question

TravMah-0406 avatar image
0 Votes"
TravMah-0406 asked saldana-msft edited

SCCM client failing to install after windows 10 update

Hi,

We recently updated windows 10 devices to version 2004. After the windows update the sccm client on lot devices is failing to register. The client certificate is none, it should be on PKI. Clients are installing properly on new devices, no issue there. I have checked the Mpcontrol log and MP_Registration log, there is nothing there. The firewall is disabled.

  • I have reinstalled the client by completing removing the old client and the reg keys.

  • I have reset the WMI and repaired the WMI repository

  • I have reinstalled the MP

  • Tried installing client using Ccmsetup command line: ccmsetup.exe /runservice RESETKEYINFORMATION="TRUE" SMSSITECODE="XYZ"

Nothing seems to be working. The issue is only happening after the windows update.

Can't figure out what is causing this issue. If someone can point me in the right direction that will be very helpful.

Thanks,

Some logs:

ClientIDManagerStartup.log

107437-image.png


Location Services.Log
107310-image.png


CCmMessaging.Logs
107403-image.png


windows-10-generalmem-cm-generalmem-cm-site-deployment
image.png (21.1 KiB)
image.png (501.0 KiB)
image.png (222.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

HanyunZhu-MSFT avatar image
0 Votes"
HanyunZhu-MSFT answered TravMah-0406 commented

Hi @TravMah-0406,

Thanks for posting in Microsoft Q&A forum.

It seems that we have done a lot of research and perform some troubleshooting steps to find the root cause.

According to the provided log picture, the error may be caused by that the client failed to communicate with management point.
We can try to uncheck the box from Site Properties which disable CRL check and check the log again.
107958-crl.png
If the error is still reported, we may need more information to move on. Since there's nothing wrong in mpcontrol.log, so that could you upload the complete LocationServices.log and CcmMessaging.log (with sensitive information masked), may be we can find some cause in the log file.

Thanks for your time.


If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



crl.png (37.5 KiB)
· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @HanyunZhu-MSFT ,

Thanks for your reply. Yes, I have unchecked clients check the CRL for the systems. I have reinstalled the client using parameters /NoCRLCheck /mp:smsmp01.contoso.com /logon SMSSITECODE=XZY on those devices but still having the same issue.

I was checking the logs in IIS and observed that these clients which are having this issue never send the " CCM_POST, /ccm_system_windowsauth/request, -, " request. I have attached the image of the IIS logs below.

108378-image.png

I can see the client IP Address entery in MP_Location logs.
108379-mp-location.log
I have attached the LocationService log and CCMMessaging log.
108370-ccmmessaging.log


108436-locationservices.log



Thanks

0 Votes 0 ·
image.png (165.0 KiB)
mp-location.log (3.4 KiB)
ccmmessaging.log (147.2 KiB)

Hi,

Thanks for your update.

We may check the health of the management first. Open the Internet explorer and enter the following commands:
· http://<ServerName.FQDN>/sms_mp/.sms_aut?mplist
· http://<ServerName.FQDN>/sms_mp/.sms_aut?mpcert

For more details, please refer to this article:
https://www.enhansoft.com/how-to-test-your-mp-to-confirm-if-it-is-healthy/
(Note: This is not from MS, just for your reference.)

What's more, I found an article that have similar error with the log you provide, may be we can try it to troubleshooting:
https://www.syswow64.co.uk/2016/03/sccm-client-certificate-pki-value-is.html
(Note: This is not from MS, just for your reference.)

0 Votes 0 ·

HI,

Thanks for spending time on this.

Yes, I can access the mplist and mpcert after moving the SCCM Client Certificate to the personal user store in mmc.
109558-image.png
109631-image.png

I followed the instructions in the link that you shared. Devices don't have that reg key but I added It by running that script and restarted the SMS service few times, restarted the device. Still having the same issue.

I'm getting this error code 0x5, can't find anything about that on the internet.

Failed in WinHttpSendRequest API, ErrorCode = 0x5



0 Votes 0 ·
image.png (57.5 KiB)
image.png (70.7 KiB)
Show more comments