?
Solved

SCCM Client unable to register to server on 5 out of 45 servers

Posted on 2014-04-09
8
Medium Priority
?
1,217 Views
Last Modified: 2015-06-25
I have migrated all of our systems to a SCCM server for patching and software deployment.  65ish laptops.  45 Servers.  The rub is that I have a few servers that are unable to register to the server.  In one of the logs on the system, I get this:
<![LOG[[RegTask] - Client is not registered. Sending registration request for GUID:<REDACTED> ...]LOG]!><time="14:57:40.377+300" date="04-09-2014" component="ClientIDManagerStartup" context="" type="1" thread="5972" file="regtask.cpp:1609">
<![LOG[[RegTask] - Server rejected registration request: 3]LOG]!><time="14:57:41.111+300" date="04-09-2014" component="ClientIDManagerStartup" context="" type="3" thread="5972" file="regtask.cpp:1675">
<![LOG[Sleeping for 292 seconds before refreshing location services.]LOG]!><time="14:57:46.120+300" date="04-09-2014" component="ClientIDManagerStartup" context="" type="1" thread="5972" file="regtask.cpp:196">

I have removed the certificates, the SMSCONF.sys file, completely(as best I can tell) removed all CCM related software and reinstalled.  Same result.  Any ideas?
0
Comment
Question by:trejwr
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
8 Comments
 
LVL 35

Expert Comment

by:Bembi
ID: 39990136
As SCCM uses agents, make sure the agents on the systems are not too old. You may try to reinstall the agents from the SCCM or to install them manually.
But most issue may be a firewall (i.e. windows firewall) what blocks the communication or any other software (also virus scanner) what may produce trouble).
0
 

Author Comment

by:trejwr
ID: 39990405
I have reinstalled the agent. I haven't ruled out the firewall or network issues, but it seems odd that some of the ones that are having issues are on the same network as functional ones. All windows firewalls are turned off.
0
 
LVL 31

Expert Comment

by:merowinger
ID: 39990759
Are all of them Domain members?
You may have to install the Agent with the flag RESETKEYINFORMATION=TRUE
Also try this:
http://shankarkannappa.wordpress.com/tag/server-rejected-registration-request-3-client-not-receiving-policies/
0
Get real performance insights from real users

Key features:
- Total Pages Views and Load times
- Top Pages Viewed and Load Times
- Real Time Site Page Build Performance
- Users’ Browser and Platform Performance
- Geographic User Breakdown
- And more

 
LVL 35

Expert Comment

by:Bembi
ID: 39992451
Some other issues come into my mind....
Sometimes the agent installs but the service do not start.
Reasons may sometimes just be, that you get certificate errors (schannel in event log), or DCOM permission errors, that a DCOM component could not start due to missing permissions and even make sure, that the install account has the right permissions.

So check the eventlog and compare the membership in the local groups, if there are accounts missing, especially the install account. Also check under which account the agents runs itself.

If you tries to install in the same way than all other machines, you may try to manually remove the agent, check the permissions and try to install again.
0
 

Author Comment

by:trejwr
ID: 39992833
OK, so I think I about have this figured out. It seems all systems that would not allow the client to register had non-standard self-signed certificates for varying reasons.  This was causing conflict when the SCCM Agent attempted to authenticate to the CA???  Not clear on how this works, but after removing the certs from two systems, I was able to install and register.  I am testing further to finalize this project and will annotate my findings after its completion.
0
 
LVL 35

Accepted Solution

by:
Bembi earned 2000 total points
ID: 39992880
This is why it is sometimes usefull to have your own PKI and used certificates from there.
Yea, by default self signed certs are used and you have to make sure. they are present on the clients.

Self signed certs is a work around for the lifetime of the cert, this ensures that a system can run out of the box, but they start to make trouble as possibly not automatically renewed and some applications start to make trouble if two cerst with the same subject name exists because some application jsut take the first one they can find.

Just to explain the cert behaviour.
0
 
LVL 35

Expert Comment

by:Seth Simmons
ID: 40850241
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0

Featured Post

Will your db performance match your db growth?

In Percona’s white paper “Performance at Scale: Keeping Your Database on Its Toes,” we take a high-level approach to what you need to think about when planning for database scalability.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
Resolving an irritating Remote Desktop connection that stops your saved credentials from being used.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
Suggested Courses

764 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question