OSD TS application download fails after reboot - client incorrectly believes it "is on internet"

Hello,

Our  SCCM infrastructure is configured to use SSL and its working, no problems in daily operation.

However, our windows 7 osd task sequence has an issue after a reboot computer step, on a single specific computer.

The OSD TS looks as follows (cannot put screenshot due to account verification issue

Setup Operating System
- Setup Windows and Configuration Manager
- Install Updates

Standard Software
- Install Default Apps
- Install Adobe
- Restart Computer
- Install MS Apps
- Install Antivirus
 

"Install default apps and install adobe works correctly. All app packages are downloaded and installed without errors.

Then restart computer runs, also ok.

Then install ms apps tries to install Office 2010 and lync. This and the following install steps all fail with this message in the task sequence report: 

DownloadFailed execution status received: 24 (Application download failed)

I opened a debug command line on the affected client with F8 and captured the logfiles.

it seems the Client believes it is "on the Internet" after the reboot, and tries to contact our Internet-facing DP.

ClientLocation.log:

Client is in Internet	ClientLocation	13.03.2014 08:34:30	1692 (0x069C)
Current internet management point is externaldnsentry.company.com	ClientLocation	13.03.2014 08:34:30	1692 (0x069C)
Raising event:
instance of CCM_LocationServices_LocationBaseChange
{
	ClientID = "GUID:e5b6f053-86b8-4f35-b82e-6cdb3bcabc5e";
	DateTime = "20140313073430.697000+000";
	NewLocation = "Internet";
	OldLocation = "Intranet";
	ProcessID = 1660;
	ThreadID = 1692;
};
	ClientLocation	13.03.2014 08:34:30	1692 (0x069C)
Failed to submit event to the Status Agent. Attempting to create pending event.	ClientLocation	13.03.2014 08:34:30	1692 (0x069C)

LocationServices.log

Calling back with locations for location request {B3C644CC-A7BA-4732-A4C2-9B53F4FF2DD6}	LocationServices	13.03.2014 08:32:29	3232 (0x0CA0)
Using INF MP externaldnsentry.company.com as lookup MP.	LocationServices	13.03.2014 08:34:38	2960 (0x0B90)
Attempting to retrieve site information from lookup MP(s) via HTTPS	LocationServices	13.03.2014 08:34:38	2960 (0x0B90)
Failed to send site information Location Request Message to externaldnsentry.company.com	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
Attempting to retrieve site information from lookup MP(s) via HTTP	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
Failed to refresh security settings over MP with error 0x80004005.	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
No security settings update detected.	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)

The strange thing is, this currently only happens on a single dell precision T7610, on a different computer (for example, dell latitude e6330, or a vmware test system) this does not happen, and after reboot, SCCM TS continues to install software normally.

Does anyone have an idea or a hint what is going on?





  • Edited by RR Med Thursday, March 13, 2014 12:35 PM
March 12th, 2014 3:56pm

Does this help at all:

http://ittherapist.net/2014/01/16/sccm-2012-r2-os-deployment-with-pki-https/

Free Windows Admin Tool Kit Click here and download it now
March 13th, 2014 4:53am

no, sorry. the pki infrastructure and sccm settings /certificates are all ok, otherwise OSD wouldn't work at all.

March 13th, 2014 6:51am

Is network working correctly on the model after the reboot?

Free Windows Admin Tool Kit Click here and download it now
March 13th, 2014 7:56am

yes, i opened debug window F8 and did basic tests, nslookup, ping, ipconfig etc. all seems to be ok, i can reach the DP.

i made another test run and captured the logfiles from before the reboot, to compare it with after the reboot. i noticed the certificate error messages happen already before the reboot, so i was looking in the wrong place. i will update my initial posting accordingly.

i now checked CAS.log and notice the following

before reboot:

