jka816
-
Posts
6 -
Joined
-
Last visited
Posts posted by jka816
-
-
Nearly two years later I finally fixed the issue so I figured I'd come back and update the thread.
Using:
Get-CMDevice | Where-Object { $_.SMSID -eq 'GUID:B1C18985-608A-4CD6-B25F-2D7ADADFD444'}
I discovered that GUID belonged to the Site Server as I stated above and it showed the client as NOT blocked.
However when running the following SQL Query:
Select * from ClientKeyData where IsRevoked=1
I discovered the client was marked as revoked for some reason. I ran the following to fix it:
Update ClientKeyData set IsRevoked=0 where RecordID=<RECORDID>
You'd need to replace RECORDID with the corresponding record returned in the first query.
-
I would think it was more a duplicate certificate than an issue with the db. Did you look for client with the id of E19C9C5C-5D8C-408D-A4BB-B7BD4A1441A4 ?
Thats te ID of the site server
-
Why do you think that there is an issue with SQL?
I don't think it's an issue with SQL but the database itself, I just don't know SQL well enough to determine if that's true.
The warning says "Client 'GUID:B1C18985-608A-4CD6-B25F-2D7ADADFD444' is unknown or has an invalid key registered in the database." This leads me to believe the GUID is somehow associated incorrectly in the DB.
-
I also just checked my MP_RegistrationManager.log file and found the following:
Processing Registration request from Client 'GUID:B1C18985-608A-4CD6-B25F-2D7ADADFD444' MP_RegistrationManager 10/21/2016 10:14:54 AM 10920 (0x2AA8)
Begin validation of Certificate [Thumbprint 21C5FF81EE60B855E7FC8F767DA86BAC58DAA51A] issued to 'SMS' MP_RegistrationManager 10/21/2016 10:14:54 AM 10920 (0x2AA8)Completed validation of Certificate [Thumbprint 21C5FF81EE60B855E7FC8F767DA86BAC58DAA51A] issued to 'SMS' MP_RegistrationManager 10/21/2016 10:14:54 AM 10920 (0x2AA8)Raising event:[sMS_CodePage(437), SMS_LocaleID(1033)]instance of MpEvent_CertRevoked{ClientID = "GUID:E19C9C5C-5D8C-408D-A4BB-B7BD4A1441A4";DateTime = "20161021151454.606000+000";MachineName = "xxx-sccm1.xxxxxxxxxx.org";ProcessID = 2948;Sender = "Client(SMSID = GUID:B1C18985-608A-4CD6-B25F-2D7ADADFD444)";SiteCode = "XXX";ThreadID = 10920;};MP_RegistrationManager 10/21/2016 10:14:54 AM 10920 (0x2AA8)Client 'GUID:B1C18985-608A-4CD6-B25F-2D7ADADFD444' is unknown or has an invalid key registered in the database. MP_RegistrationManager 10/21/2016 10:14:54 AM 10920 (0x2AA8)CCMValidateAuthHeaders failed (0x87d0025e) to validate headers for client 'GUID:B1C18985-608A-4CD6-B25F-2D7ADADFD444'. MP_RegistrationManager 10/21/2016 10:14:54 AM 10920 (0x2AA8)MP Reg: Failed to verify RegistrationHint, 0x87d0025e. MP_RegistrationManager 10/21/2016 10:14:54 AM 10920 (0x2AA8)MP Reg: Processing completed. Completion state = 0 MP_RegistrationManager 10/21/2016 10:14:54 AM 10920 (0x2AA8)This makes me thing there is an issue in the DB but I don't know SQL well enough to fix it. -
I'm having the following warning popup over and over in the SMS_MP_CONTROL_MANAGER component:
MP has rejected policy request from Client(SMSID = GUID:B1C18985-608A-4CD6-B25F-2D7ADADFD444) because this SMSID is marked as blocked.
The issue is I cannot find a client with that GUID and I'm not blocking any clients within SCCM.
I did a Powershell query for that SMSID as well as blocked devices.
Get-CMDevice | Where-Object { $_.IsBlocked -eq $true} Get-CMDevice | Where-Object { $_.SMSID -eq 'GUID:E35DAB82-1F79-4850-8383-7A8D7C43E929'}
Both returned no results.
Anyone have any ideas?
Clients won't update after WSUS rebuild
in System Center Configuration Manager (Current Branch)
Posted
I've been at this for a couple weeks and haven't had any lucky resolving it myself. I'm around ready to give up and rebuild or primary site.
SCCM Ver: CB1802
Our old WSUS server was 2012R2 running WID and we wanted to move it to 2016 and SQL. I removed the SUP role, removed the server from SCCM, then decomed the server. I rebuilt the WSUS server on 2016, connected to SQL DB, installed SUP role, and synced WSUS. In SCCM everything appears to be functioning normally, I can see updates, metadata, create software update groups, deploy, etc and Offline Servicing works but Clients and Build and Capture task sequences fail to update. This issue is not specific to one client, update, or OS version. It's everything. I've included logs from a Windows 10 1703 client I just imaged.
Following may help when looking through logs:
SUG UID: {FB172790-25B5-4030-94EF-084AF60311D4}
Unique Update ID: 2018-05 Update for Windows 10 Version 1703 for x64-based Systems (KB4132649) 5/17/2018 12:00:00 PM f176e292-745f-4757-9b64-c25f1d382bb0
Clients can see the SUGs deployed to them but they still fail to update:
I do see some interesting behavior in the WindowsUpdateLog:
I also see the following behavior in the ScanAgent.Log, but I'm not sure if it's normal or not:
Any help or ideas of where to look would be much appreciated.