MP Has Rejected GUID : "XXXXX" Message!!!!

Some of warning can be ignored but not for the long time... because if that is not fixed it will change to Error and that is thing that  we never want to see In sccm.  I will check the sccm health and found that SMS_MP_CONTROL_MANAGER was flooding with the warning “MP has rejected client registration”

Let’s take look at the error:

Message ID:  5447

Description:  MP has rejected a message from GUID:”XXXXX” because the signature could not be validated. If this is a valid client, it will attempt to re-register automatically so its signature can be correctly validated.

When looking at the CM database, specifically at the view, v_R_System, one would notice that there are two columns which have names explicitly containing the label “GUID” – Object_GUID0 and SMBIOS_GUID0, neither of which match up to the GUID referred to in the error message shown above.  Looking at the properties of these two columns, we find that Object_GUID0 is related to the Active Directory object of the resource and SMBIOS_GUID0 is the BIOS GUID of the resource.

After reading the logs it was cleared that issue was with the client registration   but which Client? Because in error message it was redirecting to GUID which was linked to client. So now we have to find out the client name that was getting rejected by MP. But HOW??  The answer was in the v_R_System column named SMS_Unique_Indentifier0 – intuitive.

We can get the client information using 3 methods?

1.    SQL Method:  (Query against the CM database) You should have access to DB

SELECT
Name0,
SMS_Unique_Identifier0

FROM
v_R_System

WHERE
SMS_Unique_Identifier0 = ‘GUID: G89L6053-19F7-414C-AAF6-L426F84DAG70′

2.    PowerShell Method: This is my favorite.

Note : Enter your data where the [] are, but omit the brackets.

$params = @{Namespace=”ROOT\SMS\site_[YOURSITECODE]“;
Class=”SMS_R_System”;
ComputerName=”[YOURSITESERVER]“;
Filter=’SMSUniqueIdentifier = “GUID:F36C6053-12D7-404C-AAF6-E406F84DAF50″‘}
Get-WmiObject @params | ForEach-Object {
$Name = $_.Name
$Name = ” Computer Name:  $Name”
$ResourceID = $_.ResourceID
$ResourceID = “   Resource ID:  $ResourceID”
$ClientVersion = $_.ClientVersion
$ClientVersion = “Client Version:  $ClientVersion”
Return $Name, $ResourceID, $ClientVersion
}

3.    Adding the GUID Colum  to All system Query :

Just add the column to the existing all system query and put the GUID in Search bar u will get the Client name.

Hope This Will Help!!

Amarpal Singh Sandhu

SCCM 2007 Native Mode Client failed to pull down the computer certificate

Sccm Native mode machine not pull down computer certificate!!!

To request client certificate you go to run>MMC.exe and add Certificates to the console then you can right click on personal certificates and request a cert and it give you below error.

The certificate request failed because of one of the following conditions :-The request required an exchange certificate from a Certification Authority (CA) that is not started OR You do not have the permissions to request certificates from the available CAs.

if so then you might need to add the EnableDCOM entry to the machine with a value of Y

The EnableDCOM registry entry is located in the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

After this restart the machine and wait for GPO to pull down the cert. You will see certificate now :)

http://support.microsoft.com/kb/929494

 Hope this will help you :)

Amarpal Singh Sandhu

SCCM 2007 Client Certificate Missing/Corrupted

Some time we have a client that refuses to finish the install of the SCCM client because the certificate doesn't have a private key or it throw the error in isntallation log. 

We can try below 2 different solutions .

1.  The easiest is to check the cert store under personnal and see if there are any invalid certs. Delete and restart.

2. The other is a more dangerous solution but will correct the problem

It is only recommend when you see all of the following problems:

CCM Setup Log:
Automatic certificate enrollment for local system failed to enroll for one Computer
certificate (0x80090016). Keyset does not exist

Client sucessfully installed but still u see  below error in logs &Applicationn Event Log:

ClientIDManagerStartup:
Certificate issued to 'computer.domain.com' doesn't have private key.
RegTask: Failed to get certificate. Error: 0x80040280
RegTask: Failed to get certificate. Error: 0x80040281
Error initializing client registration (0x80040222).


Solution:
Stop the Crypto Service
Rename the folders under the Crypto Folder
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto

Restart the machine and watch the ClientIDManagerStartup log

Hope this will help you  :)

Amarpal Singh Sandhu

Certificates causing registration errors in client files while registering!!!

Senario :

I had a new issue today regarding clients not registering with their MP. The errors I received are below:

ClientIDManagerStartup.log
RegTask: Server rejected registration request: 3

PolicyEvaluator.log
Failed to trigger Machine settings update (80070057)

MP_RegistrationManager.log
Certificate issued to ‘SMS’ has expired.

After seeing the last error stating the certificate had expired I decided to delete the SMS certificates and repair the client. I did this by opening up the MMC and selecting the “Certificates” snapin for the machine with the issue. Once selected, drill down to SMS > Certificates and delete both SMS certificates.



Now all you need to do is repair the SCCM client and it should register correctly with the MP.

Cheers!!!!

Slow performance after you change the system time or resume the computer from sleep or hibernation on a System Center Configuration Manager 2007 SP2 client.

Q. SCCM Client is responding very Slow ?

Cause : This issue occurs because the System Center Configuration Manager 2007 SP2 client unnecessarily sends many WMI queries for the WM_TIMECHANGE message.

Solution :

1. You deploy many updates to a Microsoft System Center Configuration Manager 2007 Service Pack 2 (SP2) client.

2. You perform an operation that generates the WM_TIMECHANGE message from the client computer. For example, you perform one of the following operations:

- You change the system time.
- You resume a computer from sleep.
- You resume a computer from hibernation.

In this scenario, the computer runs slowly for some time. Additionally, the CPU usage is high, and the computer processes a heavy workload of disk I/O.

For all the details, including the cause and hotfix, see the following new Knowledge Base article:
KB2309968- Slow performance after you change the system time or resume the computer from sleep or hibernation on a System Center Configuration Manager 2007 SP2 client