none
Не устанавливается клиент SCCM 2012 на компьютеры под управлением Windows XP sp3 RRS feed

  • Общие обсуждения

  • Здравствуйте,

    Имеется установленный и настроенный на работу только по HTTPS протоколу SCCM 2012 sp1 на Windows Server 2012, в качестве веб-сервера - IIS 8. В сети присутствуют компьютеры с ОС Windows 7 и Windows XP sp3. Сертификаты на клиентские компьютеры и веб-сервер выданы с помощью промежуточного севера ISSUE, настроены в соответствии с документацией:

    http://blogs.technet.com/cfs-file.ashx/__key/communityserver-components-postattachments/00-03-49-03-87/System-Center-2012-Configuration-Manager-RTM-Advanced-Security-Deployment.pdf

    На компьютеры под управлением ОС Windows 7 установка клиента походит без проблем. На компьютерах под управлением Windows XP sp 3 возникает следующая ошибка:

    (настроенная тестовая вирутальная машина, аналогичная ситуация на остальных клиентских машинах)

    <![LOG[==========[ ccmsetup started in process 3260 ]==========]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="1764" file="ccmsetup.cpp:9100">
    <![LOG[Running on platform X86]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="1764" file="util.cpp:1681">
    <![LOG[Launch from folder C:\WINDOWS\ccmsetup\]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="1764" file="ccmsetup.cpp:721">
    <![LOG[CcmSetup version: 5.0.7804.1000]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="1764" file="ccmsetup.cpp:727">
    <![LOG[In ServiceMain]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmsetup.cpp:3340">
    <![LOG[Running on OS (5.1.2600). Service Pack (3.0). SuiteMask = 256. Product Type = 1]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:2673">
    <![LOG[Ccmsetup command line: "C:\WINDOWS\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:3563">
    <![LOG[Command line parameters for ccmsetup have been specified.  No registry lookup for command line parameters is required.]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:3721">
    <![LOG[Command line: "C:\WINDOWS\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:3722">
    <![LOG[SslState value: 224]LOG]!><time="09:28:13.845-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmsetup.cpp:4330">
    <![LOG[CCMHTTPPORT:    80]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:8280">
    <![LOG[CCMHTTPSPORT:    443]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:8295">
    <![LOG[CCMHTTPSSTATE:    63]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:8313">
    <![LOG[CCMHTTPSCERTNAME:    ]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:8331">
    <![LOG[FSP:    ]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:8383">
    <![LOG[CCMCERTISSUERS:    CN=yaroblgaz-ROOT-CA; DC=yaroblgaz; DC=ru]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:8409">
    <![LOG[CCMFIRSTCERT:    1]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:8441">
    <![LOG[Config file:      C:\WINDOWS\ccmsetup\MobileClientUnicode.tcf]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4432">
    <![LOG[Retry time:       10 minute(s)]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4433">
    <![LOG[MSI log file:     C:\WINDOWS\ccmsetup\Logs\client.msi.log]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4434">
    <![LOG[MSI properties:    INSTALL="ALL" SMSSITECODE="MCM" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="63" CCMCERTISSUERS="CN=yaroblgaz-ROOT-CA; DC=yaroblgaz; DC=ru" CCMFIRSTCERT="1"]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4435">
    <![LOG[Source List:]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4443">
    <![LOG[                  \\srv-sccm.yaroblgaz.ru\SMSClient]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4450">
    <![LOG[                  \\SRV-SCCM.YAROBLGAZ.RU\SMSClient]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4459">
    <![LOG[MPs:]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4462">
    <![LOG[                  HTTPS://srv-sccm.yaroblgaz.ru]LOG]!><time="09:28:13.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:4477">
    <![LOG[No version of the client is currently detected.]LOG]!><time="09:28:13.892-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:2734">
    <![LOG[Updated security on object C:\WINDOWS\ccmsetup\.]LOG]!><time="09:28:13.892-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmsetup.cpp:8944">
    <![LOG[A Fallback Status Point has not been specified.  Message with STATEID='100' will not be sent.]LOG]!><time="09:28:13.892-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:9428">
    <![LOG[Running as user "SYSTEM"]LOG]!><time="09:28:14.017-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:1972">
    <![LOG[Detected 36276 MB free disk space on system drive.]LOG]!><time="09:28:14.017-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="util.cpp:574">
    <![LOG[Checking Write Filter Status.]LOG]!><time="09:28:14.017-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:1999">
    <![LOG[This is not a supported write filter device. We are not in a write filter maintenance mode.]LOG]!><time="09:28:14.017-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:2026">
    <![LOG[Wmi repository check passed.]LOG]!><time="09:28:14.032-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="util.cpp:2276">
    <![LOG[Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=MCM))']LOG]!><time="09:28:14.173-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="lsad.cpp:640">
