myITforum.com Community Forum myITforum.com Community Forum

Home  Forums  Blogs  Live Support chat  Search Articles  Wiki  FAQ  Email Lists  Register  Login  My Profile  Inbox  Address Book  My Subscription  My Forums 

Photo Gallery  Member List  Search  Calendars  FAQ  Ticket List  Log Out

All Forums RSS Feed Subscription:


  


Clients failing to recieve policy from MP

 
View related threads: (in this forum | in all forums)

Logged in as: Guest
  Printable Version
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Clients failing to recieve policy from MP Page: [1]
Login
Message << Older Topic   Newer Topic >>
Clients failing to recieve policy from MP - 11/4/2008 4:51:50 PM   
bhuffman

 

Posts: 69
Score: 2
Joined: 3/20/2006
From: Portland, OR
Status: offline 		Checking my status messages today and I have 65 out of 8,000 clients all of a sudden failing to connect to the mp for policy retrieval.  shouldn't be admin thing...  no ryme or reason to the various clients too...  any ideas? 

Here is what status messages from SMS_MP_CONTROL_MANAGER:
MP has rejected a policy request from GUID:D5E63DB6-D298-43CC-9EC1-329A3E7D8940 because it was not approved. The operating system reported error 2147942405: Access is denied.

Here is what the policyagent.log file says on client:
Failed in WinHttpReceiveResponse API, ErrorCode = 0x2f78

[CCMHTTP] HTTP ERROR: URL=http://M1SMSMP01.MMI.LOCAL/SMS_MP/.sms_pol?{a552b7d0-6041-4893-b366-a212d7a33ec8}.1_00, Port=80, Protocol=http, SSLOptions=0, Code=12152, Text=ERROR_WINHTTP_INVALID_SERVER_RESPONSE

Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:D06707E1-69E6-485D-B3F3-6678511C53A2";
DateTime = "20081104213323.024000+000";
HostName = "MP01.DOMAIN.LOCAL";
HRESULT = "0x80072f78";
ProcessID = 960;
StatusCode = 0;
ThreadID = 1052;
};

HTTP download of http://MP01.DOMAIN.LOCAL/SMS_MP/.sms_pol?{a552b7d0-6041-4893-b366-a212d7a33ec8}.1_00 failed: 999 Unknown

Raising event:
instance of CCM_PolicyAgent_PolicyDownloadFailed
{
ClientID = "GUID:D06707E1-69E6-485D-B3F3-6678511C53A2";
DateTime = "20081104213323.054000+000";
DownloadErrorInfo =
instance of CCM_HttpDownloadMethod_ErrorInfo
{
HttpStatusCode = 999;
HttpStatusText = "Unknown";
};
DownloadMethod = "HTTP";
DownloadSource = "http://MP01.DOMAIN.LOCAL/SMS_MP/.sms_pol?{a552b7d0-6041-4893-b366-a212d7a33ec8}.1_00";
PolicyNamespace = "\\\\0109LAB1\\ROOT\\ccm\\Policy\\Machine\\RequestedConfig";
PolicyPath = "CCM_Policy_Policy4.PolicyID=\"{a552b7d0-6041-4893-b366-a212d7a33ec8}\",PolicySource=\"SMS:MMI\",PolicyVersion=\"1.00\"";
ProcessID = 960;
ThreadID = 1052;
};

Post #: 1
RE: Clients failing to recieve policy from MP - 11/11/2008 1:16:45 PM   
bhuffman

 

Posts: 69
Score: 2
Joined: 3/20/2006
From: Portland, OR
Status: offline 		The fix was running ccmdelcert.exe from the toolkit...


(in reply to bhuffman)
Post #: 2
RE: Clients failing to recieve policy from MP - 1/5/2009 7:30:43 AM   
kingskawn

 

Posts: 109
Score: -4
Joined: 4/25/2007
Status: offline 		Running on what site? The primary?

