trejwr
asked on
SCCM Client unable to register to server on 5 out of 45 servers
I have migrated all of our systems to a SCCM server for patching and software deployment. 65ish laptops. 45 Servers. The rub is that I have a few servers that are unable to register to the server. In one of the logs on the system, I get this:
<![LOG[[RegTask] - Client is not registered. Sending registration request for GUID:<REDACTED> ...]LOG]!><time="14:57:40. 377+300" date="04-09-2014" component="ClientIDManager Startup" context="" type="1" thread="5972" file="regtask.cpp:1609">
<![LOG[[RegTask] - Server rejected registration request: 3]LOG]!><time="14:57:41.11 1+300" date="04-09-2014" component="ClientIDManager Startup" context="" type="3" thread="5972" file="regtask.cpp:1675">
<![LOG[Sleeping for 292 seconds before refreshing location services.]LOG]!><time="14: 57:46.120+ 300" date="04-09-2014" component="ClientIDManager Startup" context="" type="1" thread="5972" file="regtask.cpp:196">
I have removed the certificates, the SMSCONF.sys file, completely(as best I can tell) removed all CCM related software and reinstalled. Same result. Any ideas?
<![LOG[[RegTask] - Client is not registered. Sending registration request for GUID:<REDACTED> ...]LOG]!><time="14:57:40.
<![LOG[[RegTask] - Server rejected registration request: 3]LOG]!><time="14:57:41.11
<![LOG[Sleeping for 292 seconds before refreshing location services.]LOG]!><time="14:
I have removed the certificates, the SMSCONF.sys file, completely(as best I can tell) removed all CCM related software and reinstalled. Same result. Any ideas?
ASKER
I have reinstalled the agent. I haven't ruled out the firewall or network issues, but it seems odd that some of the ones that are having issues are on the same network as functional ones. All windows firewalls are turned off.
Are all of them Domain members?
You may have to install the Agent with the flag RESETKEYINFORMATION=TRUE
Also try this:
http://shankarkannappa.wordpress.com/tag/server-rejected-registration-request-3-client-not-receiving-policies/
You may have to install the Agent with the flag RESETKEYINFORMATION=TRUE
Also try this:
http://shankarkannappa.wordpress.com/tag/server-rejected-registration-request-3-client-not-receiving-policies/
Some other issues come into my mind....
Sometimes the agent installs but the service do not start.
Reasons may sometimes just be, that you get certificate errors (schannel in event log), or DCOM permission errors, that a DCOM component could not start due to missing permissions and even make sure, that the install account has the right permissions.
So check the eventlog and compare the membership in the local groups, if there are accounts missing, especially the install account. Also check under which account the agents runs itself.
If you tries to install in the same way than all other machines, you may try to manually remove the agent, check the permissions and try to install again.
Sometimes the agent installs but the service do not start.
Reasons may sometimes just be, that you get certificate errors (schannel in event log), or DCOM permission errors, that a DCOM component could not start due to missing permissions and even make sure, that the install account has the right permissions.
So check the eventlog and compare the membership in the local groups, if there are accounts missing, especially the install account. Also check under which account the agents runs itself.
If you tries to install in the same way than all other machines, you may try to manually remove the agent, check the permissions and try to install again.
ASKER
OK, so I think I about have this figured out. It seems all systems that would not allow the client to register had non-standard self-signed certificates for varying reasons. This was causing conflict when the SCCM Agent attempted to authenticate to the CA??? Not clear on how this works, but after removing the certs from two systems, I was able to install and register. I am testing further to finalize this project and will annotate my findings after its completion.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
But most issue may be a firewall (i.e. windows firewall) what blocks the communication or any other software (also virus scanner) what may produce trouble).