I hope that someone can help me with my issue.

I started to notice that some of the machines that I have were not installing the configmgr client and that some were showing up in the all devices pool twice, one entry showing installed and active and the other as not installed. I have used a lot of the links and help articles that I have found to try to correct the duplicate SMS UI GUID's and nothing helped. I think that my issue is the amount of Client licenses that my network purchased, but I am not sure how to confirm that.

Do you happen to know how to find out the amount of CML's that are in use and the total that can be allocated from a PS command?

My reasoning that I think that it is a license issue or CML issue is that I have 3 different device pools and adding up the three pools I get 20 windows 7 machines with correct and working configmgr installs. I have a total at this time of 50 windows clients.

What I noticed is that if I run these steps that SMS UI GUID will change, but it will then revert to a SMS UI GUID that is in use by the 20th machine.

Delete the SMSCFG.ini

Run ccmdelcert.exe

Stop SMS service then restart the SMS service

run Tranguid.exe /R

When this happens I can see that it will create a new SMS UI GUID, but then when the service is restarted again or if I wait long enough the SMS GUID will change the new SMS UI GUID to the previous SMSUID and create a new SMS UI GUID with the same number as the 20th workstation.

Now to the point where I think that it is a licensing issue is that if I uninstall Configmgr from a working client I can then add one more existing machine and it will work without an issue. When I try to add in a 21th machine it will not install with its own SMS UI GUID it will use the 20th machine SMS UI GUID.

All of the machines are from a image. I did not install the configmgr client in the image and the image does complete a sysprep after the image completes and I have verified that the machines SID and GUID's are different.

Thank you for any help.

• Edited by Wright54 Monday, April 27, 2015 1:25 PM

This is what I am seeing, but I am not sure what the root cause is at the moment.

I have two machines with the same SMS UI GUID and then my machine that is working fine. The two machines that share the same SMS UI GUID have the following line in the log that you said to check.

<! [LOG[ [RegTask] - Client is not registered. Sending registration for GUID: 76FF4C21-75CA-4611-A612-E9F522CBA830 ... ]LOG] !><time='07:01:51.231+240' date="04-27-2015"

component="CLientIDManagerStartup" context="" type=1" thread="1596" file="regtask.cpp:1609">

<! [LOG[[Regtask] - Server request reset. Restarting client registration]LOG]!><time="07:01:51.313+240" date="04-27-2015" component="clientIDManagerStartup" contect="" type="1" thread="1596"

My machine:

<! [LOG[Succesfully initialized registration renewal. ]LOG] !><time="10:51:29.034+240" date="04-02-2015" component="clientIDManagerStartup" context="" type="1" thread="1484" file="regtask.cpp:527">

<! [LOG[[Regtask] - Executing registration task synchronously. ]LOG] !><time="10:51:29.034+240" date="04-02-2015" component="clientIDManagerStartup" context="" type="1" thread="1484" file="regtask.cpp:768">

<! [LOG[[Regtask] - Client is already registered. Exiting. ]LOG] !><time="10:51:29.034+240" date="04-02-2015" component="clientIDManagerStartup" context="" type="1" thread="1484" file="regtask.cpp:768">

I am also getting this error on the duplicate clients as well as my machine which is working. Unable to find PKI certificate matching SCCM certificate selection criteria 0x87d00280

• Edited by Wright54 Monday, April 27, 2015 12:30 PM

Sorry about that.

Image was done with MDT and WDS.

At this point we do not have a CA for the windows side. But to answer your question on PKI client auth certs I want to say no. if you have a specific location for me to check I will and let you know the result.

Also my machine that is working with SCCM 2012 was imaged from the same image

Could it be a firewall issue? I noticed another thread that pointed to that. The machines are in other locations with routers and other devices that we cannot manage. 

I am going to update the SCCM server to CU4. I happened to notice that the application has not been updated since it has been installed. May not correct the issue, but it needs to be updated any way.

• Edited by Wright54 Monday, April 27, 2015 4:59 PM

I have verified that My Image is syspreping after the image completes. I was able to run sysprep.exe /oobe/generalize/restart on one workstation and I think that machine is now working correctly. I hope that I do not have to sysprep the other machines. I do not think that I will have to because I think that it is something else causing the issue, but I cannot pin point it at the moment.

I have checked the SID information on 5 different machines from the domain controller running this command

Get-ADComputer -Filter "name -eq 'machinename'" -Properties Sid | select name, sid

All 5 machines came back with a different SID. All of the SID was the same except for the last 4 numbers. I checked the same 5 machines propertied in AD clicking on the Attribute Editor tab and looked at the entry for objectGUID and objectSid and all are different. The Sid in the Attribute Editor tab matches the information from the above PSCommand.

At this point I am not sure what else to check.

• Edited by Wright54 Wednesday, April 29, 2015 4:59 PM editing

Well I thought that the machine that I completed a sysprep on was fixed, but it turns out that after uninstalling the configmgr client and then reinstalling it the machine it getting its new SMS UI GUID over written with one that is already in use by another system.

Anyone have any ideas on what I should check? I am going to uninstall the client from all machines except for the few that have been rock solid.

• Edited by Wright54 Wednesday, April 29, 2015 6:38 PM

I am looking at the local systems cert store not my account store on the system. I do see 2 SMS certs and I have deleted them. After that I delete the smscfg file and then stop and start the SMS client agent service. The two SMS certs are recreated and it is given a SMS UI GUID that is in use by another system. It seems to initially give the machine a new UI, but it thinks that the machine had a previous UI and reverts to that UI which is also from another machine.

Another odd thing is that looking at the properties of the machine from the SCCM console it shows that the SID is different from the actual computers SID. The Distinguished Name is from another machine in a different OU, but the Name, NetBIOS Name, and Resource Names are correctly entered.

So this is an example

14F02 (machine name that I am working with)

Distinguished Name: CN=1425-02, OU=A, OU=Workstations,DCXX

Name: 14F02

NetBIOS: 14F02

Resource Name: 14F02

14F02 last four of SID: 1571 Shown in the properties as 500

MAC Address: is correct

Looking more into the issue it seems that when I push the client to a machine it is trying to use SID: S-1-5-21-.....-.....-......-500 Which is the admin account SID vs using the SID of the workstation.

• Edited by Wright54 Thursday, April 30, 2015 4:52 PM

Update: Still not working.

Image process: Used a VMware Virtual workstation as the base template

When the base image was captured the task sequence in MDT was set to sysprep and capture. SCCM client was not installed in the base image.

Image deployed to new machines with WDS and machines completed the sysprep process after the image completed.

Verified that the Machine SID is different by running this Power shell command on the domain controller: Get-ADComputer -Filter "name -eq 'temp'" -Properties sid | select name, sid

Verified that the UUID's are different by this command: Wmic  csproduct get uuid

I assume that this issue maybe that when the computer registers with the SCCM server it is not updating the SID information from the domain admin account to the SID of the machine like it should. I cannot find ant certificates on the machines that maybe causing the issue.