locked
Config Manager - Current Branch 1819 - CcmMessaging - windowsauth/request failed with 0x8000000a RRS feed

  • Question

  • Hi,

    Its not my environment, but I've been asked to troubleshoot various errors within SCCM. They've recently enabled HTTPS/PKI communication between the clients and primary box, and I think(?) they're all related in some way? 

    One error I'm seeing is within the ccmmessaging.log, saying

    "no reply message from server, server may be temporarily down or transient error"

    "post to https://sccm.co.uk/ccm_system_windowsauth/request failed with 0x8000000a"

    I'm also seeing an error on another box with this error:

    "post to https://sccm.co.uk/ccm_system_windowsauth/request failed with 0x87d00231"

    If anyone can help, that would be great.

    Cheers

    Monday, March 18, 2019 1:34 PM

Answers

  • Hi all,

    Just to let you know, although the user discovery was enabled, when I looked at it, it seems the discovery isn't syncing to all OU's, so happens to be missing an OU where some users lived. I haven't changed the discovery yet, but I believe this to be the problem as it can't match the user in AD to the user using the device.

    Thanks for your help.

    • Marked as answer by Wookie5375 Tuesday, March 26, 2019 11:33 AM
    Tuesday, March 26, 2019 11:33 AM

All replies

  • 0x87d00231 = "Transient error"

    This is indicative of an issue at the network transport layer between the client and the MP or could be a health issue with the MP itself.

    Have you validated the health of the MP after the switch?


    Jason | https://home.configmgrftw.com | @jasonsandys

    Monday, March 18, 2019 6:28 PM
  • Hi,

    Please refer to below blog, try to check if your Active Directory User Discovery is being disabled in your site? Enable Active Directory User Discovery could make this error disappear:
    https://nhogarth.net/2019/01/18/sccm-current-branch-currently-logged-on-user-in-console-not-displaying/

    Regards,
    Allen

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, March 19, 2019 6:17 AM
  • Hi Allen,

    Yeah, I have checked this and the user discovery is enabled. I was hoping it was going to be that easy, but it doesn't look like it is :(

    Thanks

    Tuesday, March 19, 2019 8:46 AM
  • Hi Jason,

    The MP looks fine, as in, the logs and monitoring doesn't seem to show any issues.

    The transport layer is playing on my mind. I have a change control scheduled to update .net, as they have disabled SSL and look to have enabled TLS 1.2. So I'm hoping this is part/the problem?

    If the .net doesn't fix it, I was going to investigate the ciphers???

    Thanks

    Tuesday, March 19, 2019 8:50 AM
  • Did they follow the whitepaper on enabling TLS 1.2: https://support.microsoft.com/en-us/help/4040243/how-to-enable-tls-1-2-for-configuration-manager?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, March 19, 2019 6:09 PM
  • Hi Jason,

    I like to think they did, but I'm doing the .net stuff in a change control today (just the sccm box and another server). I'll let you know how that goes......

    Wednesday, March 20, 2019 9:05 AM
  • Hi all,

    Just to let you know, although the user discovery was enabled, when I looked at it, it seems the discovery isn't syncing to all OU's, so happens to be missing an OU where some users lived. I haven't changed the discovery yet, but I believe this to be the problem as it can't match the user in AD to the user using the device.

    Thanks for your help.

    • Marked as answer by Wookie5375 Tuesday, March 26, 2019 11:33 AM
    Tuesday, March 26, 2019 11:33 AM