Hi ladies and gentlemen, First of all let me say great forum as I have at numerous times found my answers, with the exception of this one. I have done everything this forum has suggested in order to get this to work, to no avail and definitely no help from MS documentation. They are definitely missing a huge piece when it comes to documentation, they act like clicking on that Approval method will just work and that is just not the case. That being said, I am a huge fan of SCCM and love the product, just hate that this piece is so difficult to get working ( obviously from so many complaints ). I will lay it out with all pertinent information in order to give you a better assessment of the environment ; Server 2003 SP2 -SCCM 2007 SP2 R2 - Remote SQL server 2005 - Remote SUP All advertisements working flawlessly across domains, reporting, SUP releases golden! It is flawless with the exception of Automatically approved Trusted Domains. SPN's for Site server and DB are set. SPN for site server with ALIAS in DNS. setspn -L netbiosname http/alias.domain.com host/netbiosname host/netbiosname.domain.com SPN for DB since it is running under a user account setspn -L domain\username MSSQLSvc/netbiosname:1433 MSSQLSvc/netbiosname.domain.com:1433 Here is the kicker : All of my clients do not have any obvious errors in thheir logs. I checked MPRegistration_Manager.Log and it shows the one error ( which i believe is normal first time checking in ) which coincides with the client , and right after I see the retry being successful and thereafter the client says it is registered. All logs point to the correct MP, they find the MP, flawless, yet they will NOT automatically approve and my SMS_COMPONENT_MANAGER sees this and rejects the policy request from it.I look at my IIS logs and all are http 200 which means there are no Kerberos issues. FYI : I have read all material including the ones that were suggested when I started typing this question. Your help will be greatly appreciated. I P.S-> I know I can manually approve my machines ( i have a collection that pulls them and it would be easy), I just hate that something does not work as it is supposed to. IF this is by design so be it. Thank you in advance!! EDIT : Just curious since this seems to be the SQL Stored Procedure that triggers the approval : Under what context is this SP run and how can I tell the results when it was run? I am thinking this is something so simple and I am just missing it!!!! I took this from one of the articles : " How it works: Automatic Approval in Configuration Manager 2007." exec spUpdateClientRegistration (@SiteCode) "2P4", (@SMSID) "GUID:EEAF9390-94EB-43AE-A0DE-F374E3E7E03B", (@CSMSID) NULL, (@Identity) NULL, (@DeviceID) NULL, (@Certificate) How It Works: Automatic Client Approval in Configuration Manager 2007... http://blogs.technet.com/b/configurationmgr/archive/2010/01/20/how-it-... 2 of 4 2/7/2011 10:35 AM 0x308201E03082014DA0030201020210C25D7C383E3CB6AE466BE10C22ACF3AE300906052B0E03021D05003025311530130603550403130C574B30322D (@Thumbprint) 0xE824658E489FDBB6481ED7788E74877FB9DBCF0B, (@EncKey) 0x308201E13082014EA00302010202106866F6C06283B38644D10B448CFAE966300906052B0E03021D05003025311530130603550403130C574B30322D3 (@EncThumbprint) 0x6B186E7BC2B86B059FAE5E431C6C6CE40A943F3C,(@KeyType) 1, (@PublicKey) 0x06020000002400005253413100040000010001009FE071C68EFCC0CE50682051A43F6A8FF02656C328E992FB6D08A796CB7C653490A85597ED14ABE2A (@ValidFrom) "2009-05-19 19:34:47.000", (@ValidTo) "2109-04-26 19:34:47.000", (@AgentType) 0, (@SMBIOSID) NULL , (@MACAddress) NULL , (@HardwareID1) "2:D4D8AD1963DA464FC3EE60E5212310036AB9EDEC", (@ISVProxyID) NULL , (@AlwaysInternet) 0, (@InternetEnabled) 0, (@Force) 0, (@ApprovalMethod) 1, (@ResolutionMethod) 0, (@IsIntegratedAuth) 1, (@Version) "4.00.6221.1000", (@NetbiosName) "WK02-020-51W", (@FQDName) "WK02-020-51W.Child.A2003.VM.local", (@ManualConflictResolution) 0