No packages will deploy in SCCM 2012

This is a new SCCM 2012 server and we have moved all clients to the new server and have deployed SCEP.  We now want to deploy packages and have not been able to send anything.  In the deployement status  - I check various logs and have not been able to find what the issue is.  Any help would be appriecated. 

May 20th, 2015 9:02am

SCEP was enabled with no issues?

On a client open the configuration manager applet on control panel, check the actions tab. How many options are listed?

Do MPLIST and MPCERT look ok?

https://technet.microsoft.com/en-gb/library/bb932118.aspx?f=255&MSPPError=-2147217396

If everything checks out ok and you have more than 2 options in the actions tab force a machine policy retrieval evaluation cycle and have a look at the execmgr.log on the client.

Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 9:24am

What exactly do you see in execmgr.log on a client? Are boundaries and boundary groups setup correctly? Do the clients show as active in the console?

Jeff

May 20th, 2015 9:26am

Client are all active in the console are getting policy request. SCEP deployed without issue.  On the execmgr.log  on to of the machines see screen shot.  Boundaries/Boundary Group is set for our AD site.  MPList and CERT are ok. 

I also force a machine policy retrieval evaluation cycle and have a look at the execmgr.log on the client and that file did not change.  However,  in the cosole the policy request updated to 10:18

 


Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 10:21am

On one of the clients look at the policy*.log files.  Are there errors?

Jeff

May 20th, 2015 10:53am

No error in any of the policy.log files on all test machines. 
Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 10:59am

Do the policy logs indicate that the machines are indeed receiving policy?

Does this occur with all deployments or just one in particular?

Jeff

May 20th, 2015 11:24am

It is happening  with all deployments. We have done different package test. Google and Silverlight.  The machines are all recieving policy. 

Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 12:25pm

Client are all active in the console are getting policy request. SCEP deployed without issue.  On the execmgr.log  on to of the machines see screen shot.  Boundaries/Boundary Group is set for our AD site.  MPList and CERT are ok. 

I also force a machine policy retrieval evaluation cycle and have a look at the execmgr.log on the client and that file did not change.  However,  in the cosole the policy request updated to 10:18

 


  • Edited by Eiram Rulz Wednesday, May 20, 2015 2:24 PM
May 20th, 2015 2:17pm

Client are all active in the console are getting policy request. SCEP deployed without issue.  On the execmgr.log  on to of the machines see screen shot.  Boundaries/Boundary Group is set for our AD site.  MPList and CERT are ok. 

I also force a machine policy retrieval evaluation cycle and have a look at the execmgr.log on the client and that file did not change.  However,  in the cosole the policy request updated to 10:18

 


  • Edited by Eiram Rulz Wednesday, May 20, 2015 2:24 PM
Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 2:17pm

We have another odd issue don't doubt if it is related but will share - some of the the machines are disabling the Configuration Manager Remote Control service.  Even if we set to Automatic and start it - it will turn off and disble almost instantly.  NO GP or FW on.
May 20th, 2015 2:44pm

If the remote control service is disabled, then remote tools are likely disabled in the default policy.  Have you looked at the default policy to make sure it is configured appropriately (since you indicated this is a new installation)?

Jeff

Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 3:42pm

We have another odd issue don't doubt if it is related but will share - some of the the machines are disabling the Configuration Manager Remote Control service.  Even if we set to Automatic and start it - it will turn off and disble almost instantly.  NO GP or FW on.
  • Edited by Eiram Rulz Wednesday, May 20, 2015 6:41 PM
May 20th, 2015 6:40pm

We have another odd issue don't doubt if it is related but will share - some of the the machines are disabling the Configuration Manager Remote Control service.  Even if we set to Automatic and start it - it will turn off and disble almost instantly.  NO GP or FW on.
  • Edited by Eiram Rulz Wednesday, May 20, 2015 6:41 PM
Free Windows Admin Tool Kit Click here and download it now
May 20th, 2015 6:40pm

It is not disabled in the default policy. 
May 21st, 2015 8:33am

Any ideals on the client deployment issue. Can I check anything else??
Free Windows Admin Tool Kit Click here and download it now
May 21st, 2015 11:40am

It really sounds like your machines are not getting policy.  It's hard to give specific advice without seeing/knowing the environment.  If you can post logs (policy*, execmgr.log, locationservices.log, clientidmanagerstartup.log, etc.) to onedrive, then perhaps we could look at them.

