OSD Task Sequence Fails on requesting state storage
We did a side by side upgrade of our SMS 2003 environment last spring. All seemingly went well until lately. Over the past few months we have been testing OSD with SCCM. This worked flawlessly everytime...until we tried it on some clients that had been upgraded and moved over to the new site heirarchy. When the task sequence gets to the point of requesting state storage we received the following in the smsts.log:<![LOG[Failed to import the client certificate store (0x80092024)]LOG]!><time="09:44:38.471+240" date="10-15-2009" component="OSDSMPClient" context="" type="3" thread="5948" file="smpclient.cpp:880"><![LOG[ClientRequestToMP::DoRequest failed (0x80092024).]LOG]!><time="09:44:38.471+240" date="10-15-2009" component="OSDSMPClient" context="" type="3" thread="5948" file="smpclient.cpp:1160"><![LOG[ExecuteCaptureRequestMP failed (0x80092024).]LOG]!><time="09:44:38.471+240" date="10-15-2009" component="OSDSMPClient" context="" type="3" thread="5948" file="smpclient.cpp:2688"><![LOG[ExecuteCaptureRequest failed (0x80092024).]LOG]!><time="09:44:38.471+240" date="10-15-2009" component="OSDSMPClient" context="" type="3" thread="5948" file="smpclient.cpp:2762"><![LOG[OSDSMPClient finished: 0x00002024]LOG]!><time="09:44:38.471+240" date="10-15-2009" component="OSDSMPClient" context="" type="1" thread="5948" file="main.cpp:120"><![LOG[Process completed with exit code 8228]LOG]!><time="09:44:38.471+240" date="10-15-2009" component="TSManager" context="" type="1" thread="4472" file="commandline.cpp:1102">This seems to point to a certificate problem on those clients that were upgraded. I've tried to find a solution that will work on even one machine, let alone thousands. Has anyone else encountered this?Thanks.
October 20th, 2009 8:55pm
Does the State Restore of the client excist on the State Migration Point?My Blog: http://www.petervanderwoude.nl/
October 20th, 2009 9:47pm
no it does not. It's failing on the request for storage prior to capture.
October 20th, 2009 10:36pm
as the SMP ever been used before ?my SCCM step by step Guides > http://www.windows-noob.com/forums/index.php?showtopic=1064
October 20th, 2009 10:45pm
repeatedly and always with success. The only difference in anything, is that these targets for osd were previously 2003 clients, that were upgraded in a side by side migration process. Everything else is the same to include the complete TS.
October 20th, 2009 10:53pm
so you are trying to do a state capture on them now and it's failing ? have you ever had a succesful state capture since upgrading sms2003 to sccm2007my SCCM step by step Guides > http://www.windows-noob.com/forums/index.php?showtopic=1064
October 20th, 2009 11:09pm
The task sequence works perfectly on "new clients". In other words machines that were never 2003 clients in the 2003 heiarchy. However, all clients test thus far that were upgraded fail. All other functions of SCCM work fine with these clients (patching, software delivery, inventory, etc).
October 20th, 2009 11:25pm
if you uninstall the configmgr client on one of these boxes and reinstall it, does it still failmy SCCM step by step Guides > http://www.windows-noob.com/forums/index.php?showtopic=1064
October 20th, 2009 11:29pm
Yep, tried that too. I did find this post ( http://www.myitforum.com/forums/m_200250/mpage_1/key_/tm.htm#200250)with a very similar problem. However, in my case removing/reinstalling the client did not work. And running "ccmsetup RESETKEYINFORMATION = TRUE" returns: <![LOG[Invalid ccmsetup command line: \\mysmsserver\smsclient\ccmsetup RESETKEYINFORMATION = TRUE]LOG]!
October 20th, 2009 11:42pm
Uninstall patchKB974571 off the client machineand your USMT will start working again.
October 23rd, 2009 8:12pm
Uninstall patchKB974571 off the client machineand your USMT will start working again. This was our answer.
October 23rd, 2009 9:19pm
Thank you for thisanswer, we are working 3 days for this problem, uninstall patch is solved our problem. thanks more.
October 23rd, 2009 11:18pm
great result and good info, thanks for sharingmy SCCM step by step Guides > http://www.windows-noob.com/forums/index.php?showtopic=1064
October 23rd, 2009 11:19pm
I was facing this same situation and this resolution worked for me. Props to Scottr611.I'm curious though Scottr611 how did you figure it out? I didnt see any posts relating to this anywhere.
October 28th, 2009 8:13pm
I was facing this same situation and this resolution worked for me. Props to Scottr611.I'm curious though Scottr611 how did you figure it out? I didnt see any posts relating to this anywhere. We had just pushed out the October patches. The day before OSD/USMT worked as advertised, but afterwards, OSD/USMT failed. Our field personnel picked up on the issues right away andstarted rolling back patches one at a time to see if they had made a difference in the behavior of the client.Sure enough, after they removed KB974571, the world started turning again. I credit the fix to them. I'm not sure but I think Scottr611 is one of them. ;-)Troubleshooting 101... The first question should always be, "What changed?"
