locked
Server rejected registration request RRS feed

  • Question

  • I am looking for help in trouble shooting a few client that refuse to connect to my sccm 2012.  The error I am seeing in the ClientIDManagerStartup.log file is "Server rejected registration request : 3".

    CertificateMaintenance.log file is happy with the certificate

    SCCM server windows 2008 R2 sp1

    AD is in Native mode

    Failed clients are windows 2008 R2 sp1 running WSUS.  (WSUS is not part of sccm)

    I have uninstalled and reinstalled the agent and delete the folders and the two cert that goes with the agent.  I just can't figure out what to try next.  Please help.

    Jonathan

    Friday, March 7, 2014 4:38 PM

Answers

  • what does MP_RegistrationManager.log says ? did it talk about certificates expiry or something related ?

    is this happening on all machines or only on the problem computer ?



    Eswar Koneti | Configmgr blog: www.eskonr.com | Linkedin: Eswar Koneti | Twitter: Eskonr

    • Marked as answer by Joyce L Monday, March 17, 2014 10:42 AM
    Thursday, March 13, 2014 5:24 AM
  • It looks like it is related to Mcafee epo server cert.  I uninstalled epo from one of the servers having the issue and problem went away.  The problem is I can't uninstall it from this server.  Any idea?   Yes I did what you said.
    Thursday, March 13, 2014 9:09 PM

All replies

  • Jonathan,

    Take a look at the following. Delete the SMSCFG.ini from the windows folder. Delete the cert and reset SMSHost service.

    http://shankarkannappa.wordpress.com/tag/server-rejected-registration-request-3-client-not-receiving-policies/


    Cheers

    Paul | sccmentor.wordpress.com

    Friday, March 7, 2014 4:58 PM
  • Nope.  That did not work.  Same error.  What should I try next.

    Jonathan

    Friday, March 7, 2014 5:44 PM
  • I came across a post that talked about the cert for epo interfering with the cert for sccm agent.  They did not talk about how this fixed it.  So did anyone else come across this and if so how did you fix it.

    Jonathan

    Friday, March 7, 2014 8:09 PM
  • Monday, March 10, 2014 9:20 AM
  • I looked at the MP_Clireg.log and saw:

    <![LOG[Inv: Site Server Inventory Collection maps to C:\Program Files\Microsoft Configuration Manager\inboxes\inventry.box]LOG]!><time="17:47:00.658+300" date="03-10-2014" component="MP_ClientRegistration" context="" type="1" thread="6148" file="mpconfig.cpp:347">
    <![LOG[Inv: SMS_AMT_PROXY_COMPONENT maps to C:\Program Files\Microsoft Configuration Manager\inboxes\amtproxymgr.box]LOG]!><time="17:47:00.658+300" date="03-10-2014" component="MP_ClientRegistration" context="" type="1" thread="6148" file="mpconfig.cpp:347">
    <![LOG[Could not load logging configuration for component MP_RegistrationManager. Using default values.]LOG]!><time="17:47:00.736+300" date="03-10-2014" component="MP_ClientRegistration" context="" type="2" thread="6148" file="stdlogging.cpp:480">

    This pointed me to look at to urls:

    http://sms_mp_servername/.sms_aut?mplist

    http:// sms_mp_servername /.sms_aut?mpcert

    They both returned data like they should and the same as the clients that work.  Next suggestion

    Thanks,  Jonathan

    Tuesday, March 11, 2014 8:13 PM
  • what does MP_RegistrationManager.log says ? did it talk about certificates expiry or something related ?

    is this happening on all machines or only on the problem computer ?



    Eswar Koneti | Configmgr blog: www.eskonr.com | Linkedin: Eswar Koneti | Twitter: Eskonr

    • Marked as answer by Joyce L Monday, March 17, 2014 10:42 AM
    Thursday, March 13, 2014 5:24 AM
  • <![LOG[Raising event:
    [SMS_CodePage(437), SMS_LocaleID(1033)]
    instance of MpEvent_CertInvalidChain
    {
     ClientID = "GUID:5C9D5A19-44B6-4A19-99F9-2E7B062CF2CE";
     DateTime = "20140313134915.132000+000";
     MachineName = "SCCM2012-FDQN";
     ProcessID = 2672;
     SiteCode = "SOC";
     SubjectName = "AH_SCCM201201";
     ThreadID = 328;
     Win32ErrorCode = 2148204810;
    };
    ]LOG]!><time="08:49:15.137+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="1" thread="328" file="event.cpp:706">
    <![LOG[MP Reg: Registration request body is invalid.]LOG]!><time="08:49:15.140+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="2" thread="328" file="regtask.cpp:1754">
    <![LOG[MP Reg: Registration failed.]LOG]!><time="08:49:15.140+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="2" thread="328" file="regtask.cpp:169">
    <![LOG[MP Reg: Processing completed. Completion state = 0]LOG]!><time="08:49:15.151+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="1" thread="328" file="regtask.cpp:207">
    <![LOG[Processing Registration request from Client 'GUID:8559DEF4-295C-4E37-84FF-65301F14AFEB']LOG]!><time="08:54:14.746+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="1" thread="6064" file="regtask.cpp:1011">
    <![LOG[Begin validation of Certificate [Thumbprint 1D58870477BC7B3C0C2BF46C59726F068CD71583] issued to 'AH_SCCM201201']LOG]!><time="08:54:14.753+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="1" thread="6064" file="ccmcert.cpp:1245">
    <![LOG[Completed validation of Certificate [Thumbprint 1D58870477BC7B3C0C2BF46C59726F068CD71583] issued to 'AH_SCCM201201']LOG]!><time="08:54:14.763+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="1" thread="6064" file="ccmcert.cpp:1386">
    <![LOG[MP Reg: Client in-band certificate is not valid due to failures in certificate chain validation, Raising status event. Failure HR = 0x800b010a, In-band Cert SubjectName = AH_SCCM201201]LOG]!><time="08:54:14.763+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="2" thread="6064" file="regtask.cpp:911">
    <![LOG[Raising event:
    [SMS_CodePage(437), SMS_LocaleID(1033)]
    instance of MpEvent_CertInvalidChain
    {
     ClientID = "GUID:5C9D5A19-44B6-4A19-99F9-2E7B062CF2CE";
     DateTime = "20140313135414.767000+000";
     MachineName = "SCCM2012-FDQN";
     ProcessID = 2672;
     SiteCode = "SOC";
     SubjectName = "AH_SCCM201201";
     ThreadID = 6064;
     Win32ErrorCode = 2148204810;
    };
    ]LOG]!><time="08:54:14.774+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="1" thread="6064" file="event.cpp:706">
    <![LOG[MP Reg: Registration request body is invalid.]LOG]!><time="08:54:14.776+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="2" thread="6064" file="regtask.cpp:1754">
    <![LOG[MP Reg: Registration failed.]LOG]!><time="08:54:14.776+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="2" thread="6064" file="regtask.cpp:169">
    <![LOG[MP Reg: Processing completed. Completion state = 0]LOG]!><time="08:54:14.786+300" date="03-13-2014" component="MP_RegistrationManager" context="Registration" type="1" thread="6064" file="regtask.cpp:207">

    I am not sure what it means by "certificate chain"?

    Any idea?

    Jonathan

    Thursday, March 13, 2014 7:53 PM
  • Certificate chain means that the chain (top cert - intermedidate cert - root cert) one of them is missing or expired.

    When you Native mode, you mean you are running in HTTPS mode?  You can also delete the client from the console, if present.  Other things to do is to reinstall the client and use the /resetkeyinformation.


    http://www.sccm-tools.com http://sms-hints-tricks.blogspot.com

    Thursday, March 13, 2014 8:24 PM
  • It looks like it is related to Mcafee epo server cert.  I uninstalled epo from one of the servers having the issue and problem went away.  The problem is I can't uninstall it from this server.  Any idea?   Yes I did what you said.
    Thursday, March 13, 2014 9:09 PM