question

DominiqueDUCHEMIN-4668 avatar image
0 Votes"
DominiqueDUCHEMIN-4668 asked saldana-msft edited

Installation Client failing

Hello,

I have issues with some servers in Azure which are not getting the CM Client installed:

Server name
DNS Name=CZOHVCXSCP01.ad
Operating System: Microsoft Windows Server 2019 Datacenter
Configuration Manager 2010 KB4594177


==========[ ccmsetup started in process 15340 ]========== ccmsetup 4/1/2021 12:48:53 PM
Running on platform X64
Launch from folder C:\windows\ccmsetup\
CcmSetup version: 5.0.9040.1010
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.
In ServiceMain
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0
Failed to get MDM_ConfigSetting instance, 0x80041013
[CZOHVCXSCP01] Running on 'Microsoft Windows Server 2019 Datacenter' (10.0.17763). Service Pack (0.0). SuiteMask = 400. Product Type = 18
Ccmsetup command line: "C:\windows\ccmsetup\ccmsetup.exe" /runservice /ForceInstall /ignoreskipupgrade /config:MobileClient.tcf
Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.
SslState value: 224
CCMHTTPPORT: 80
CCMHTTPSPORT: 443
CCMHTTPSSTATE: 480
CCMHTTPSCERTNAME:
Lookup MP: VRPSCCMPR01.ad
FSP: VRPSCCMRS01.ad
CCMCERTSTORE: MY
CCMCERTISSUERS: CN=ad-VRCA-CA; DC=ad; DC=yyyyyy; DC=xxxx; DC=aaa | CN=XXXX Zzzzz Root Certificate Authority
CCMFIRSTCERT: 1
CCMPKICERTOPTIONS: 1
MANAGEDINSTALLER: 0
Begin searching client certificates based on Certificate Issuers
Certificate Issuer 1 [CN=ad-VRCA-CA; DC=ad; DC=yyyyyy; DC=xxxx; DC=aaa]
Certificate Issuer 2 [CN=XXXX zzzzz Root Certificate Authority]
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to [] issued by [CN=XXXX zzzz AD Certificate Authority-CA1; DC=ad; DC=yyyyyy; DC=xxxx; DC=aaa]
Chain has Certificate [Thumbprint 3D4FDAC359EF8DA12CDE84FA6C31237A00021FF7] issued to [CN=XXXX Zzzzz AD Certificate Authority-CA1, DC=ad, DC=yyyyyy, DC=xxxx, DC=aaa] issued by [CN=XXXX Zzzzz Root Certificate Authority]
Chain has Certificate [Thumbprint B60BA9406B1B7ADBF4848CE3DA0E977105C2ED92] issued to [CN=XXXX Zzzzz Root Certificate Authority] issued by [CN=XXXX Zzzzz Root Certificate Authority]
Based on Certificate Issuer 'CN=XXXX Zzzzz Root Certificate Authority' found Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to 'CZOHVCXSCP01.ad'
Begin validation of Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to 'CZOHVCXSCP01.ad'
CRL check enabled.
Verification of Certificate chain returned 80092013
Completed validation of Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to CZOHVCXSCP01.ad'
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint 9A0520DB27147AF3D1E1727ED3D0FE7ACE8C7344] issued to [DC=Windows Azure CRP Certificate Generator] issued by [DC=Windows Azure CRP Certificate Generator]
Failed to get certificate subject name using type 6 [80092004]
Failed to get certificate subject name using type 3 [80092004]
Cannot get subject name for cert '9A0520DB27147AF3D1E1727ED3D0FE7ACE8C7344'. Ignoring it.
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint 18515AAEC279159B14CD6A8439E5BF139306D6DB] issued to [CN=cxohiasharefile.mednet.xxxx.aaa, OU= (MITS), O="", STREET=Avenue, L=Los Angeles, S=California, PostalCode=90095, C=US] issued by [CN=InCommon RSA Server CA; OU=InCommon; O=Internet2; L=Ann Arbor; S=MI; C=US]
Chain has Certificate [Thumbprint F5FB01DEA6E59CA6DD057054F4A3FF72DDE1D5C6] issued to [CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, S=MI, C=US] issued by [CN=USERTrust RSA Certification Authority; O=The USERTRUST Network; L=Jersey City; S=New Jersey; C=US]
Chain has Certificate [Thumbprint 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E] issued to [CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US] issued by [CN=USERTrust RSA Certification Authority; O=The USERTRUST Network; L=Jersey City; S=New Jersey; C=US] ccmsetup 4/1/2021 12:49:39 PM 2796 (0x0AEC)
Skipping Certificate [Thumbprint 18515AAEC279159B14CD6A8439E5BF139306D6DB] issued to 'cxohiasharefile.mednet.xxxx.aaa' as root is 'CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US' ccmsetup 4/1/2021 12:49:39 PM 2796 (0x0AEC)
Completed searching client certificates based on Certificate Issuers
Begin to select client certificate
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.
1 certificate(s) found in the 'MY' certificate store.
Only one certificate present in the certificate store.
Begin validation of Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to 'CZOHVCXSCP01.ad'
Allowing usage of CNG key storage.
The Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to 'CZOHVCXSCP01.ad' has 'Client Authentication' capability.
Completed validation of Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to 'CZOHVCXSCP01.ad'

Client selected the PKI Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to 'CZOHVCXSCP01.ad'