October 29th, 2009 12:55am
So, hopefully MS is now aware of this and will provide some solution?????? Thanks for the help!
November 2nd, 2009 6:38pm
My organization also experienced OSD issues where the TS would fail after running the Windows mini-setup and before the SCCM client install. Uninstalling KB974571 resolved the issue for us too, thank you Scott.The problem was made even more interesting for us because using the boot CD to start an OSD worked everytime, it only failed when kicking off from Run Advertised Programs, and then only if the computer object was in a certain Active Directory OU. I could not find any difference in the GPO or login script on a "good" or "bad" OU, this fix is perfect.And if anyone else runs across this problem, I believe I found the smsts.log file in the Docs and settings-Adminstrator-Local Settings-Temp folder whichindicated a certificate failure.
November 10th, 2009 1:16am
I too am experiencing the same problem, with the same solution. However, until 100% confirmed by MS that this is a known problem with this patch, my organisation is reluctant to roll this patch back en-mass. However, it's potentially a biggie for us, as we're going through an upgrade to Vista (I know, not W7, timing wasn't right) from W2K and XP right now, and we're needing to resort to manual methods for USMT.A suggestion has been made to force an uninstall of this patch (followed by a reboot of course) during the task sequence that would otherwise fail, but that seems a little bit too much.Anyone know if (and when) MS will beupdating this article (http://support.microsoft.com/kb/974571) to include SCCM OSD in the list of Known Issues?
November 25th, 2009 4:32pm
How to Uninstall patchKB974571? I don't find it in add remove program....
December 7th, 2009 1:30pm
I got some news from someone working for MS, this is a known bug and the dev team is working on a hotfix. I'll try to post something if I get more information about the hotfix release date.
December 11th, 2009 5:49pm
Ok latest news I have about the issue is that MS is working on not only a fix to that issue but a way to repair the damage that is being done.And here are the instruction to use to workaround the issue before doing an OSD:Before the cert fix tool is released, as a temporary solution you can manually correct the issue in existing certificates by the procedure below (and then you will be able to run the OSD procedure). 1. On a target agent, run "mmc.exe", click File> Add/Remove Snap-in, click Add, highlight the Certificates snap-in, and click Add.2. In the Certificates snap-in dialog box, choose "Computer account", click Next, and click Finish.3. Click Close to close the Add Standalone Snap-in dialog box, and click OK to close the Add/Remove Snap-in dialog box.4. Browse to Certificates (Local Computer)> SMS> Certificates. You will have two certificates in the right pane -- SMS Encryption Certificate and SMS Signing Certificate.5. Double-click to open one of the certificates, say SMS Encryption Certificate.6. On the Details tab, click Edit Properties.7. Edit the Friendly name to make it something like SMS Encryption Certificate1.8. Click OK to close the two dialog boxes.9. Double-click to open the certificate again. Edit the Friendly name back to SMS Encryption Certificate. Click OK to close the two dialog boxes.10. Repeat the steps 5 - 9 on the other certificate.
December 12th, 2009 10:31pm
I have created a .NET console program, that does the same, but this way I can deploy it to all our machines. Below is the sample codeJust remember that .NET code by default only runs full trust when running from local drives, so set adv. to download before execute.--------------------Imports System.Security.CryptographyImports System.Security.Cryptography.X509Certificates Module Module1 Sub Main() Dim store As New X509Store("SMS", StoreLocation.LocalMachine) store.Open(OpenFlags.ReadWrite) Dim storecollection As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection) Dim x509 As X509Certificate2 For Each x509 In storecollection x509.FriendlyName = x509.FriendlyName & "-1" Next x509 Dim storecollection1 As X509Certificate2Collection = CType(store.Certificates, X509Certificate2Collection) For Each x509 In storecollection1 If InStr(x509.FriendlyName, "-1") <> 0 Then x509.FriendlyName = Left(x509.FriendlyName, Len(x509.FriendlyName) - 2) End If Next x509 ' ' You might be able to touch the Friendlyname in one step, but I do it in two steps to be sure it works ' Console.WriteLine("SMS Certificates show now have been fixed") End Sub End Module--------------------
January 12th, 2010 5:20pm
It's fixed?http://support.microsoft.com/?kbid=977203 - User state migration fails on a SCCM 2007 SP1 client or on a SCCM 2007 SP2 client after you install security update 974571Anyone ready to try it? I will be soon, but not just yet (planning SP2 upgrade at the mo., and have workarounds in place for the moment).
February 8th, 2010 1:19pm
EUREKA! Thank you. This took care of the error:The administrative limit for this request was exceeded. (Error: 00002024; Source: Windows)
March 12th, 2010 10:16pm
March 16th, 2010 10:45am
I had the same problem and this worked for me ! thanks !David Sebban | Nelite France
April 8th, 2011 9:04am