    <![LOG[OperationalXml '<ClientOperationalSettings><Version>5.00.7804.1000</Version><SecurityConfiguration><SecurityModeMask>63</SecurityModeMask><SecurityModeMaskEx>63</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers>CN=yaroblgaz-ROOT-CA; DC=yaroblgaz; DC=ru</CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202F2308201DAA003020102021038F0BF0BC2F7C8B3445903232FDBC486300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3133303431353132303734305A180F32313133303332333132303734305A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100B92A5771020E2CDC93EFC9DDFE730573B90726CF827F53029509CBD3300E23E982E3942534D531E06BFF2B073ECB17AD770E95534BD339D2B73FD22ACC4CE35F46670F8D80DA9916CD1732F47A3C1ECE76B8EE0119FA9CAB3BE72DAEFB4DDD1EEDE7A37705C5357507318432745D6A63A73FED218E735F5D486FD1CDE869D9ED130616B29CA0BAF6FCC5EDD5D26964FC8BFB5FC5E1763A64CA00E6477A5AB83F84AEF5DCD49D4188DA4FDBC54DF0F90305E1A0D2ABA541F4DDEDF0027708BD2E141A514DE6A66C9523CEBD65C710EF00DC821B892BA70551DE01E0D96D0DB80452431D0ACD11BA4954FAD5CB1117AF69294204953B389A4FD15E17ED1C3684DD0203010001A33A303830200603551D110419301782157372762D7363636D2E7961726F626C67617A2E727530140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B0500038201010015E26C1070301EC4CF4B744747FBF5131CFEB46D3F8628A0B25D64450C8FE0ACF661631F76AB77C58294DBD196792467621005605251A00767C02492E2059458946AAFE5C6048FC89E5C0D683AEE1D774DA0C4492AAD50F42FF1DBE810E15B860C96281C54737A6655B1C64C14C6ECFE6CECAA42BBCA8C8C8D217590197DBD475ED3ACD423E494C7A3CBA1013087C763CCD94B6609AB3226C37D226F5F3F40433951F7544B0FF0BE2462B76E9F50CF2FA97395ED12E65194752F80D454529451DFCA0EFF1DA5E13D20A04BACB076A9609602EEC366F3F7D782FDCDEF9DE380A76F16250D5E42C8B1F6E1FA2881DB6B7126A0ADAF6BDEFB4594FE9D5F6DE99DCE</SiteSigningCert></SecurityConfiguration><RootSiteCode>MCM</RootSiteCode><CCM> <CommandLine>SMSSITECODE=MCM</CommandLine> </CCM><FSP> <FSPServer></FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSL" Version="1" /><Property Name="SSLState" Value="63" /></Capabilities><Domain Value="yaroblgaz.ru" /><Forest Value="yaroblgaz.ru" /></ClientOperationalSettings>']LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="lsadcache.cpp:236">
    <![LOG[Unable to open Registry key Software\Microsoft\CCM. Return Code [80070002]. Client HTTPS state is Unknown.]LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmutillib.cpp:372">
    <![LOG[The MP name retrieved is 'srv-sccm.yaroblgaz.ru' with version '7804' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>']LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="lsadcache.cpp:334">
    <![LOG[MP 'srv-sccm.yaroblgaz.ru' is compatible]LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="lsadcache.cpp:339">
    <![LOG[Retrieved 1 MP records from AD for site 'MCM']LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="lsadcache.cpp:287">
    <![LOG[Retrived site version '5.00.7804.1000' from AD for site 'MCM']LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="siteinfo.cpp:575">
    <![LOG[SiteCode:         MCM]LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:2051">
    <![LOG[SiteVersion:      5.00.7804.1000]LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:2052">
    <![LOG[Ccmsetup is being restarted due to an administrative action. Installation files will be reset and downloaded again.]LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:2086">
    <![LOG[Only one MP HTTPS://srv-sccm.yaroblgaz.ru is specified. Use it.]LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:9745">
    <![LOG[Searching for DP locations from MP(s)...]LOG]!><time="09:28:14.439-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:10683">
    <![LOG[Current AD site of machine is Default-First-Site]LOG]!><time="09:28:14.548-240" date="04-26-2013" component="LocationServices" context="" type="1" thread="2680" file="lsad.cpp:746">
    <![LOG[Local Machine is joined to an AD domain]LOG]!><time="09:28:14.548-240" date="04-26-2013" component="LocationServices" context="" type="0" thread="2680" file="lsad.cpp:698">
    <![LOG[Current AD forest name is yaroblgaz.ru, domain name is yaroblgaz.ru]LOG]!><time="09:28:14.657-240" date="04-26-2013" component="LocationServices" context="" type="1" thread="2680" file="lsad.cpp:818">
    <![LOG[DhcpGetOriginalSubnetMask entry point not supported.]LOG]!><time="09:28:14.657-240" date="04-26-2013" component="LocationServices" context="" type="2" thread="2680" file="ccmiputil.cpp:105">
    <![LOG[Begin checking Alternate Network Configuration]LOG]!><time="09:28:14.657-240" date="04-26-2013" component="LocationServices" context="" type="0" thread="2680" file="ccmiputil.cpp:1095">
    <![LOG[Finished checking Alternate Network Configuration]LOG]!><time="09:28:14.657-240" date="04-26-2013" component="LocationServices" context="" type="0" thread="2680" file="ccmiputil.cpp:1172">
    <![LOG[Adapter {3A760297-1772-478C-BC8E-C6F3C992134D} is DHCP enabled. Checking quarantine status.]LOG]!><time="09:28:14.657-240" date="04-26-2013" component="LocationServices" context="" type="0" thread="2680" file="ccmiputil.cpp:436">
    <![LOG[Sending message body '<ContentLocationRequest SchemaVersion="1.00">
      <AssignedSite SiteCode="MCM"/>
      <ClientPackage/>
      <ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0" UseInternetDP="0">
        <ADSite Name="Default-First-Site"/>
        <Forest Name="yaroblgaz.ru"/>
        <Domain Name="yaroblgaz.ru"/>
        <IPAddresses>
    <IPAddress SubnetAddress="10.122.5.0" Address="10.122.5.128"/>
        </IPAddresses>
      </ClientLocationInfo>
    </ContentLocationRequest>
    ']LOG]!><time="09:28:14.657-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="siteinfo.cpp:96">
    <![LOG[Sending message header '<Msg SchemaVersion="1.1"><ID>{2914887E-A603-4A17-A392-C7A5D0D66F03}</ID><SourceHost>WS-WINXP</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:WS-WINXP:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>HTTPS://srv-sccm.yaroblgaz.ru</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2013-04-26T05:28:14Z</SentTime><Body Type="ByteRange" Offset="0" Length="1114"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>']LOG]!><time="09:28:14.657-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="siteinfo.cpp:177">
