Jump to content


robdawg04

Client Push not working from SCCM12 SP1 from Win. Server 2012 to Win 7 Machine in Domain

Recommended Posts

I have installed Configuration Manager 2012 SP1 on a Windows Server 2012 Machine in our domain. I followed your step-by-step guide on here to install the prerequisites, IIS, BITS, WSUS features/roles and also added the boundaries and boundary groups. We use another server to house the SQL portion. I've made sure the correct instance for SQL was configured as well during the setup. I have got to the point of pushing the client out to a test machine in our domain. We have selected the HTTPS since we are having our clients use PKI Certificates (which I don't think it is a certificate problem since there are no errors in the log for the certificates). I made sure that the Service Account used for the client push was an Administrator on my machine. However, when looking at the error logs on the client machine that is receiving the CCM client, I am getting the following error:

- Failed to receive ccm message response. Status Code - 403
- GETDP Locations failed with error 0x80004005
- Failed to get DP Locations as the expected version from MP "HTTPS:// . Error 0x800004005
- Failed to get DP Locations from MP "HTTPS://

 

I have NO idea what to do now. We have checked and double checked the IIS Settings and even gave every used folder in ISS that the client push tries to use, Domain Admin rights just to see if maybe that was it since the 403 is known to be an Access Denied error. That didn't help. I have Googled, redone the machine from scratch, Googled some more, and I still have no idea what to do now. Any help would be appreciated. Here is the complete log file from the client side from start to finish of the push installation:

 

The following have been changed for security purposes:

 

Domain Name = wacko.com

Primary Site Server = Win12-Svr

Client Machine = Win7-Client

Certificate Server = Wind08-Cert

Site Code = S01

 

