This is a new SCCM 2012 server and we have moved all clients to the new server and have deployed SCEP. We now want to deploy packages and have not been able to send anything. In the deployement status - I check various logs and have not been able to find what the issue is. Any help would be appriecated.
SCEP was enabled with no issues?
On a client open the configuration manager applet on control panel, check the actions tab. How many options are listed?
Do MPLIST and MPCERT look ok?
https://technet.microsoft.com/en-gb/library/bb932118.aspx?f=255&MSPPError=-2147217396
If everything checks out ok and you have more than 2 options in the actions tab force a machine policy retrieval evaluation cycle and have a look at the execmgr.log on the client.
What exactly do you see in execmgr.log on a client? Are boundaries and boundary groups setup correctly? Do the clients show as active in the console?
Jeff
Client are all active in the console are getting policy request. SCEP deployed without issue. On the execmgr.log on to of the machines see screen shot. Boundaries/Boundary Group is set for our AD site. MPList and CERT are ok.
I also force a machine policy retrieval evaluation cycle and have a look at the execmgr.log on the client and that file did not change. However, in the cosole the policy request updated to 10:18
- Edited by Eiram Rulz 17 hours 25 minutes ago
On one of the clients look at the policy*.log files. Are there errors?
Jeff
Do the policy logs indicate that the machines are indeed receiving policy?
Does this occur with all deployments or just one in particular?
Jeff
It is happening with all deployments. We have done different package test. Google and Silverlight. The machines are all recieving policy.
.
Client are all active in the console are getting policy request. SCEP deployed without issue. On the execmgr.log on to of the machines see screen shot. Boundaries/Boundary Group is set for our AD site. MPList and CERT are ok.
I also force a machine policy retrieval evaluation cycle and have a look at the execmgr.log on the client and that file did not change. However, in the cosole the policy request updated to 10:18
- Edited by Eiram Rulz Wednesday, May 20, 2015 2:24 PM
Client are all active in the console are getting policy request. SCEP deployed without issue. On the execmgr.log on to of the machines see screen shot. Boundaries/Boundary Group is set for our AD site. MPList and CERT are ok.
I also force a machine policy retrieval evaluation cycle and have a look at the execmgr.log on the client and that file did not change. However, in the cosole the policy request updated to 10:18
- Edited by Eiram Rulz Wednesday, May 20, 2015 2:24 PM
- Edited by Eiram Rulz 13 hours 8 minutes ago
If the remote control service is disabled, then remote tools are likely disabled in the default policy. Have you looked at the default policy to make sure it is configured appropriately (since you indicated this is a new installation)?
Jeff
- Edited by Eiram Rulz Wednesday, May 20, 2015 6:41 PM
- Edited by Eiram Rulz Wednesday, May 20, 2015 6:41 PM
It really sounds like your machines are not getting policy. It's hard to give specific advice without seeing/knowing the environment. If you can post logs (policy*, execmgr.log, locationservices.log, clientidmanagerstartup.log, etc.) to onedrive, then perhaps we could look at them.
Jeff
Here is some of the policyagent:
hread="3828" file="requestassignmentstask.cpp:1489">
<![LOG[Requesting User policy from authority 'SMS:500']LOG]!><time="11:42:52.166+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="3828" file="requestassignmentstask.cpp:1549">
<![LOG[Skipping request for user policy assignments due to agent configuration for authority 'SMS:500'.]LOG]!><time="11:42:52.166+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context=""
type="1" thread="3828" file="requestassignmentstask.cpp:1621">
<![LOG[Requesting Machine policy assignments]LOG]!><time="11:48:17.557+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="344" file="requestassignmentstask.cpp:1485">
<![LOG[Requesting Machine policy from authority 'SMS:500']LOG]!><time="11:48:17.572+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="344" file="requestassignmentstask.cpp:1549">
<![LOG[Raising event:
instance of CCM_PolicyAgent_AssignmentsRequested
{
AuthorityName = "SMS:500";
ClientID = "GUID:1932EAC8-6DDF-4B29-B870-D2910815C655";
DateTime = "20150522154817.666000+000";
ProcessID = 2596;
ResourceName = "W7E-CGG-TEST";
ResourceType = "Machine";
ThreadID = 344;
};
]LOG]!><time="11:48:17.666+240" date="05-22-2015" component="PolicyAgent_RequestAssignments" context="" type="1" thread="344" file="event.cpp:715">
<![LOG[Processing Machine assignments from 'SMS:500'. The new cookie is ''.]LOG]!><time="11:48:17.884+240" date="05-22-2015" component="PolicyAgent_ReplyAssignments" context="" type="1" thread="4068"
file="replyassignmentsendpoint.cpp:1441">
<![LOG[Raising event:
instance of CCM_PolicyAgent_AssignmentsReceived
{
AuthorityName = "SMS:500";
ClientID = "GUID:1932EAC8-6DDF-4B29-B870-D2910815C655";
DateTime = "20150522154817.900000+000";
ProcessID = 2596;
ReplyType = "Full";
ResourceName = "W7E-CGG-TEST";
ResourceType = "Machine";
ThreadID = 4068;
};
]LOG]!><time="11:48:17.900+240" date="05-22-2015" component="PolicyAgent_ReplyAssignments" context="" type="1" thread="4068" file="event.cpp:715">
<![LOG[Already processed Machine assignments from 'SMS:500' with the cookie ''.]LOG]!><time="11:48:17.900+240" date="05-22-2015" component="PolicyAgent_ReplyAssignments" context="" type="1" thread="4068"
file="replyassignmentsendpoint.cpp:1485">
Location services:
D2910815C655";
DateTime = "20150522130319.131000+000";
HostName = "AAMCVSC.aamc.org";
HRESULT = "0x00000000";
ProcessID = 2596;
StatusCode = 0;
ThreadID = 2844;
};
]LOG]!><time="09:03:19.131+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="event.cpp:715">
