12, 2016 3:28 AM
  • Dear Jimmy,

    I did multiple times and multiple machines as well, but no progress at all….

    And we are also facing same issue when we are approving windows workgroup machines in sccm console.

    Please give your valuable suggestion for the same.


    Regards Sheetla Maurya

    Tuesday, April 12, 2016 5:56 AM

  • It is resolved now, flow this step hope it is use full for you...

    Login with domain user (The user must have enroll permission on template and administrator permission on the client machine) on a client machine.
    Open ConfigMgrClientCertificate.inf file in notepad and replace Linux host name with host name as example:
    Open command prompt with Administrator and execute below command like below:
    C:\Linux>certreq -new ConfigMgrClientCertificate.inf ConfigMgrClientCertificate.req

           Generate certificate through below command:
    C:\Linux>certreq -submit ConfigMgrClientCertificate.req ConfigMgrClientCertificate.cer

           Install certificate through below commands:
    C:\Linux>certreq -accept ConfigMgrClientCertificate.cer

    Open RUN and type MMC à FileàAdd/Remove Snap-in à select Certificates à Add à select Computer Account à click Finish à again click on Finish à click OK  à Expand Certificate à Open Personal à Certificates à export certificate with Private key.
    Transfer client setup files & generated to Linux machine.
    Install through below command:

    ./install -mp <FQDN> -sitecode <sitecode> -UsePKICert <PFX certificate> -certpw <password>1234 -NoCRLCheck <Linux client setup file>

    Example:

    ./install -mp pri.ab.com -sitecode PRI -UsePKICert host.pfx -certpw 1234 -NoCRLCheck ccm-Universalx64.1.0.0.4580.tar
    Friday, May 27, 2016 11:04 AM