Jeff

May 21st, 2015 12:42pm

Here is some of the policyagent:

hread="3828" file="requestassignmentstask.cpp:1489">
<![LOG[Requesting User policy from authority 'SMS:500']LOG]!><time="11:42:52.166+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="3828" file="requestassignmentstask.cpp:1549">
<![LOG[Skipping request for user policy assignments due to agent configuration for authority 'SMS:500'.]LOG]!><time="11:42:52.166+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="3828" file="requestassignmentstask.cpp:1621">
<![LOG[Requesting Machine policy assignments]LOG]!><time="11:48:17.557+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="344" file="requestassignmentstask.cpp:1485">
<![LOG[Requesting Machine policy from authority 'SMS:500']LOG]!><time="11:48:17.572+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="344" file="requestassignmentstask.cpp:1549">
<![LOG[Raising event:

instance of CCM_PolicyAgent_AssignmentsRequested
{
 AuthorityName = "SMS:500";
 ClientID = "GUID:1932EAC8-6DDF-4B29-B870-D2910815C655";
 DateTime = "20150522154817.666000+000";
 ProcessID = 2596;
 ResourceName = "W7E-CGG-TEST";
 ResourceType = "Machine";
 ThreadID = 344;
};
]LOG]!><time="11:48:17.666+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="344" file="event.cpp:715">
<![LOG[Processing Machine assignments from 'SMS:500'. The new cookie is ''.]LOG]!><time="11:48:17.884+240" date="05-22-2015" component="PolicyAgent_ReplyAssignments" context="" type="1" thread="4068" file="replyassignmentsendpoint.cpp:1441">
<![LOG[Raising event:

instance of CCM_PolicyAgent_AssignmentsReceived
{
 AuthorityName = "SMS:500";
 ClientID = "GUID:1932EAC8-6DDF-4B29-B870-D2910815C655";
 DateTime = "20150522154817.900000+000";
 ProcessID = 2596;
 ReplyType = "Full";
 ResourceName = "W7E-CGG-TEST";
 ResourceType = "Machine";
 ThreadID = 4068;
};
]LOG]!><time="11:48:17.900+240" date="05-22-2015" component="PolicyAgent_ReplyAssignments" context="" type="1" thread="4068" file="event.cpp:715">
<![LOG[Already processed Machine assignments from 'SMS:500' with the cookie ''.]LOG]!><time="11:48:17.900+240" date="05-22-2015" component="PolicyAgent_ReplyAssignments" context="" type="1" thread="4068" file="replyassignmentsendpoint.cpp:1485">

Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2015 11:59am

Location services:

D2910815C655";
 DateTime = "20150522130319.131000+000";
 HostName = "AAMCVSC.aamc.org";
 HRESULT = "0x00000000";
 ProcessID = 2596;
 StatusCode = 0;
 ThreadID = 2844;
};
]LOG]!><time="09:03:19.131+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="event.cpp:715">
<![LOG[Refreshing trusted key information]LOG]!><time="09:03:19.178+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:912">
<![LOG[Refreshed Root Site Code from AD]LOG]!><time="09:03:19.194+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsad.cpp:4808">
<![LOG[Attempting to refresh TRK from AD]LOG]!><time="09:03:19.194+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:2210">
<![LOG[Refreshed TRK from AD]LOG]!><time="09:03:19.240+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:2268">
<![LOG[Raising event:

instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:1932EAC8-6DDF-4B29-B870-D2910815C655";
 DateTime = "20150522130319.334000+000";
 HostName = "AAMCVSC.aamc.org";
 HRESULT = "0x00000000";
 ProcessID = 2596;
 StatusCode = 0;
 ThreadID = 2844;
};
]LOG]!><time="09:03:19.350+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="event.cpp:715">
<![LOG[Persisting the management point authentication information in WMI]LOG]!><time="09:03:19.350+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:921">
<![LOG[Persisted Management Point Authentication Information locally]LOG]!><time="09:03:19.381+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:928">
<![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="09:03:19.428+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsad.cpp:770">
<![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="09:03:19.568+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsad.cpp:770">
<![LOG[Updated FSP '' from AD to local.]LOG]!><time="09:03:19.740+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsad.cpp:6551">
<![LOG[Updating portal information.]LOG]!><time="09:03:19.896+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:4103">
<![LOG[Received reply of type PortalCertificateReply]LOG]!><time="09:03:20.052+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="replylocationsendpoint.cpp:303">
<![LOG[The reply from location manager contains 1 certificates]LOG]!><time="09:03:20.052+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsportalutils.cpp:93">
<![LOG[Updating portal certificates]LOG]!><time="09:03:20.052+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:4143">
<![LOG[Successfully created context from the raw certificate.]LOG]!><time="09:03:20.052+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:4247">