<![LOG[Refreshing trusted key information]LOG]!><time="09:03:19.178+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:912">
<![LOG[Refreshed Root Site Code from AD]LOG]!><time="09:03:19.194+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsad.cpp:4808">
<![LOG[Attempting to refresh TRK from AD]LOG]!><time="09:03:19.194+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:2210">
<![LOG[Refreshed TRK from AD]LOG]!><time="09:03:19.240+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:2268">
<![LOG[Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:1932EAC8-6DDF-4B29-B870-D2910815C655";
DateTime = "20150522130319.334000+000";
HostName = "AAMCVSC.aamc.org";
HRESULT = "0x00000000";
ProcessID = 2596;
StatusCode = 0;
ThreadID = 2844;
};
]LOG]!><time="09:03:19.350+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="event.cpp:715">
<![LOG[Persisting the management point authentication information in WMI]LOG]!><time="09:03:19.350+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844"
file="lssecurity.cpp:921">
<![LOG[Persisted Management Point Authentication Information locally]LOG]!><time="09:03:19.381+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:928">
<![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="09:03:19.428+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsad.cpp:770">
<![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="09:03:19.568+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsad.cpp:770">
<![LOG[Updated FSP '' from AD to local.]LOG]!><time="09:03:19.740+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsad.cpp:6551">
<![LOG[Updating portal information.]LOG]!><time="09:03:19.896+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:4103">
<![LOG[Received reply of type PortalCertificateReply]LOG]!><time="09:03:20.052+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="replylocationsendpoint.cpp:303">
<![LOG[The reply from location manager contains 1 certificates]LOG]!><time="09:03:20.052+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lsportalutils.cpp:93">
<![LOG[Updating portal certificates]LOG]!><time="09:03:20.052+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:4143">
<![LOG[Successfully created context from the raw certificate.]LOG]!><time="09:03:20.052+240" date="05-22-2015" component="LocationServices" context="" type="1" thread="2844" file="lssecurity.cpp:4247">
Here is the execmgr.log
If the client is not yet registered, this is expected behavior.]LOG]!><time="09:03:11.721+240" date="05-22-2015" component="execmgr" context="" type="2" thread="2460" file="softdistpolicy.cpp:1405">
<![LOG[A user has logged on.]LOG]!><time="09:12:46.168+240" date="05-22-2015" component="execmgr" context="" type="1" thread="1788" file="execreqmgr.cpp:4911">
<![LOG[The logged on user is AAMC\cgalentine]LOG]!><time="09:12:47.042+240" date="05-22-2015" component="execmgr" context="" type="1" thread="1788" file="execreqmgr.cpp:4930">
<![LOG[Software Distribution site settings (CCM_SoftwareDistributionClientConfig) policy does not yet exist on the client.
If the client is not yet registered, this is expected behavior.]LOG]!><time="09:12:48.742+240" date="05-22-2015" component="execmgr" context="" type="2" thread="1788" file="softdistpolicy.cpp:1405">
<![LOG[Software Distribution site settings (CCM_SoftwareDistributionClientConfig) policy does not yet exist on the client.
If the client is not yet registered, this is expected behavior.]LOG]!><time="09:12:49.257+240" date="05-22-2015" component="execmgr" context="" type="2" thread="1788" file="softdistpolicy.cpp:1405">
Add "Approved" -column to your console and check if the clients are Approved for management. If the column states that the client's are "Not approved", you can just right click them and choose "Approve".
More information about this:
https://technet.microsoft.com/en-us/library/hh427330.aspx#BKMK_ConfigClientApproval
- Edited by Eiram Rulz 18 hours 7 minutes ago
- Edited by Eiram Rulz Wednesday, May 27, 2015 1:41 PM
- Edited by Eiram Rulz Wednesday, May 27, 2015 1:41 PM
Hi,
Have you resolved this problem?
Best Regards,
Joyce
Hi,
Have you resolved this problem?
Best Regards,
Joyce
No unfortunatly the issus is not resolved. We are working on a new server. However I do have an additional question. How do I manually update the policy for a client. We have clients that are not reporting despite having the SCCM
client and SCEP on the machnine (and options are able to be changed).
And what is even stranger I have some that have the SCCM client and show SCEP upmanaged but they have the policy. But when you go to CCM on the client they only have 2 options in the actions:
- Edited by Eiram Rulz Monday, June 08, 2015 8:09 PM
No unfortunatly the issus is not resolved. We are working on a new server. However I do have an additional question. How do I manually update the policy for a client. We have clients that are not reporting despite having the SCCM
client and SCEP on the machnine (and options are able to be changed).
And what is even stranger I have some that have the SCCM client and show SCEP upmanaged but they have the policy. But when you go to CCM on the client they only have 2 options in the actions:
- Edited by Eiram Rulz 11 hours 39 minutes ago
At this point, a call to CSS is really in order. This thread has been open for a long time with no real resolution - you need someone to dig into your environment to get to the root cause (or provide guidance that requires actually looking at your environment).
Jeff
Hi,
>>How do I manually update the policy for a client.
Trigger "Machine Policy Retrieval & Evaluation Cycle" action.
>>when you go to CCM on the client they only have 2 options in the actions
This client may not be able to communicate with Management Point. Please check CcmMessaging.log and LocationServices.log.
Best Regards,
Joyce