Failed to read assigned site code from registry. Error code = 0x80070002
Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=UCP))'
OperationalXml '<ClientOperationalSettings><Version>5.00.9040.1016</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>480</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers>CN=ad-VRCA-CA; DC=ad; DC=yyyyyy; DC=xxxx; DC=aaa | CN=XXXX Zzzzz Root Certificate Authority</CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><PKICertOptions>1</PKICertOptions><SiteSigningCert>308202FB308201E3A00302010202103D2CFCA6B6FD15A64B1C3CAA9ACFCD7B300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3137303830373138353235385A180F32313137303731353138353235385A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100C7904737D5B3DD55C86AA0B8B01078ABCF81947F2FB7142C1760E6CA55255C8DB8B125A963DE0AE2E9AB97FACAE264A166BDCF36F82AEBC48BB5ADB52074FD27754B9CE59B41CECF414ED3099FE0C5A8290AC4FDDE2DE946AE65F7EE4C789908E2E216E350DEF620074A9E070D3184EB850847683F527517A35828F9D80E71FF72962F449699B5704BC716636D4B8F8294DCAD6FF7B5125EACABE9DD3F9D284E538404A7613EF61DD62BF8AEBA7F426AC3EAF86FA33FB561DFF69292B023DD1145E1923828F2A20C55B8B0EA7AED8DEADC5E1B481052EB851056B7C12CEEF837CD0F7F0D7D1188184B4F8BFCB71C3FBBCDFE511E849E9126182FA243999717190203010001A343304130290603551D1104223020821E5652505343434D505230312E61642E6D65646374722E75636C612E65647530140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B05000382010100A1324457D7CE23ECD76D2C01C7CB8CE7A169CE51E80BA99FA99391720C773B52AEA7874ACB6A275105C1838D4E9B5593A6990A238E4E1F7F13C17DBB3FEBA98B9DA9ACD590077CCA6055BC758AE0A5819368D9E7BEB213D6C96A273D577B432F9F4650542E6BDF357F34C5B1DD3170D002DA0AD725B1266165C7054F61A3AD62089948299CBB7C725B3197773A3ACA0868AA6E568BA5686924F8A57BC3EE1735D6FBA9564871470F45B50EC27390688BA36AF33F8B314EC6E0BC63916DDC9EDD1C9B958787DAD8337FB8CFC9DC1249B454440E80266E9F010B3D0BA39D7F778A6C16AAAE540A6155DEA6440D5B0416C142D60C035D4D7FEBBFBAAEA65BEDB1BC</SiteSigningCert></SecurityConfiguration><RootSiteCode>UCP</RootSiteCode><CCM> <CommandLine>SMSSITECODE=UCP DNSSUFFIX=ad SMSMP=VRPSCCMPR01.ad CCMHOSTNAME=SCCMinternet.ad FSP=VRPSCCMRS01.ad</CommandLine> </CCM><FSP> <FSPServer>VRPSCCMRS01.ad</FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSL" Version="1" /><Property Name="SSLState" Value="63" /></Capabilities><Domain Value="ad" /><Forest Value="ad" /><AADConfig Version="1.0"><Tenants></Tenants></AADConfig></ClientOperationalSettings>' ccmsetup 4/1/2021 12:49:40 PM 2796 (0x0AEC)
The MP name retrieved is ' VRPSCCMPR01.ad' with version '9040' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>'
MP ' VRPSCCMPR01.ad' is compatible
The MP name retrieved is ' VRPSCCMMS03.ad' with version '9040' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>'
MP ' VRPSCCMMS03.ad' is compatible
Retrieved 2 MP records from AD for site 'UCP'
No AAD tenants information found.
Persisted AAD on-boarding info.
FromAD: FSP = VRPSCCMRS01.ad
FromAD: command line = SMSSITECODE=UCP DNSSUFFIX=ad SMSMP= VRPSCCMPR01.ad CCMHOSTNAME= SCCMinternet.ad FSP= VRPSCCMRS01.ad
Local Machine is joined to an AD domain
Current AD forest name is ad, domain name is ad
Domain joined client is in Intranet
CMPInfoFromADCache requests are throttled for 00:59:59
Found MP https://VRPSCCMPR01.ad from AD
Found MP https://VRPSCCMMS03.ad from AD
Successfully refresh bootstrap information from AD.
Begin searching client certificates based on Certificate Issuers
Certificate Issuer 1 [CN=ad-VRCA-CA; DC=ad; DC=yyyyyy; DC=xxxx; DC=aaa]
Certificate Issuer 2 [CN=XXXX Zzzzz Root Certificate Authority]
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to [] issued by [CN=XXXX Zzzzz AD Certificate Authority-CA1; DC=ad; DC=yyyyyy; DC=xxxx; DC=aaa]
Chain has Certificate [Thumbprint 3D4FDAC359EF8DA12CDE84FA6C31237A00021FF7] issued to [CN=XXXX Zzzzz AD Certificate Authority-CA1, DC=ad, DC=yyyyyy, DC=xxxx, DC=aaa] issued by [CN=XXXX Zzzzz Root Certificate Authority]
Chain has Certificate [Thumbprint B60BA9406B1B7ADBF4848CE3DA0E977105C2ED92] issued to [CN=XXXX Zzzzz Root Certificate Authority] issued by [CN=XXXX Zzzzz Root Certificate Authority]
Based on Certificate Issuer 'CN=XXXX Zzzzz Root Certificate Authority' found Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to ' CZOHVCXSCP01.ad'
Begin validation of Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to ' CZOHVCXSCP01.ad'
CRL check enabled.
Verification of Certificate chain returned 80092013
Completed validation of Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to ' CZOHVCXSCP01.ad'
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint 9A0520DB27147AF3D1E1727ED3D0FE7ACE8C7344] issued to [DC=Windows Azure CRP Certificate Generator] issued by [DC=Windows Azure CRP Certificate Generator]
Failed to get certificate subject name using type 6 [80092004]
Failed to get certificate subject name using type 3 [80092004]
Cannot get subject name for cert '9A0520DB27147AF3D1E1727ED3D0FE7ACE8C7344'. Ignoring it.
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint 18515AAEC279159B14CD6A8439E5BF139306D6DB] issued to [CN=cxohiasharefile.mednet.xxxx.aaa, OU=Medical Information Technology Services (MITS), O="", STREET=, L=Los Angeles, S=California, PostalCode=90095, C=US] issued by [CN=InCommon RSA Server CA; OU=InCommon; O=Internet2; L=Ann Arbor; S=MI; C=US]
Chain has Certificate [Thumbprint F5FB01DEA6E59CA6DD057054F4A3FF72DDE1D5C6] issued to [CN=InCommon RSA Server CA, OU=InCommon, O=Internet2, L=Ann Arbor, S=MI, C=US] issued by [CN=USERTrust RSA Certification Authority; O=The USERTRUST Network; L=Jersey City; S=New Jersey; C=US]
Chain has Certificate [Thumbprint 2B8F1B57330DBBA2D07A6C51F70EE90DDAB9AD8E] issued to [CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US] issued by [CN=USERTrust RSA Certification Authority; O=The USERTRUST Network; L=Jersey City; S=New Jersey; C=US]
Skipping Certificate [Thumbprint 18515AAEC279159B14CD6A8439E5BF139306D6DB] issued to ' cxohiasharefile.mednet.ucla.edu' as root is 'CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, S=New Jersey, C=US'
Completed searching client certificates based on Certificate Issuers ccmsetup 4/1/2021 12:49:40 PM 2796 (0x0AEC)
Begin to select client certificate
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.
1 certificate(s) found in the 'MY' certificate store.
Only one certificate present in the certificate store.
Begin validation of Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to ' CZOHVCXSCP01.ad'
Allowing usage of CNG key storage.
The Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to ' CZOHVCXSCP01.ad' has 'Client Authentication' capability.
Completed validation of Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to ' CZOHVCXSCP01.ad'

Client selected the PKI Certificate [Thumbprint A761955E74FD4FC9DFA050E25B2CD6CECE94D9FD] issued to 'CZOHVCXSCP01.ad'

Config file: C:\windows\ccmsetup\MobileClientUnicode.tcf
Retry time: 10 minute(s) ""

Any idea what is going on?

Client Authentication Certificate: checked
Network Firewall: telnet commands passed successfully
Windows Firewall: OFF checked
Boundaries: correct
![83767-2021-04-01-12-06-47-boundaries.png][2]
Trying the url from IE locally on the Client and it works...
![83853-2021-04-01-16-23-21-ccm-client-url.png][1]

It seems the certificate is not getting picked!!

Thanks,
Dom


[1]: /answers/storage/attachments/83853-2021-04-01-16-23-21-ccm-client-url.png
[2]: /answers/storage/attachments/83767-2021-04-01-12-06-47-boundaries.png
mem-cm-generalmem-cm-site-deployment
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HanyunZhu-MSFT avatar image
1 Vote"
HanyunZhu-MSFT answered

@DominiqueDUCHEMIN-4668

Thanks for posting in Microsoft Q&A forum.

After research, the failed installation failed because the PKI certificate does not meet the requirements.

It is suggested to check whether the PKI certificates meets the requirements. For the detailed requirements, please refer to client authentication section in this link: https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/pki-certificate-requirements

What's more, if we are using internal CA to create the certificate, we can refer to the following link: https://ginutausif.com/move-configmgr-site-to-https-communication/ to see if we have missed anything.
Note: This is not from MS, just for your reference.


If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.




5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HanyunZhu-MSFT avatar image
2 Votes"
HanyunZhu-MSFT answered

@DominiqueDUCHEMIN-4668

Thanks for posting in Microsoft Q&A forum.

Accroding to the log you provided, there was a certificate which has "Client Authentication" capability had been picked and validated completely.
83925-log.png

I have done a lot of research based on the available information, but I haven't found any other problems. In order to determine the causes of the failed installation, clould you please upload your complete ccmsetup.log (with sensitive information masked)?

Thanks for your time.


If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



log.png (77.5 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DominiqueDUCHEMIN-4668 avatar image
0 Votes"
DominiqueDUCHEMIN-4668 answered DominiqueDUCHEMIN-4668 edited

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DominiqueDUCHEMIN-4668 avatar image
0 Votes"
DominiqueDUCHEMIN-4668 answered DominiqueDUCHEMIN-4668 edited

Hello,

reviewing the certificates imported from our internal CA server... it is the same import as for the other 29,000+ clients which are working!!!!
Most of the failure are in Azure...

Thanks,
Dom

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered yannara commented

Hello,

One more...

ccmsetup.log

==========[ ccmsetup started in process 3076 ]==========

Running on platform X64
Detected client installed with version '5.00.9012.1056'
Updated security on object C:\Windows\ccmsetup\cache.
Launch from folder C:\Windows\ccmsetup\
CcmSetup version: 5.0.9040.1044
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.
In ServiceMain
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist.
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0
OS is not Win10RS3+, ENDOK.
[VRTDATAMED01] Running on 'Microsoft Windows Server 2012 R2 Standard' (6.3.9600). Service Pack (0.0). SuiteMask = 272. Product Type = 18
Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /ForceInstall /ignoreskipupgrade /config:MobileClient.tcf
Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.
SslState value: 224
CCMHTTPPORT: 80
CCMHTTPSPORT: 443
CCMHTTPSSTATE: 480
CCMHTTPSCERTNAME:
Lookup MP: VRPSCCMPR01.ad
FSP: VRPSCCMRS01.ad
CCMCERTSTORE: MY
CCMCERTISSUERS: CN=ad; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx | CN=XXXXXXXXX Root Certificate Authority
CCMFIRSTCERT: 1
CCMPKICERTOPTIONS: 1
MANAGEDINSTALLER: 0
Client is set to use HTTPS when available. The current state is 480.
Begin searching client certificates based on Certificate Issuers
Certificate Issuer 1 [CN=ad; DC=ad; DC=xxxxxxx; DC=xxxx; DC=xxx]
Certificate Issuer 2 [CN=XXXXXXXX Root Certificate Authority]
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to [] issued by [CN=XXXXXXX AD Certificate Authority-CA1; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx]
Chain has Certificate [Thumbprint 3D4FDAC359EF8DA12CDE84FA6C31237A00021FF7] issued to [CN=XXXXXXXXX AD Certificate Authority-CA1, DC=ad, DC=xxxxxxx, DC=xxxx, DC=xxx] issued by [CN=XXXXXXXXX Root Certificate Authority]
Chain has Certificate [Thumbprint B60BA9406B1B7ADBF4848CE3DA0E977105C2ED92] issued to [CN=XXXXXXXX Root Certificate Authority] issued by [CN=XXXXXXXXX Root Certificate Authority]
Based on Certificate Issuer 'CN=XXXXXXXXX Root Certificate Authority' found Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Begin validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
CRL check enabled.
Verification of Certificate chain returned 80092013
Completed validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Completed searching client certificates based on Certificate Issuers
Begin to select client certificate
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.
1 certificate(s) found in the 'MY' certificate store.
Only one certificate present in the certificate store.
Begin validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Allowing usage of CNG key storage.
The Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad' has 'Client Authentication' capability.
Completed validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'

Client selected the PKI Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to 'VRTDATAMED01.ad'

Raising pending event:
instance of CCM_ServiceHost_CertRetrieval_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414012809.993000+000";
HRESULT = "0x00000000";
ProcessID = 3076;
ThreadID = 3676;
};
Successfully submitted pending event to WMI.
CCMCERTID: MY;8EDE6BDA96FDCCEED332F0150381D2DE83F72D51
Begin searching client certificates based on Certificate Issuers
Certificate Issuer 1 [CN=ad; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx]
Certificate Issuer 2 [CN=XXXXXXXXX Root Certificate Authority]
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to [] issued by [CN=XXXXXXXXX AD Certificate Authority-CA1; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx]
Chain has Certificate [Thumbprint 3D4FDAC359EF8DA12CDE84FA6C31237A00021FF7] issued to [CN=XXXXXXXXX AD Certificate Authority-CA1, DC=ad, DC=xxxxxx, DC=xxxx, DC=xxx] issued by [CN=XXXXXXXXX Root Certificate Authority]
Chain has Certificate [Thumbprint B60BA9406B1B7ADBF4848CE3DA0E977105C2ED92] issued to [CN=XXXXXXXXX Root Certificate Authority] issued by [CN=XXXXXXXXX Root Certificate Authority]
Based on Certificate Issuer 'CN=XXXXXXXXX Root Certificate Authority' found Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Begin validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
CRL check enabled.
Verification of Certificate chain returned 80092013
Completed validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Completed searching client certificates based on Certificate Issuers
Begin to select client certificate
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.
1 certificate(s) found in the 'MY' certificate store.
Only one certificate present in the certificate store.
Begin validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Allowing usage of CNG key storage.
The Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad' has 'Client Authentication' capability.
Completed validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'

Client selected the PKI Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to 'VRTDATAMED01.ad'

Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=UCP))'
OperationalXml '<ClientOperationalSettings><Version>5.00.9040.1016</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>480</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers>CN=ad; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx | CN=XXXXXXXXX Root Certificate Authority</CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><PKICertOptions>1</PKICertOptions><SiteSigningCert>308202FB308201E3A00302010202103D2CFCA6B6FD15A64B1C3CAA9ACFCD7B300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3137303830373138353235385A180F32313137303731353138353235385A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100C7904737D5B3DD55C86AA0B8B01078ABCF81947F2FB7142C1760E6CA55255C8DB8B125A963DE0AE2E9AB97FACAE264A166BDCF36F82AEBC48BB5ADB52074FD27754B9CE59B41CECF414ED3099FE0C5A8290AC4FDDE2DE946AE65F7EE4C789908E2E216E350DEF620074A9E070D3184EB850847683F527517A35828F9D80E71FF72962F449699B5704BC716636D4B8F8294DCAD6FF7B5125EACABE9DD3F9D284E538404A7613EF61DD62BF8AEBA7F426AC3EAF86FA33FB561DFF69292B023DD1145E1923828F2A20C55B8B0EA7AED8DEADC5E1B481052EB851056B7C12CEEF837CD0F7F0D7D1188184B4F8BFCB71C3FBBCDFE511E849E9126182FA243999717190203010001A343304130290603551D1104223020821E5652505343434D505230312E61642E6D65646374722E75636C612E65647530140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B05000382010100A1324457D7CE23ECD76D2C01C7CB8CE7A169CE51E80BA99FA99391720C773B52AEA7874ACB6A275105C1838D4E9B5593A6990A238E4E1F7F13C17DBB3FEBA98B9DA9ACD590077CCA6055BC758AE0A5819368D9E7BEB213D6C96A273D577B432F9F4650542E6BDF357F34C5B1DD3170D002DA0AD725B1266165C7054F61A3AD62089948299CBB7C725B3197773A3ACA0868AA6E568BA5686924F8A57BC3EE1735D6FBA9564871470F45B50EC27390688BA36AF33F8B314EC6E0BC63916DDC9EDD1C9B958787DAD8337FB8CFC9DC1249B454440E80266E9F010B3D0BA39D7F778A6C16AAAE540A6155DEA6440D5B0416C142D60C035D4D7FEBBFBAAEA65BEDB1BC</SiteSigningCert></SecurityConfiguration><RootSiteCode>UCP</RootSiteCode><CCM> <CommandLine>SMSSITECODE=UCP DNSSUFFIX=ad SMSMP=VRPSCCMPR01.ad CCMHOSTNAME=SCCMinternet.ad FSP=VRPSCCMRS01.ad</CommandLine> </CCM><FSP> <FSPServer>VRPSCCMRS01.ad</FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSL" Version="1" /><Property Name="SSLState" Value="63" /></Capabilities><Domain Value="ad" /><Forest Value="ad.medctr.ucla.edu" /><AADConfig Version="1.0"><Tenants></Tenants></AADConfig></ClientOperationalSettings>'
The MP name retrieved is ' VRPSCCMPR01.ad' with version '9040' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>'
MP ' VRPSCCMPR01.ad' is compatible
The MP name retrieved is ' VRPSCCMMS03.ad' with version '9040' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>'
MP ' VRPSCCMMS03.ad' is compatible
Retrieved 2 MP records from AD for site 'UCP'
Failed to persist AAD on-boarding info. Error 0x87d00227
FromAD: FSP = VRPSCCMRS01.ad
FromAD: command line = SMSSITECODE=UCP DNSSUFFIX=ad SMSMP= VRPSCCMPR01.ad CCMHOSTNAME= SCCMinternet.ad FSP= VRPSCCMRS01.ad
Local Machine is joined to an AD domain
Current AD forest name is ad, domain name is ad
Domain joined client is in Intranet
CMPInfoFromADCache requests are throttled for 00:59:59
Found MP https://VRPSCCMPR01.ad from AD
Found MP https://VRPSCCMMS03.ad from AD
Successfully refresh bootstrap information from AD.
Begin searching client certificates based on Certificate Issuers
Certificate Issuer 1 [CN=ad; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx]
Certificate Issuer 2 [CN=XXXXXXXXX Root Certificate Authority]
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to [] issued by [CN=XXXXXXXXX AD Certificate Authority-CA1; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx]
Chain has Certificate [Thumbprint 3D4FDAC359EF8DA12CDE84FA6C31237A00021FF7] issued to [CN=XXXXXXXXX AD Certificate Authority-CA1, DC=ad, DC=xxxxxx, DC=xxxx, DC=xxx] issued by [CN=XXXXXXXXX Root Certificate Authority]
Chain has Certificate [Thumbprint B60BA9406B1B7ADBF4848CE3DA0E977105C2ED92] issued to [CN=XXXXXXXXX Root Certificate Authority] issued by [CN=XXXXXXXXX Root Certificate Authority]
Based on Certificate Issuer 'CN=XXXXXXXXX Root Certificate Authority' found Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Begin validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
CRL check enabled.
Verification of Certificate chain returned 80092013
Completed validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Completed searching client certificates based on Certificate Issuers
Begin to select client certificate
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.
1 certificate(s) found in the 'MY' certificate store.
Only one certificate present in the certificate store.
Begin validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Allowing usage of CNG key storage.
The Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad' has 'Client Authentication' capability.
Completed validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'

Client selected the PKI Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to 'VRTDATAMED01.ad'