I looked for the machine that gave me the problem from the error of the MP_Control_Manager.
quote:


MP has rejected a policy request from GUID:90D74DD8-5243-44A3-928D-B29C5CF033EF because it was not approved. The operating system reported error 2147942405: Access is denied.


What did was a search to that machine with an SQL query

quote:


SELECT
     resourceID, netbios_name0, SMS_Unique_Identifier0
FROM
    dbo.v_R_System
WHERE    
   (SMS_Unique_Identifier0 = 'GUID:90D74DD8-5243-44A3-928D-B29C5CF033EF')


With a 'search' I found the machine that was giving me the problem. But what can I do on this machine? It even isn't in my collection where I want to deploy the client.

< Message edited by kingskawn -- 1/5/2009 9:13:44 AM >

(in reply to bhuffman)
Post #: 3
RE: Clients failing to recieve policy from MP - 1/5/2009 12:24:33 PM   
bhuffman

 

Posts: 69
Score: 2
Joined: 3/20/2006
From: Portland, OR
Status: offline 		Yeah, i had to search by GUID too.  We only have one primary site.  The problem for me was corrupted certificate.  What i did to fix was stop the sms host service, run the ccmdelcert.exe on the workstation, then start the service, or maybe i rebooted the workstation.  Did you try that yet?

(in reply to kingskawn)
Post #: 4
RE: Clients failing to recieve policy from MP - 1/5/2009 2:15:53 PM   
kingskawn

 

Posts: 109
Score: -4
Joined: 4/25/2007
Status: offline 		Ok so you didn't do the ccmdelcert.exe on the primary but on the machine that was giving the problem? If so, I'll try that tomorrow. (where can I get that ccmdelcert.exe? )

What I already did is deleting the object (faulty machine) but it will be there tomorrow because it is automatically imported from AD.

(in reply to bhuffman)
Post #: 5
RE: Clients failing to recieve policy from MP - 1/5/2009 2:31:27 PM   
mhudson

 

Posts: 559
Score: 12
Joined: 4/1/2007
From: College Station, TX
Status: offline 		If you have client push setup with RESETKEYINFORMATION=TRUE
It should also fix this problem.  We use it and seems to correct the issue.

http://technet.microsoft.com/en-us/library/bb680980.aspx


_____________________________

Matthew Hudson MCTS,MVP-ConfigMgr
http://sms-hints-tricks.blogspot.com/
http://www.sccm-tools.com

(in reply to kingskawn)
Post #: 6
RE: Clients failing to recieve policy from MP - 1/6/2009 1:47:11 AM   
kingskawn

 

Posts: 109
Score: -4
Joined: 4/25/2007
Status: offline
quote:

ORIGINAL: mhudson

If you have client push setup with RESETKEYINFORMATION=TRUE
It should also fix this problem.  We use it and seems to correct the issue.

http://technet.microsoft.com/en-us/library/bb680980.aspx



Thanks for this helpful information!

But it will not check other client installs for a correct certification. In other words, what do I miss of information or will my client be installed without problems afterwards?

(in reply to mhudson)
Post #: 7
RE: Clients failing to recieve policy from MP - 1/6/2009 8:36:54 AM   
mhudson

 

Posts: 559
Score: 12
Joined: 4/1/2007
From: College Station, TX
Status: offline 		Change the client push to include this.  Then right click on the client and select repair client.  The client will repair and remove the old certs and pull in the current certs.  You will see in the client status that the client was installed and from there you shouldn't see any more client messages about policy.

_____________________________

Matthew Hudson MCTS,MVP-ConfigMgr
http://sms-hints-tricks.blogspot.com/
http://www.sccm-tools.com

(in reply to kingskawn)
Post #: 8
Page:   [1]
All Forums >> [Management Products] >> System Center Products >> System Center Configuration Manager >> Clients failing to recieve policy from MP Page: [1]
Jump to:





New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts



  
Forum Software © ASPPlayground.NET Advanced Edition 2.4.5 ANSI

0.344