==========[ ccmsetup started in process 2508 ]========== )
- Running on platform X64
- Updated security on object C:\Windows\ccmsetup\cache\.
- Launch from folder C:\Windows\ccmsetup\
- CcmSetup version: 5.0.7804.1000
- In ServiceMain
- Running on OS (6.1.7601). Service Pack (1.0). SuiteMask = 256. Product Type = 1
- Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf
- Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required.
- Command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /config:MobileClient.tcf
- SslState value: 224
- CCMHTTPPORT: 80
- CCMHTTPSPORT: 443
- CCMHTTPSSTATE: 480
- CCMHTTPSCERTNAME:
- FSP:
- CCMCERTISSUERS: CN=wacko-Win8-Cert; DC=wacko; DC=com
- CCMFIRSTCERT: 1
- Config file: C:\Windows\ccmsetup\MobileClientUnicode.tcf
- Retry time: 10 minute(s)
- MSI log file: C:\Windows\ccmsetup\Logs\client.msi.log
- MSI properties: INSTALL="ALL" SMSSITECODE="S01" CCMHTTPPORT="80" CCMHTTPSPORT="443" CCMHTTPSSTATE="480" CCMCERTISSUERS="CN=wacko-Win08-Cert; DC=wacko; DC=com" CCMFIRSTCERT="1"
- Source List:
\\Win12-Svr.wacko.com\SMSClient
\\WIN-12-SVR.WACKO.COM\SMSClient
- MPs:
HTTPS://Win12-Svr.wacko.com
- No version of the client is currently detected.
- Updated security on object C:\Windows\ccmsetup\.
- A Fallback Status Point has not been specified. Message with STATEID='100' will not be sent.
- Running as user "SYSTEM"
- Detected 399219 MB free disk space on system drive.
- Checking Write Filter Status.
- This is not a supported write filter device. We are not in a write filter maintenance mode.
- Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=S01))'
- OperationalXml<ClientOperationalSettings><Version>5.00.7804.1000</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>480</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers>CN=Win08-Cert DC=wacko; DC=local</CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202F4308201DCA00302010202101850F4BA9B1043A7409C5FE8650162A7300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3133303231313138303230345A180F32313133303131393138303230345A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100BDCC6825F033E77920A7D9669A37C2113F92AA16F584900F393D27F79DAAB077CB40D59D4D8C04BFA7BECE57EEF0504ACFB440BCD99BFC096023A2D74CA0E24BA36E50F72DBBF8004FF5519045C0F2D267318A44993699A44E5949CFCEE8C0911F676F4373DE1B4B6C5134D14E9466AC28FFD548615F9E6F67C8043088610406CB9DC35E8CF3F8229F821EF4CD7BBD383431CDEF2210F92F61D3915A79513DEFA50E1F1FDFAD63A68B33BDD1E6C94917B6706F0A7CFFC8E1635243A2390AE2B9D5CD01BF3BD3B98C8598BCE329C97AE14B663FD6D00D2A4B87D948FA7024C3497512606E09A287F97ACAB3FD66AC9A1A2E2A225DB6AE875233E420A2859E8EA10203010001A33C303A30220603551D11041B30198217464E422D53432D312E666E62736F7574682E6C6F63616C30140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B050003820101003B8A9E7B76AF39A483C1E1FB382D35BFE6BEAEE01C341E11EB34A235EF055DDC2326E82422102D764063C9E72824D63AEA18DD1DE3443969F62DB495C2CB1E509445DBBCD58E6B597704F686C2D18DFA8EF438AA5174FA37BF0BDF753DFC623DCEBE456FFF5FF43F528425E2D2F8D7D94CD32C1CE068E80F78E21177E435553A9B7A514736D71C03632EDAC82886B22174786B9F44028EF1865BFF20C111E49C647CCFFF6A180C39128582B174225501C2C449D9E9ECE7510A2F5FD1F2850A8801C6051015F8AACE8547EB09604BAB9C68B6E32EA0DC3F8652AE3BB8A5C3D1E6238A990A0DD73602B1BD2C19C6EE6E448164293B8465830AD3441908C6E89BBD</SiteSigningCert></SecurityConfiguration><RootSiteCode>S01</RootSiteCode><CCM> <CommandLine>SMSSITECODE=S01</CommandLine> </CCM><FSP> <FSPServer></FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSL" Version="1" /><Property Name="SSLState" Value="63" /></Capabilities><Domain Value="wacko.com" /><Forest Value="wacko.com" /></ClientOperationalSettings>'
- Unable to open Registry key Software\Microsoft\CCM. Return Code [80070002]. Client HTTPS state is Unknown.
- The MP name retrieved is 'Win12-Svr.wacko.com' with version '7804' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>'
- MP 'Win12-Svr.wacko.com' is compatible
- Retrieved 1 MP records from AD for site 'S01'
- Retrived site version '5.00.7804.1000' from AD for site 'S01'
- SiteCode: S01
- SiteVersion: 5.00.7804.1000
- Ccmsetup is being restarted due to an administrative action. Installation files will be reset and downloaded again.