May 22nd, 2015 12:00pm

Here is the execmgr.log

If the client is not yet registered, this is expected behavior.]LOG]!><time="09:03:11.721+240" date="05-22-2015" component="execmgr" context="" type="2" thread="2460" file="softdistpolicy.cpp:1405">
<![LOG[A user has logged on.]LOG]!><time="09:12:46.168+240" date="05-22-2015" component="execmgr" context="" type="1" thread="1788" file="execreqmgr.cpp:4911">
<![LOG[The logged on user is AAMC\cgalentine]LOG]!><time="09:12:47.042+240" date="05-22-2015" component="execmgr" context="" type="1" thread="1788" file="execreqmgr.cpp:4930">
<![LOG[Software Distribution site settings (CCM_SoftwareDistributionClientConfig) policy does not yet exist on the client.
If the client is not yet registered, this is expected behavior.]LOG]!><time="09:12:48.742+240" date="05-22-2015" component="execmgr" context="" type="2" thread="1788" file="softdistpolicy.cpp:1405">
<![LOG[Software Distribution site settings (CCM_SoftwareDistributionClientConfig) policy does not yet exist on the client.
If the client is not yet registered, this is expected behavior.]LOG]!><time="09:12:49.257+240" date="05-22-2015" component="execmgr" context="" type="2" thread="1788" file="softdistpolicy.cpp:1405">

Free Windows Admin Tool Kit Click here and download it now
May 22nd, 2015 12:01pm

Do the machines show up as active clients in your console?
May 22nd, 2015 1:21pm

Add "Approved" -column to your console and check if the clients are Approved for management. If the column states that the client's are "Not approved", you can just right click them and choose "Approve".

More information about this:

https://technet.microsoft.com/en-us/library/hh427330.aspx#BKMK_ConfigClientApproval

Free Windows Admin Tool Kit Click here and download it now
May 23rd, 2015 5:24am

Machines are all active and all show status of Approved. 
May 27th, 2015 9:40am

Machines are all active and all show status of Approved. 
  • Edited by Eiram Rulz Wednesday, May 27, 2015 1:41 PM
Free Windows Admin Tool Kit Click here and download it now
May 27th, 2015 1:39pm

Machines are all active and all show status of Approved. 
  • Edited by Eiram Rulz Wednesday, May 27, 2015 1:41 PM
May 27th, 2015 1:39pm

Hi,

Have you resolved this problem?

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
June 4th, 2015 5:32am

Hi,

Have you resolved this problem?

Best Regards,

Joyce

June 4th, 2015 5:32am

No unfortunatly the issus is not resolved.  We are working on a new server.  However I do have an additional question.  How do I manually update the policy for a client.  We have clients that are not reporting despite having the SCCM client and SCEP on the machnine (and options are able to be changed). 

And what is even stranger I have some that have the SCCM client and show SCEP upmanaged but they have the policy.  But when you go to CCM on the client they only have 2 options in the actions:


  • Edited by Eiram Rulz Monday, June 08, 2015 8:09 PM
Free Windows Admin Tool Kit Click here and download it now
June 8th, 2015 5:41pm

No unfortunatly the issus is not resolved.  We are working on a new server.  However I do have an additional question.  How do I manually update the policy for a client.  We have clients that are not reporting despite having the SCCM client and SCEP on the machnine (and options are able to be changed). 

And what is even stranger I have some that have the SCCM client and show SCEP upmanaged but they have the policy.  But when you go to CCM on the client they only have 2 options in the actions:


June 9th, 2015 1:30pm

What should I find in those logs.  I do not see any errors.  Is there a way to manually update the policy, ie copy ep_defaultpolicy.xml on the PC directly, change reg key?  If not, how do I go about correcting the communiciation to the management point?
Free Windows Admin Tool Kit Click here and download it now
June 9th, 2015 1:42pm

At this point, a call to CSS is really in order.  This thread has been open for a long time with no real resolution - you need someone to dig into your environment to get to the root cause (or provide guidance that requires actually looking at your environment).

Jeff

June 9th, 2015 7:14pm

Hi,

>>How do I manually update the policy for a client.

Trigger "Machine Policy Retrieval & Evaluation Cycle" action.

>>when you go to CCM on the client they only have 2 options in the actions

This client may not be able to communicate with Management Point. Please check CcmMessaging.log and LocationServices.log.

Best Regards,

Joyce

Free Windows Admin Tool Kit Click here and download it now
June 9th, 2015 9:14pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics