locked
No policy post SCCM client installtion RRS feed

  • Question

  • Hi Team,

    I have several machines reporting to my MP fine and one machine I see below error in CertificateMaintenance.log

    Creating Signing Certificate... 1/7/2020 11:21:14 AM 6788 (0x1A84)
    Crypt acquire context failed with 0x80070005. 1/7/2020 11:21:15 AM 6788 (0x1A84)
    Failed to create certificate 80070005 1/7/2020 11:21:15 AM 6788 (0x1A84)
    CCMDoCertificateMaintenance() failed (0x80070005). 1/7/2020 11:21:15 AM 6788 (0x1A84)
    Raising pending event:
    instance of CCM_ServiceHost_CertificateOperationsFailure
    {
    DateTime = "20200107162115.030000+000";
    HRESULT = "0x80070005";
    ProcessID = 12052;
    ThreadID = 6788;
    };
    1/7/2020 11:21:15 AM 6788 (0x1A84)
    CCMDoCertificateMaintenance() raised CCM_ServiceHost_CertificateOperationsFailure status event. 1/7/2020 11:21:15 AM 6788 (0x1A84)

    ClientIDmanagerstartup.lop 

    RegTask: Failed to get certificate. Error: 0x80004005 

    And also i dont see a self signed cert (SMS Signing Certificate) in MMC. I see only SMS Encryption Certificate. I compared SMS ENCRYPTION CERt with the working machine and i feel its not created properly.  

    Rest all looks good only issue is i don't see rest of the actions in Action tab. 

    Please help


    Regards, Santhosh B S


    • Edited by Santhosh BS Tuesday, January 7, 2020 4:36 PM
    Tuesday, January 7, 2020 4:31 PM

All replies

  • Hi,

    This is possibility caused by an issue with the RSA machine keys on the client, we may try below steps:
    1.First stop the ccmexec service or SMSAgentHost service on the machine.
    2.Goto the location \c$\ProgramData\Microsoft\Crypto\RSA\MachineKeys(Hidden Folder)
    3.Check for this system file starting with 19c5cf9c7b5dc9de3e548adb70398402_36b8284c-fb19-4e8d-8b06-03433f195f77 (it may be different for different machine but it starts with 19 only)
    4.Delete the file(You could do a backup first) and restart the SMSAgenHost service again.
    5.Now check ClientIDManagerStartup.log, issue should be resolved.

    For the reference:
    https://docs.microsoft.com/en-us/archive/blogs/smsandmom/configmgr-2007-clients-not-installed-regtask-failed-to-get-certificate-error-0x80004005
    http://www.mssccm.com/uncategorized/sccm-client-registration-failed-regtask-failed-to-get-certificate-error-0x80004005/
    (Third party link, just for your reference!)

    Regards,
    Allen

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, January 8, 2020 6:10 AM
  • Hi Allen,

    Thanks for the reply. I don't see the file which you have mentioned by default.


    Regards, Santhosh B S

    Wednesday, January 8, 2020 10:32 AM
  • Hi,

    If you mean can not find the file, then make sure you have enable the Hidden items, if you can see the MachineKeys folder, is there not a file start with '19'? Is there any other file? 


    Regards,
    Allen

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Thursday, January 9, 2020 1:21 AM
  • Hi Allen,

    I followed you and i dont see the file. but, in all other servers i see. By default the file should get create or how?

    Please guide. 


    Regards, Santhosh B S

    Monday, January 13, 2020 3:36 PM
  • Hi,

    The file should be created when SMSAgentHost service startup, have you check the status of your SMSAgentHost service? Does it in "Running" status? Have you tried to restarted it? And have you tried to reinstall the client agent on this machine?

    Regards,
    Allen

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, January 14, 2020 8:22 AM
  • Hi Allen,

    sorry for the late reply. Yes the service is running and i did reinstall the SCCM agent and i gave full control fo rthe users on the folder \c$\ProgramData\Microsoft\Crypto\RSA\MachineKeys but no luck. 


    Regards, Santhosh B S

    Tuesday, August 18, 2020 2:07 PM