- Only one MP HTTPS://Win12-Svr.wacko.com is specified. Use it.
- Searching for DP locations from MP(s)...
- Current AD site of machine is <town> LocationServices
- Local Machine is joined to an AD domain LocationServices
- Current AD forest name is wacko.com, domain name is wacko.com LocationServices
- DhcpGetOriginalSubnetMask entry point is supported. LocationServices
- Begin checking Alternate Network Configuration LocationServices
- Finished checking Alternate Network Configuration LocationServices
- Sending message body '<ContentLocationRequest SchemaVersion="1.00">
<AssignedSite SiteCode="S01"/>
<ClientPackage/>
<ClientLocationInfo LocationType="SMSPACKAGE" DistributeOnDemand="0" UseProtected="0" AllowCaching="0" BranchDPFlags="0" AllowHTTP="1" AllowSMB="0" AllowMulticast="0" UseInternetDP="0">
<ADSite Name="Town"/>
<Forest Name="wacko.com"/>
<Domain Name="wacko.com"/>
<IPAddresses>
<IPAddress SubnetAddress="192.168.1.0" Address="192.168.1.10"/>
</IPAddresses>
</ClientLocationInfo>
</ContentLocationRequest>
Sending message header '<Msg SchemaVersion="1.1"><ID>{78B09375-D51E-4A67-9BAF-371EC350FD6E}</ID><SourceHost>Win7-Client</SourceHost><TargetAddress>mp:[http]MP_LocationManager</TargetAddress><ReplyTo>direct:Win7-Client:LS_ReplyLocations</ReplyTo><Priority>3</Priority><Timeout>600</Timeout><ReqVersion>5931</ReqVersion><TargetHost>HTTPS://Win12-Svr.wacko.com</TargetHost><TargetEndpoint>MP_LocationManager</TargetEndpoint><ReplyMode>Sync</ReplyMode><Protocol>http</Protocol><SentTime>2013-02-12T21:19:26Z</SentTime><Body Type="ByteRange" Offset="0" Length="1102"/><Hooks><Hook3 Name="zlib-compress"/></Hooks><Payload Type="inline"/></Msg>'
CCM_POST 'HTTPS://Win12-Svr.wacko.com/ccm_system/request'
- Begin searching client certificates based on Certificate Issuers
- Certificate Issuer 1 [CN=wacko-Win08-Cert; DC=wacko; DC=com]
- Analyzing 1 Chain(s) found
- Chain has Certificate [Thumbprint F1D54F6C0111952CEE97DA6D23D51204DBE95B71] issued to Win7-Client-wacko.com
- Chain has Certificate [Thumbprint 47105ED23C5A054AB61A6B53FAC54D542C66D630] issued to wacko-Win08-Cert'
- Based on Certificate Issuer 'wacko-Win08-Cert' found Certificate [Thumbprint F1D54F6C0111952CEE97DA6D23D51204DBE95B71] issued to 'Win7-Client'
- Begin validation of Certificate [Thumbprint F1D54F6C0111952CEE97DA6D23D51204DBE95B71] issued to 'Win7-Client.wacko.com'
- CRL check enabled.
- Verification of Certificate chain returned 00000000
- Completed validation of Certificate [Thumbprint F1D54F6C0111952CEE97DA6D23D51204DBE95B71] issued to 'Win7-Client.wacko.com'
- Completed searching client certificates based on Certificate Issuers
- Begin to select client certificate
- The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'.
- 1 certificate(s) found in the 'MY' certificate store.
- Only one certificate present in the certificate store.
- Begin validation of Certificate [Thumbprint F1D54F6C0111952CEE97DA6D23D51204DBE95B71] issued to 'Win7-Client.wacko.com'
- The Certificate [Thumbprint F1D54F6C0111952CEE97DA6D23D51204DBE95B71] issued to 'Win7-Client.wacko.com' has 'Client Authentication' capability.
- Completed validation of Certificate [Thumbprint F1D54F6C0111952CEE97DA6D23D51204DBE95B71] issued to 'Win7-Client.wacko.com'
>>> Client selected the PKI Certificate [Thumbprint F1D54F6C0111952CEE97DA6D23D51204DBE95B71] issued to 'Win7-Clent.wacko.com'
Failed to receive ccm message response. Status code = 403
GetDPLocations failed with error 0x80004005
Failed to get DP locations as the expected version from MP 'HTTPS://Win12-Svr.wacko.com'. Error 0x80004005
A Fallback Status Point has not been specified. Message with STATEID='101' will not be sent
.
Next retry in 10 minute(s)...

Share this post


Link to post
Share on other sites

Did you get this fixed, as Im having the same exact problem. My client push install wont work, as the machine never starts the ccmsetup.exe on the client. The only way I can get the client to try to install is to browse to the sms_842 share. The ad install works for some machines 30, but I have 2500 machines in my domain. This is driving me nuts.

  • Like 1

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...


×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.