    <![LOG[CCM_POST 'HTTPS://srv-sccm.yaroblgaz.ru/ccm_system/request']LOG]!><time="09:28:14.657-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="httphelper.cpp:807">
    <![LOG[Begin searching client certificates based on Certificate Issuers]LOG]!><time="09:28:14.673-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:3833">
    <![LOG[Certificate Issuer 1 [CN=yaroblgaz-ROOT-CA; DC=yaroblgaz; DC=ru]]LOG]!><time="09:28:14.673-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:3849">
    <![LOG[Analyzing 1 Chain(s) found]LOG]!><time="09:28:14.860-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:3889">
    <![LOG[Chain has Certificate [Thumbprint 984C385C2181212D0DFCE5552A2CC8A778D02608] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.860-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:3910">
    <![LOG[Chain has Certificate [Thumbprint 3FF56CA140A37966FEF78FC02EAA85F84DBC4822] issued to 'yaroblgaz-ISSUE1-CA']LOG]!><time="09:28:14.860-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:3910">
    <![LOG[Chain has Certificate [Thumbprint DA01D9F342256850E5019FA27A4BA1EB617389F4] issued to 'yaroblgaz-ROOT-CA']LOG]!><time="09:28:14.860-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:3910">
    <![LOG[Based on Certificate Issuer 'yaroblgaz-ROOT-CA' found Certificate [Thumbprint 984C385C2181212D0DFCE5552A2CC8A778D02608] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:3931">
    <![LOG[Begin validation of Certificate [Thumbprint 984C385C2181212D0DFCE5552A2CC8A778D02608] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.860-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:1245">
    <![LOG[CRL check enabled. ]LOG]!><time="09:28:14.860-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:1318">
    <![LOG[Verification of Certificate chain returned 80092012]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:1032">
    <![LOG[Completed validation of Certificate [Thumbprint 984C385C2181212D0DFCE5552A2CC8A778D02608] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:1386">
    <![LOG[Analyzing 1 Chain(s) found]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:3889">
    <![LOG[Chain has Certificate [Thumbprint 1DD47450BCE8FE18A5752164E203F125903539E3] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:3910">
    <![LOG[Chain has Certificate [Thumbprint 3FF56CA140A37966FEF78FC02EAA85F84DBC4822] issued to 'yaroblgaz-ISSUE1-CA']LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:3910">
    <![LOG[Chain has Certificate [Thumbprint DA01D9F342256850E5019FA27A4BA1EB617389F4] issued to 'yaroblgaz-ROOT-CA']LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:3910">
    <![LOG[Based on Certificate Issuer 'yaroblgaz-ROOT-CA' found Certificate [Thumbprint 1DD47450BCE8FE18A5752164E203F125903539E3] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:3931">
    <![LOG[Begin validation of Certificate [Thumbprint 1DD47450BCE8FE18A5752164E203F125903539E3] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:1245">
    <![LOG[CRL check enabled. ]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:1318">
    <![LOG[Verification of Certificate chain returned 80092012]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:1032">
    <![LOG[Completed validation of Certificate [Thumbprint 1DD47450BCE8FE18A5752164E203F125903539E3] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:1386">
    <![LOG[Completed searching client certificates based on Certificate Issuers]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:3992">
    <![LOG[Begin to select client certificate]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:4073">
    <![LOG[The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:4109">
    <![LOG[2 certificate(s) found in the 'MY' certificate store.]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:4137">
    <![LOG[The 'MY' of 'Local Computer' store has 2 certificate(s). Using custom selection criteria based on the machine name.]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:4176">
    <![LOG[Machine name is 'ws-winxp.yaroblgaz.ru'.]LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:2248">
    <![LOG[Begin validation of Certificate [Thumbprint 984C385C2181212D0DFCE5552A2CC8A778D02608] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.876-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:1245">
    <![LOG[The Certificate [Thumbprint 984C385C2181212D0DFCE5552A2CC8A778D02608] issued to 'ws-winxp.yaroblgaz.ru' has 'Client Authentication' capability.]LOG]!><time="09:28:14.892-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmcert.cpp:569">
    <![LOG[Completed validation of Certificate [Thumbprint 984C385C2181212D0DFCE5552A2CC8A778D02608] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.892-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:1386">
    <![LOG[>>> Client selected the PKI Certificate [Thumbprint 984C385C2181212D0DFCE5552A2CC8A778D02608] issued to 'ws-winxp.yaroblgaz.ru']LOG]!><time="09:28:14.892-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmcert.cpp:4217">
    <![LOG[GetDPLocations failed with error 0x80072ee2]LOG]!><time="09:29:15.534-240" date="04-26-2013" component="ccmsetup" context="" type="3" thread="2680" file="siteinfo.cpp:532">
    <![LOG[Failed to get DP locations as the expected version from MP 'HTTPS://srv-sccm.yaroblgaz.ru'. Error 0x80072ee2]LOG]!><time="09:29:15.534-240" date="04-26-2013" component="ccmsetup" context="" type="2" thread="2680" file="ccmsetup.cpp:10926">
    <![LOG[A Fallback Status Point has not been specified.  Message with STATEID='101' will not be sent.]LOG]!><time="09:29:15.534-240" date="04-26-2013" component="ccmsetup" context="" type="1" thread="2680" file="ccmsetup.cpp:9428">
    <![LOG[Next retry in 10 minute(s)...]LOG]!><time="09:29:15.534-240" date="04-26-2013" component="ccmsetup" context="" type="0" thread="2680" file="ccmsetup.cpp:8498">