Config file: C:\Windows\ccmsetup\MobileClientUnicode.tcf
Retry time: 10 minute(s)
MSI log file: C:\Windows\ccmsetup\Logs\client.msi.log
MSI properties: CCMCERTID="MY;8EDE6BDA96FDCCEED332F0150381D2DE83F72D51" CCMCERTISSUERS="CN=ad; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx | CN=XXXXXXXXX Root Certificate Authority" CCMCERTSTORE="MY" CCMFIRSTCERT="1" CCMHOSTNAME=" SCCMinternet.ad" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="480" CCMPKICERTOPTIONS="1" DNSSUFFIX="ad" FSP=" VRPSCCMRS01.ad" INSTALL="ALL" MANAGEDINSTALLER="0" SMSMP=" VRPSCCMPR01.ad" SMSSITECODE="UCP" SMSSLP=" VRPSCCMPR01.ad" smsmplist="HTTPS:// VRPSCCMMS03.ad;HTTPS:// VRPSCCMPR01.ad"
Source List:
MPs:
HTTPS:// VRPSCCMMS03.ad
HTTPS:// VRPSCCMPR01.ad
Device is not in ESP state. Skip setting ConfigMgr to state 1
Detected client version 5.00.9012.1056 from WMI.
Task 'Configuration Manager Client Retry Task' does not exist
Updated security on object C:\Windows\ccmsetup.
Sending state '100'...
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0
OS is not Win10RS3+, ENDOK.
[5.00.9012.1056] Params to send '5.0.9040.1044 Deployment Error: 0x0, '
<ClientDeploymentMessage ErrorCode="0"><Client Baseline="1" BaselineCookie="" Platform="2" Langs=""/><Packages><Package ID="{AA0E5F50-7F48-4E1E-9C9F-AA3A430C3827}"/></Packages></ClientDeploymentMessage>
Raised pending client deployment state message.
Detected 57715 MB free disk space on system drive.
Client OS Version 6.2 Service Pack 0.0
Running as user "SYSTEM"
Checking Write Filter Status.
This is not a supported write filter device. We are not in a write filter maintenance mode.
SiteCode: UCP
SiteVersion: 5.00.9040.1016
Searching for a valid online MP...
Checking the URL 'HTTPS:// VRPSCCMPR01.ad/CCM_Client/ccmsetup.cab'
Client is not on internet
Client is set to use webproxy if available.
Begin searching client certificates based on Certificate Issuers
Certificate Issuer 1 [CN=ad; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx]
Certificate Issuer 2 [CN=XXXXXXXXX Root Certificate Authority]
Analyzing 1 Chain(s) found
Chain has Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to [] issued by [CN=XXXXXXXXX AD Certificate Authority-CA1; DC=ad; DC=xxxxxx; DC=xxxx; DC=xxx]
Chain has Certificate [Thumbprint 3D4FDAC359EF8DA12CDE84FA6C31237A00021FF7] issued to [CN=XXXXXXXXX AD Certificate Authority-CA1, DC=ad, DC=xxxxxx, DC=xxxx, DC=xxx] issued by [CN=XXXXXXXXX Root Certificate Authority]
Chain has Certificate [Thumbprint B60BA9406B1B7ADBF4848CE3DA0E977105C2ED92] issued to [CN=XXXXXXXXX Root Certificate Authority] issued by [CN=XXXXXXXXX Root Certificate Authority]
Based on Certificate Issuer 'CN=XXXXXXXXX Root Certificate Authority' found Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Begin validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
CRL check enabled.
Verification of Certificate chain returned 80092013
Completed validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Completed searching client certificates based on Certificate Issuers
Begin to select client certificate
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.
1 certificate(s) found in the 'MY' certificate store.
Only one certificate present in the certificate store.
Begin validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'
Allowing usage of CNG key storage.
The Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad' has 'Client Authentication' capability.
Completed validation of Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'

Client selected the PKI Certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to 'VRTDATAMED01.ad'