SetCachedContentInUseFlag no change. Value : false	ContentAccess	13.03.2014 09:37:37	4684 (0x124C)
Releasing content request {F1525817-800B-4C27-A454-8CCEDDA03C05}	ContentAccess	13.03.2014 09:37:38	4912 (0x1330)
All references to Content Content_1d2d25bb-80a2-4bd7-b9e7-d7bf3f42119e.1 in cache have been removed.                   Content will be Tombstoned.	ContentAccess	13.03.2014 09:37:38	4912 (0x1330)
Saved Content ID Mapping Content_1d2d25bb-80a2-4bd7-b9e7-d7bf3f42119e.1, C:\WINDOWS\ccmcache\8	ContentAccess	13.03.2014 09:37:38	4912 (0x1330)
Requesting locations synchronously for content Content_1cd9bde3-0edc-44a4-9e32-d15a5e22a361.1 with priority Foreground	ContentAccess	13.03.2014 09:37:48	3212 (0x0C8C)
sRelatedContentIDs is <RelatedContentIDs><RelatedContentID ID="Content_15230c84-b947-4011-8596-026bc122f516.1"/><RelatedContentID ID="Content_5372b6ab-3a94-4abd-9669-f7fc717e8cd0.1"/></RelatedContentIDs>. Length = 181.	ContentAccess	13.03.2014 09:37:49	3212 (0x0C8C)
The number of discovered DPs(including Branch DP and Multicast) is 2	ContentAccess	13.03.2014 09:37:49	3212 (0x0C8C)
Calling back with the following distribution points	ContentAccess	13.03.2014 09:37:49	3212 (0x0C8C)

after reboot

SetCachedContentInUseFlag no change. Value : false	ContentAccess	13.03.2014 08:32:37	804 (0x0324)
Releasing content request {FF924E59-9BB5-471B-A01F-C5B7FC8876B5}	ContentAccess	13.03.2014 08:32:37	1308 (0x051C)
All references to Content Content_ee82154a-0895-4866-b8c1-765c46415e2b.1 in cache have been removed.                   Content will be Tombstoned.	ContentAccess	13.03.2014 08:32:37	1308 (0x051C)
Saved Content ID Mapping Content_ee82154a-0895-4866-b8c1-765c46415e2b.1, C:\WINDOWS\ccmcache\b	ContentAccess	13.03.2014 08:32:37	1308 (0x051C)
GetLogonUserSid failed at GetTokenSids 0x800703f0	ContentAccess	13.03.2014 08:34:53	1124 (0x0464)
Requesting locations synchronously for content Content_5a8cd082-c9c5-45d5-9261-80a0c8896a35.1 with priority Foreground	ContentAccess	13.03.2014 08:34:53	1124 (0x0464)
Failed to send Location Request Message	ContentAccess	13.03.2014 08:34:55	1124 (0x0464)
Failed to create Location Request Message body	ContentAccess	13.03.2014 08:34:55	1124 (0x0464)
GetLocationSyncEx failed with error 0x87d00231	ContentAccess	13.03.2014 08:34:55	1124 (0x0464)

so it seems that after the reboot, sccm client can no longer find the DP. but why? ip is the same as before reboot, network connectivity is there.

and what does "GetLogonUserSid failed at GetTokenSids" mean?

thanks!

March 13th, 2014 11:43am

i found something in LocationServices.log.

it seems the Client is trying to contact our Internet facing DP ("externaldnsentry.company.com", real name changed) after reboot, because it thinks it "is on the Internet"