    При попытке подключиться к https://srv-sccm.yaroblgaz.ru/ccm_system/request через IE с Windows 7 - происходит запрос сертификата, при попытке подключиться туда же с компьютеров с Windows XP sp3 - "Internet Explorer не может отобразить веб-страницу".

    В IIS параметры SSL настроеные для Default Web Site: Требовать SSL, сертификат клиента - Требовать.

    Бьюсь с проблемой 6-ой день, иссякли варианты в какою сторону копать.

    26 апреля 2013 г. 6:23

Все ответы

  • значит нет сертификата в локальном хранилище сертификатов компьютера.

    Проверьте свойства сайта, в каком он режиме - HTTPS only? Если да, то создайте сертификат для клиента и загрузите еге в хранилище Windows xp.


    Vladimir Zelenov | http://systemcenter4all.wordpress.com


    26 апреля 2013 г. 7:55
    Отвечающий
  • Сертификат на компьютер корректно выдается и находятся в личном хранилище , в логе видно что сертификат обнаружен. Режим - HTTPS only. DNS записи корректны. Порты доступны.

    GetDPLocations failed with error 0x80072ee2

    Гугление по данной ошибке в большинстве случев приводит к ответу - переустановите MP, DP и IIS, но это самый самый крайний вариант, хотелось бы разобраться в корне проблемы. Переустановить 200 компьютеров с XP - не вариант.

    Дополнительная информация:

    Метод установки push install, границы определены AD контейнерами. Также подозрительно выглядит ситуация с тем что https://srv-sccm.yaroblgaz.ru/ccm_system/request не запрашивает сертификат если ломиться туда с Windows XP машины. (сертификат выдан на компьютер, но он должен выдать хотя бы форму запроса пользовательских сертификатов, а этого нет).

    26 апреля 2013 г. 10:09