Raising pending event:
instance of CCM_ServiceHost_CertRetrieval_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414012810.634000+000";
HRESULT = "0x00000000";
ProcessID = 3076;
ThreadID = 3676;
};
Successfully submitted pending event to WMI.
ccmsetup: Host= VRPSCCMPR01.ad, Path=/CCM_Client, Port=443, Protocol=https, CcmTokenAuth=0, Flags=0x4300, Options=0x1e0
Created connection on port 443
Enabled SSL revocation check.
Trying without proxy.
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
[CCMHTTP] : dwStatusInformationLength is 4
[CCMHTTP] : *lpvStatusInformation is 0x1
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414012811.697000+000";
HostName = " VRPSCCMPR01.ad";
HRESULT = "0x80072f8f";
ProcessID = 3076;
StatusCode = 1;
ThreadID = 3676;
};
Failed to submit event to the Status Agent. Attempting to create pending event.
Raising pending event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414012811.697000+000";
HostName = " VRPSCCMPR01.ad";
HRESULT = "0x80072f8f";
ProcessID = 3076;
StatusCode = 1;
ThreadID = 3676;
};
Successfully submitted pending event to WMI.
Failed in WinHttpSendRequest API, ErrorCode = 0x2f8f
[CCMHTTP] ERROR: URL=HTTPS:// VRPSCCMPR01.ad/CCM_Client, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=
GetDirectoryList failed with a non-recoverable failure, 0x80072f8f
Failed to get directory list from 'HTTPS:// VRPSCCMPR01.ad/CCM_Client'. Error 0x80072f8f
Failed to correctly receive a WEBDAV HTTPS request.. (StatusCode at WinHttpQueryHeaders: 0) and StatusText: ''
Failed to check url HTTPS:// VRPSCCMPR01.ad/CCM_Client/ccmsetup.cab. Error 0x80004005
Accessing the URL 'HTTPS:// VRPSCCMPR01.ad/CCM_Client/ccmsetup.cab' failed with 80004005
Checking the URL 'HTTPS:// VRPSCCMMS03.ad/CCM_Client/ccmsetup.cab'
Client is not on internet
Client is set to use webproxy if available.
Using the certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad'.
ccmsetup: Host= VRPSCCMMS03.ad, Path=/CCM_Client, Port=443, Protocol=https, CcmTokenAuth=0, Flags=0x4300, Options=0x1e0
Created connection on port 443
Enabled SSL revocation check.
Trying without proxy.
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
[CCMHTTP] : dwStatusInformationLength is 4
[CCMHTTP] : *lpvStatusInformation is 0x1
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414012812.791000+000";
HostName = " VRPSCCMMS03.ad";
HRESULT = "0x80072f8f";
ProcessID = 3076;
StatusCode = 1;
ThreadID = 3676;
};
Failed to submit event to the Status Agent. Attempting to create pending event.
Raising pending event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414012812.791000+000";
HostName = " VRPSCCMMS03.ad";
HRESULT = "0x80072f8f";
ProcessID = 3076;
StatusCode = 1;
ThreadID = 3676;
};
Successfully submitted pending event to WMI.
Failed in WinHttpSendRequest API, ErrorCode = 0x2f8f
[CCMHTTP] ERROR: URL=HTTPS:// VRPSCCMMS03.ad/CCM_Client, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=
GetDirectoryList failed with a non-recoverable failure, 0x80072f8f
Failed to get directory list from 'HTTPS:// VRPSCCMMS03.ad/CCM_Client'. Error 0x80072f8f
Failed to correctly receive a WEBDAV HTTPS request.. (StatusCode at WinHttpQueryHeaders: 0) and StatusText: ''
Failed to check url HTTPS:// VRPSCCMMS03.ad/CCM_Client/ccmsetup.cab. Error 0x80004005
Accessing the URL 'HTTPS:// VRPSCCMMS03.ad/CCM_Client/ccmsetup.cab' failed with 80004005
Next retry in 10 minute(s)...
Next retry in 10 minute(s)...
Checking the URL 'HTTPS:// VRPSCCMPR01.ad/CCM_Client/ccmsetup.cab'
Client is not on internet
Client is set to use webproxy if available.
Using the certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to ' VRTDATAMED01.ad.medctr.ucla.edu'.
ccmsetup: Host= VRPSCCMPR01.ad, Path=/CCM_Client, Port=443, Protocol=https, CcmTokenAuth=0, Flags=0x4300, Options=0x1e0
Created connection on port 443
Enabled SSL revocation check.
Trying without proxy.
Trying without proxy.
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
[CCMHTTP] : dwStatusInformationLength is 4
[CCMHTTP] : lpvStatusInformation is 0x1
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414013818.882000+000";
HostName = "VRPSCCMPR01.ad";
HRESULT = "0x80072f8f";
ProcessID = 3076;
StatusCode = 1;
ThreadID = 3676;
};
Failed to submit event to the Status Agent. Attempting to create pending event.
Raising pending event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414013818.882000+000";
HostName = "VRPSCCMPR01.ad";
HRESULT = "0x80072f8f";
ProcessID = 3076;
StatusCode = 1;
ThreadID = 3676;
};
Successfully submitted pending event to WMI.
Failed in WinHttpSendRequest API, ErrorCode = 0x2f8f
[CCMHTTP] ERROR: URL=HTTPS://VRPSCCMPR01.ad/CCM_Client, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=
GetDirectoryList failed with a non-recoverable failure, 0x80072f8f
Failed to get directory list from 'HTTPS://VRPSCCMPR01.ad/CCM_Client'. Error 0x80072f8f
Failed to correctly receive a WEBDAV HTTPS request.. (StatusCode at WinHttpQueryHeaders: 0) and StatusText: ''
Failed to check url HTTPS://VRPSCCMPR01.ad/CCM_Client/ccmsetup.cab. Error 0x80004005
Accessing the URL 'HTTPS://VRPSCCMPR01.ad/CCM_Client/ccmsetup.cab' failed with 80004005
Checking the URL 'HTTPS://VRPSCCMMS03.ad/CCM_Client/ccmsetup.cab'
Client is not on internet
Client is set to use webproxy if available.
Using the certificate [Thumbprint 8EDE6BDA96FDCCEED332F0150381D2DE83F72D51] issued to 'VRTDATAMED01.ad'.
ccmsetup: Host=VRPSCCMMS03.ad, Path=/CCM_Client, Port=443, Protocol=https, CcmTokenAuth=0, Flags=0x4300, Options=0x1e0
Created connection on port 443
Enabled SSL revocation check.
Trying without proxy.
Trying without proxy.
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
[CCMHTTP] : dwStatusInformationLength is 4
[CCMHTTP] : lpvStatusInformation is 0x1
[CCMHTTP] : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414013819.961000+000";
HostName = "VRPSCCMMS03.ad";
HRESULT = "0x80072f8f";
ProcessID = 3076;
StatusCode = 1;
ThreadID = 3676;
};
Failed to submit event to the Status Agent. Attempting to create pending event.
Raising pending event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:6EF64A58-416A-4F8F-90FB-15ADBE1BF526";
DateTime = "20210414013819.961000+000";
HostName = "VRPSCCMMS03.ad";
HRESULT = "0x80072f8f";
ProcessID = 3076;
StatusCode = 1;
ThreadID = 3676;
};
Successfully submitted pending event to WMI.
Failed in WinHttpSendRequest API, ErrorCode = 0x2f8f
[CCMHTTP] ERROR: URL=HTTPS://VRPSCCMMS03.ad/CCM_Client, Port=443, Options=480, Code=12175, Text=ERROR_WINHTTP_SECURE_FAILURE
[CCMHTTP] ERROR INFO: StatusCode=<unknown> StatusText=
GetDirectoryList failed with a non-recoverable failure, 0x80072f8f
Failed to get directory list from 'HTTPS://VRPSCCMMS03.ad/CCM_Client'. Error 0x80072f8f
Failed to correctly receive a WEBDAV HTTPS request.. (StatusCode at WinHttpQueryHeaders: 0) and StatusText: ''
Failed to check url HTTPS://VRPSCCMMS03.ad/CCM_Client/ccmsetup.cab. Error 0x80004005
Accessing the URL 'HTTPS://VRPSCCMMS03.ad/CCM_Client/ccmsetup.cab' failed with 80004005
Next retry in 10 minute(s)...

Blockquote

IIS log


Blockquote

2021-04-13 08:25:15 10.6.195.67 GET /SMS_MP/.sms_aut SMSTRC 80 - 10.36.138.16 SMS+CCM+5.0 - 403 4 5 1394 0
2021-04-13 08:25:15 10.6.195.67 GET /CCM_STS - 443 - 10.36.138.16 SMS+CCM+5.0 - 401 0 0 1621 1

2021-04-13 08:25:17 10.6.195.67 GET /CCM_STS - 443 - 10.36.138.16 SMS+CCM+5.0 - 401 0 0 1621 4

2021-04-13 08:25:17 10.6.195.67 GET /CCM_STS - 443 - 10.36.138.16 SMS+CCM+5.0 - 401 0 0 1621 2
2021-04-13 08:25:17 10.6.195.67 GET /CCM_STS - 443 - 10.36.138.16 SMS+CCM+5.0 - 401 0 0 1621 3

2021-04-13 12:41:22 10.6.195.67 GET /SMS_MP/.sms_aut SMSTRC 80 - 10.36.138.16 SMS+CCM+5.0 - 403 4 5 1394 0

2021-04-13 12:41:22 10.6.195.67 GET /CCM_STS - 443 - 10.36.138.16 SMS+CCM+5.0 - 401 0 0 1621 1
2021-04-13 12:41:22 10.6.195.67 GET /CCM_STS - 443 - 10.36.138.16 SMS+CCM+5.0 - 401 0 0 1621 1

2021-04-13 12:41:22 10.6.195.67 GET /CCM_STS - 443 - 10.36.138.16 SMS+CCM+5.0 - 401 0 0 1621 2
2021-04-13 12:41:22 10.6.195.67 GET /CCM_STS - 443 - 10.36.138.16 SMS+CCM+5.0 - 401 0 0 1621 3

Blockquote

Firewall checked
Boundary checked
Certificate checked


Any idea?

Thanks,
DOM




· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Check certification health on this DP: VRPSCCMMS03

1 Vote 1 ·
DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered DucheminDominique-7551 rolled back

Hello,

The certificates on the MP (Management Point) VRPSCCMMS03 are valid:87872-2021-04-14-8-12-14-vrpsccmms03-certificates.png
The binding in IIS is:
87873-2021-04-14-8-19-13-vrpsccmms03-iis-bindings.png

The certificate is valid until 2/16/2023.
This Management Point is working for 20,000+ clients could it be on the client iiself that there is an issue?

The certificate on the client is valid
87780-2021-04-14-9-04-05-vrtdatamed01-certificate.png

Thanks,
Dom



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DucheminDominique-7551 avatar image
0 Votes"
DucheminDominique-7551 answered DucheminDominique-7551 edited

Hello,

More client installation failing with the same error code 0x80072f8f...

Clientlocation.log is pointing alternatively to MS03 or PR01 the two MPs...
LocationServices.log is showing the same error 0x80072f8f... and could not assigned the MP....

It seems to be an IIS permissions but what is strange it is working for 26,000+ clients and only a few are failing...

When using IE on those clients I could access https://vrpsccmpr01.ad.xxxx.xxxx.xxxx:443/CCM_Client
89243-2021-04-19-15-21-20-ccm-client.png
but when trying to access ccmsetup.exe I am getting an error:
89237-2021-04-19-15-23-05-ccmsetup.png

Any idea?
Thanks,
Dom



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HanyunZhu-MSFT avatar image
1 Vote"
HanyunZhu-MSFT answered HanyunZhu-MSFT edited

@DominiqueDUCHEMIN-4668

Thanks for posting in Microsoft Q&A forum.

You can use IE on the problematic clients to try to access https://<SCCM_SERVER>/SMS_MP/.sms_aut?mplist (replace <SCCM_SERVER> with your MP host name), in order to confirm whether the clients can get the MP list.

If it is failed, for better troubleshooting, you can check the IIS log of the installation time on server through the path: %SystemDrive%\inetpub\logs\Logfiles\W3SVC1.

Or you can share the log with the sensitive information marked to review.

Hope the information above is helpful to you.


If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.