Distribution Point='http://INTERNALDP.domain.local/NOCERT_SMS_DP_SMSPKG$/Content_ee82154a-0895-4866-b8c1-765c46415e2b.1', Locality='LOCAL', DPType='SERVER', Version='7958', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>', Signature='http://INTERNALDP.domain.local/NOCERT_SMS_DP_SMSSIG$/Content_ee82154a-0895-4866-b8c1-765c46415e2b.1.tar', ForestTrust='TRUE',	LocationServices	13.03.2014 08:32:29	3232 (0x0CA0)
Distribution Point='http://INTERNALDP.domain.local/SMS_DP_SMSPKG$/Content_ee82154a-0895-4866-b8c1-765c46415e2b.1', Locality='LOCAL', DPType='SERVER', Version='7958', Capabilities='<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="63"/></Capabilities>', Signature='http://INTERNALDP.domain.local/SMS_DP_SMSSIG$/Content_ee82154a-0895-4866-b8c1-765c46415e2b.1.tar', ForestTrust='TRUE',	LocationServices	13.03.2014 08:32:29	3232 (0x0CA0)
Calling back with locations for location request {B3C644CC-A7BA-4732-A4C2-9B53F4FF2DD6}	LocationServices	13.03.2014 08:32:29	3232 (0x0CA0)
Using INF MP externaldnsentry.company.com as lookup MP.	LocationServices	13.03.2014 08:34:38	2960 (0x0B90)
Attempting to retrieve site information from lookup MP(s) via HTTPS	LocationServices	13.03.2014 08:34:38	2960 (0x0B90)
Failed to send site information Location Request Message to externaldnsentry.company.com	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
Attempting to retrieve site information from lookup MP(s) via HTTP	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
Failed to refresh security settings over MP with error 0x80004005.	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
No security settings update detected.	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
Using INF MP externaldnsentry.company.com as lookup MP.	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
Attempting to retrieve site information from lookup MP(s) via HTTPS	LocationServices	13.03.2014 08:34:39	2960 (0x0B90)
Failed to send site information Location Request Message to externaldnsentry.company.com	LocationServices	13.03.2014 08:34:41	2960 (0x0B90)
Attempting to retrieve site information from lookup MP(s) via HTTP	LocationServices	13.03.2014 08:34:41	2960 (0x0B90)
Failed to refresh Site Signing Certificate over MP with error 0x80004005.	LocationServices	13.03.2014 08:34:41	2960 (0x0B90)
Refreshing Site Signing Certificate over HTTP	LocationServices	13.03.2014 08:34:41	2960 (0x0B90)
Failed to refresh Site Signing Certificate over HTTP with error 0x87d00215.	LocationServices	13.03.2014 08:34:42	2960 (0x0B90)
Using INF MP externaldnsentry.company.com as lookup MP.	LocationServices	13.03.2014 08:34:42	2960 (0x0B90)
Attempting to retrieve default management points from lookup MP(s) via HTTPS	LocationServices	13.03.2014 08:34:42	2960 (0x0B90)
LSGetManagementPointsForSiteFromManagementPoint: Client is on Internet, skipping Intranet MP list request.	LocationServices	13.03.2014 08:34:42	2960 (0x0B90)

in ClientLocation.log:

Client is in Internet	ClientLocation	13.03.2014 08:34:30	1692 (0x069C)
Current internet management point is externaldnsentry.company.com	ClientLocation	13.03.2014 08:34:30	1692 (0x069C)
Raising event:
instance of CCM_LocationServices_LocationBaseChange
{
	ClientID = "GUID:e5b6f053-86b8-4f35-b82e-6cdb3bcabc5e";
	DateTime = "20140313073430.697000+000";
	NewLocation = "Internet";
	OldLocation = "Intranet";
	ProcessID = 1660;
	ThreadID = 1692;
};
	ClientLocation	13.03.2014 08:34:30	1692 (0x069C)
Failed to submit event to the Status Agent. Attempting to create pending event.	ClientLocation	13.03.2014 08:34:30	1692 (0x069C)

how can that happen?!




  • Edited by RR Med Thursday, March 13, 2014 12:32 PM
Free Windows Admin Tool Kit Click here and download it now
March 13th, 2014 11:57am

Hi,

Could you please upload full logs to OneDrive(ClientLocation.log, LocationServices.log, Ccmsetup.log, Client.msi.log)? We need to check why the client looked for a wrong DP.

Best Regards,

Joyce Li

March 17th, 2014 3:02am

i have captured a fresh set of logfiles before the reboot and after the reboot, and uploaded to onedrive.

https: //onedrive.live.com/redir?resid=48B6D48686ADABD4!107&authkey=!AKcsm19_36QAiDI&ithint=file%2c.7z

the file is Password protected, how can i send you the Password?

Free Windows Admin Tool Kit Click here and download it now
March 17th, 2014 8:36am

we have the same issue now on a toshiba z30 Notebook. Client thinks it is "on Internet" after a TS reboot.

i have opened a case with Microsoft Support.

March 20th, 2014 11:27am

How did your support case go?  Did they ever help you find a resolution to the "Client is in Internet" problem?

Thanks,

Nash

Free Windows Admin Tool Kit Click here and download it now
April 14th, 2014 11:38pm

I'd be interested in how the support case went as well. I'm experiencing the same issue right now.
May 19th, 2014 2:37pm

+1 - same issue, how did it go?
Free Windows Admin Tool Kit Click here and download it now
May 20th, 2014 11:44pm

This is an old thread, but I think that I have the solution to your problem.

I had the same issue and symptoms in various scenarios. Sometimes it could be seen with PCs using solid state storage and other times over a slower network link. 

In either situation, the problem seems to be that the CM Client has not had time to fully initialize and get a PKI cert before starting an Application Download. The DataTransferService.log file had the following in it, which was what got me thinking about the client.

Failed in WinHttpReceiveResponse API, ErrorCode = 0x2f0c	DataTransferService	11/19/2014 8:04:25 AM	2392 (0x0958)
[CCMHTTP] ERROR: URL=https://SCCM-DP-Name:443/SMS_DP_SMSPKG$/Content_6200d4f8-fc01-4903-a210-80c8a2dc1c87.1, Port=443, Options=31, Code=12044, Text=ERROR_WINHTTP_CLIENT_AUTH_CERT_NEEDED	DataTransferService	11/19/2014 8:04:25 AM	2392 (0x0958)
Raising event:
instance of CCM_CcmHttp_Status
{
	ClientID = "GUID:4987b739-9e06-4bd8-9324-42ec148358e9";
	DateTime = "20141119130425.611000+000";
	HostName = "SCCM-DP-Name";
	HRESULT = "0x80072f0c";
	ProcessID = 1392;
	StatusCode = 600;
	ThreadID = 2392;
};
	DataTransferService	11/19/2014 8:04:25 AM	2392 (0x0958)
Successfully sent location services HTTPS failure message.	DataTransferService	11/19/2014 8:04:25 AM	2392 (0x0958)
Error sending DAV request. HTTP code 600, status ''	DataTransferService	11/19/2014 8:04:25 AM	2392 (0x0958)
GetDirectoryList_HTTP('https://SCCM-DP-Name:443/SMS_DP_SMSPKG$/Content_6200d4f8-fc01-4903-a210-80c8a2dc1c87.1') failed with code 0x80072f0c.	DataTransferService	11/19/2014 8:04:25 AM	2392 (0x0958)
Non-recoverable error retrieving manifest (0x80072f0c).	DataTransferService	11/19/2014 8:04:25 AM	2392 (0x0958)



The fix was easy, I stuck a powershell script that has the computer sleep for three minutes after each restart in the task sequence. Solved the problem with PCs that were too fast for their own good and slow network connections.

Start-sleep -seconds 180


  • Edited by ZebulonS Thursday, April 02, 2015 3:55 PM Remove server names
November 19th, 2014 4:03pm

thank you for this detailed reply, and sorry for not answering on the above questions.

microsoft support, after several weeks of "discussing" the issue with them, closed the topic with the following "solution":

this can happen if the client does not initialize fast enough after reboot. please put the "wait step" in your task sequence after each reboot.


i complained heavily, because if we put an application installation in the task sequence, we now need to make sure that after each app installation that triggers a reboot, a wait step is put inside. or in other words, we need to clutter the task sequence with "wait steps". this also means apps with reboots can not be put together in one single "install application" step (because you can't fit a wait step inbetween).

the answer to this was, that there are task sequence variables that should "fix" this problem.
Set SMSTSDownloadRetryCount
Set SMSTSDownloadRetryDelay
Set SMSTSMPListRequestTimeout

... but they did not do anything to this problem. i did not follow the case any further because it already wasted too much of my time.

and from our side i cannot confirm that this just happens with ssds or slow networks. we have this accross various models over the enterprise including vm servers (e.g. automated citrix deployments).


  • Edited by RR Med Thursday, November 20, 2014 8:13 AM
Free Windows Admin Tool Kit Click here and download it now
November 20th, 2014 8:13am

I have observed this bug as well. Not only do application downloads fail, but even status messages can be lost when this happens. The location services seem to run fairly often, so after they run again, they are able to set the  state back to Intranet, and things work. However, if Locations services runs at just the wrong time, right after a reboot and before the network is up, you have a window of "outage" that causes failures in your task sequences. Inserting the long delay mentioned above, 3 minutes, gives time for Location Services to run again.

Microsoft... please consider having your location services  wait until the network is up and running before you report that the machine is no longer in Intranet mode.

I am attempting to work around this bug by adding a service startup dependency (Netprofm) to the CCEXEC startup parameters.  The thinking is that if CCMEXEC has to wait for the network after a reboot, then when the locations services component runs, it will not get confused.

Hope this helps,

Mac

April 24th, 2015 8:59am

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics