Since the upgrade to SCCM 2012 R2 SP1, new clients are not registering with the server. The two following lines seems to be linked to this:

<![LOG[[RegTask] - Client registration is pending. Sending confirmation request for GUID:0EA5256B-046D-43A7-B096-8C46649EF5FB ...]LOG]!><time="09:51:28.786+240" date="05-29-2015" component="ClientIDManagerStartup" context="" type="1" thread="5724" file="regtask.cpp:1721">
<![LOG[Failed to open to WMI namespace '\\.\root\ccm' (80041003)]LOG]!><time="09:51:33.856+240" date="05-29-2015" component="CcmMessaging" context="" type="3" thread="5724" file="wminamespace.cpp:305">

<![LOG[[RegTask] - Sleeping for 120 seconds ...]LOG]!><time="09:51:33.981+240" date="05-29-2015" component="ClientIDManagerStartup" context="" type="1" thread="5724" file="regtask.cpp:1420">

<![LOG[Raising event:

instance of CCM_CcmHttp_Status
{
    ClientID = "GUID:0EA5256B-046D-43A7-B096-8C46649EF5FB";
    DateTime = "20150529135133.934000+000";
    HostName = "060DP2.vd.cerfs";
    HRESULT = "0x00000000";
    ProcessID = 5176;
    StatusCode = 0;
    ThreadID = 5724;
};
]LOG]!><time="09:51:33.934+240" date="05-29-2015" component="CcmMessaging" context="" type="1" thread="5724" file="event.cpp:715">

I compared the WMI permissions on \\root\ccm with a computer that was already working before the upgrade and the permissions are the same. I also deleted \\root\ccm and created a new WMI repository; nothing worked.

The last message before that, of your snippet, is that the registration is pending. Did you check the server-side to see if your management point is still registering clients? For example check the MP_RegistrationManager.log for some more information.

Are these intranet clients?
Ensure all component services are running properly in ConfigMgr Service Manager.
Also on server side please check MP_RegistrationManager.log and on the Client side have a look at ClientLocation.log and PolicyAgent.log for any errors.

Thanks

We are experiencing the same issue. All intranet clients, HTTPS environment. New clients get the correct MP and site code, but all the components remain at "installed" status. This started after installing R2 SP1.

We've tried:
Renewing the certificates
Selecting HTTPS or HTTP from site system settings
Reinstalling the MP role
Adding a second MP with HTTP only

on new clients
/sms_mp/.sms_aut?mplist
/sms_mp/.sms_aut?mpcert
both give out 403 (403 7 5 1429 1 more specifically) 

Log snippets:

CCMMessaging.log

Failed to open to WMI namespace '\\.\root\ccm' (80041003) CcmMessaging 1.6.2015 7:48:20 316 (0x013C)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0";
 DateTime = "20150601044820.244000+000";
 HostName = "CMHOST";
 HRESULT = "0x00000000";
 ProcessID = 3692;
 StatusCode = 0;
 ThreadID = 316;
};
 CcmMessaging 1.6.2015 7:48:20 316 (0x013C)

MP_RegistrationManager.log snippet:

Processing Registration request from Client 'GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
Begin validation of Certificate [Thumbprint 686EA2B1533C7C720DA084B82B10A7E0BA72B86A] issued to 'TESTPC123' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
Completed validation of Certificate [Thumbprint 686EA2B1533C7C720DA084B82B10A7E0BA72B86A] issued to 'TESTPC123' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
MP Reg: DDR written to [..\inboxes\auth\ddm.box\regreq\EQ2Z3NO7.RDR] for Client [GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0] with Subject [S-1-5-21-2052111302-343818398-1801674531-156882] Certificate Thumbprint [686EA2B1533C7C720DA084B82B10A7E0BA72B86A] MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)

Meanwhile in ClientIDManagerStartup.log

[RegTask] - Client is not registered. Sending registration request for GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0 ... ClientIDManagerStartup 1.6.2015 7:48:15 316 (0x013C)
[RegTask] - Client registration is pending. Server assigned ClientID is GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0 ClientIDManagerStartup 1.6.2015 7:48:20 316 (0x013C)

BGBServer.log has many of these:

ERROR: Invalid message header from client when receive SignIn message. readSize 0 != 14 SMS_NOTIFICATION_SERVER 1.6.2015 11:24:20 13072 (0x3310)

DDM.log has many of these:

Processing file XWOH9XE4.RDR SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
ApprovalMethod = 1 SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
exec spUpdateClientRegistration N'CM1', N'GUID:FE93B929-39CC-4D98-AF21-ECB919712C90', NULL, <a lot of snipped data> N'2015-05-25 04:57:37.000', N'2016-05-24 04:57:37.000', 0,NULL ,NULL ,N'2:CE0B100088958466037B2BBF2E5D155D63A2692F',NULL ,0,1,0,1,0, 1, N'5.00.8239.1000',N'TESTPC321',N'TESTPC321.local', 0 SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
*** [42000][8169][Microsoft][SQL Server Native Client 11.0][SQL Server]Conversion failed when converting from a character string to uniqueidentifier. : SMSDBMON_ClientKeyData_PfxCertsClientKeyData_Chg_upd SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
Moving bad file XWOH9XE4.RDR to .\inboxes\auth\ddm.box\regreq\BAD_DDRS\XWOH9XE4.RDR. SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
CDiscoverDataManager::ProcessDDRs_PS - Moved bad DDR SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)

ClientLocation.log doesn't show any errors, it shows all the correct data about discoveries. PolicyAgent.log only has the line "Processing preshutdown event".

All existing clients work fine, and communicate to the MP using HTTPS.

• Edited by Node M 20 hours 49 minutes ago typo

We are experiencing the same issue. All intranet clients, HTTPS environment. New clients get the correct MP and site code, but all the components remain at "installed" status. This started after installing R2 SP1.

We've tried:
Renewing the certificates
Selecting HTTPS or HTTP from site system settings
Reinstalling the MP role
Adding a second MP with HTTP only

on new clients
/sms_mp/.sms_aut?mplist
/sms_mp/.sms_aut?mpcert
both give out 403 (403 7 5 1429 1 more specifically) 

Log snippets:

CCMMessaging.log

Failed to open to WMI namespace '\\.\root\ccm' (80041003) CcmMessaging 1.6.2015 7:48:20 316 (0x013C)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0";
 DateTime = "20150601044820.244000+000";
 HostName = "CMHOST";
 HRESULT = "0x00000000";
 ProcessID = 3692;
 StatusCode = 0;
 ThreadID = 316;
};
 CcmMessaging 1.6.2015 7:48:20 316 (0x013C)

MP_RegistrationManager.log snippet:

Processing Registration request from Client 'GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
Begin validation of Certificate [Thumbprint 686EA2B1533C7C720DA084B82B10A7E0BA72B86A] issued to 'TESTPC123' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
Completed validation of Certificate [Thumbprint 686EA2B1533C7C720DA084B82B10A7E0BA72B86A] issued to 'TESTPC123' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
MP Reg: DDR written to [..\inboxes\auth\ddm.box\regreq\EQ2Z3NO7.RDR] for Client [GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0] with Subject [S-1-5-21-2052111302-343818398-1801674531-156882] Certificate Thumbprint [686EA2B1533C7C720DA084B82B10A7E0BA72B86A] MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)

Meanwhile in ClientIDManagerStartup.log

[RegTask] - Client is not registered. Sending registration request for GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0 ... ClientIDManagerStartup 1.6.2015 7:48:15 316 (0x013C)
[RegTask] - Client registration is pending. Server assigned ClientID is GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0 ClientIDManagerStartup 1.6.2015 7:48:20 316 (0x013C)

BGBServer.log has many of these:

ERROR: Invalid message header from client when receive SignIn message. readSize 0 != 14 SMS_NOTIFICATION_SERVER 1.6.2015 11:24:20 13072 (0x3310)

DDM.log has many of these:

Processing file XWOH9XE4.RDR SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
ApprovalMethod = 1 SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
exec spUpdateClientRegistration N'CM1', N'GUID:FE93B929-39CC-4D98-AF21-ECB919712C90', NULL, <a lot of snipped data> N'2015-05-25 04:57:37.000', N'2016-05-24 04:57:37.000', 0,NULL ,NULL ,N'2:CE0B100088958466037B2BBF2E5D155D63A2692F',NULL ,0,1,0,1,0, 1, N'5.00.8239.1000',N'TESTPC321',N'TESTPC321.local', 0 SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
*** [42000][8169][Microsoft][SQL Server Native Client 11.0][SQL Server]Conversion failed when converting from a character string to uniqueidentifier. : SMSDBMON_ClientKeyData_PfxCertsClientKeyData_Chg_upd SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
Moving bad file XWOH9XE4.RDR to .\inboxes\auth\ddm.box\regreq\BAD_DDRS\XWOH9XE4.RDR. SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
CDiscoverDataManager::ProcessDDRs_PS - Moved bad DDR SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)

ClientLocation.log doesn't show any errors, it shows all the correct data about discoveries. PolicyAgent.log only has the line "Processing preshutdown event".

All existing clients work fine, and communicate to the MP using HTTPS.

• Edited by Node M 20 hours 47 minutes ago typo

We are experiencing the same issue. All intranet clients, HTTPS environment. New clients get the correct MP and site code, but all the components remain at "installed" status. This started after installing R2 SP1.

We've tried:
Renewing the certificates
Selecting HTTPS or HTTP from site system settings
Reinstalling the MP role
Adding a second MP with HTTP only

on new clients
/sms_mp/.sms_aut?mplist
/sms_mp/.sms_aut?mpcert
both give out 403 (403 7 5 1429 1 more specifically) 

Log snippets:

CCMMessaging.log

Failed to open to WMI namespace '\\.\root\ccm' (80041003) CcmMessaging 1.6.2015 7:48:20 316 (0x013C)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0";
 DateTime = "20150601044820.244000+000";
 HostName = "CMHOST";
 HRESULT = "0x00000000";
 ProcessID = 3692;
 StatusCode = 0;
 ThreadID = 316;
};
 CcmMessaging 1.6.2015 7:48:20 316 (0x013C)

MP_RegistrationManager.log snippet:

Processing Registration request from Client 'GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
Begin validation of Certificate [Thumbprint 686EA2B1533C7C720DA084B82B10A7E0BA72B86A] issued to 'TESTPC123' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
Completed validation of Certificate [Thumbprint 686EA2B1533C7C720DA084B82B10A7E0BA72B86A] issued to 'TESTPC123' MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)
MP Reg: DDR written to [..\inboxes\auth\ddm.box\regreq\EQ2Z3NO7.RDR] for Client [GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0] with Subject [S-1-5-21-2052111302-343818398-1801674531-156882] Certificate Thumbprint [686EA2B1533C7C720DA084B82B10A7E0BA72B86A] MP_RegistrationManager 1.6.2015 7:48:20 32384 (0x7E80)

Meanwhile in ClientIDManagerStartup.log

[RegTask] - Client is not registered. Sending registration request for GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0 ... ClientIDManagerStartup 1.6.2015 7:48:15 316 (0x013C)
[RegTask] - Client registration is pending. Server assigned ClientID is GUID:cd7f114a-f690-4451-8b15-1c66b3c95ba0 ClientIDManagerStartup 1.6.2015 7:48:20 316 (0x013C)

BGBServer.log has many of these:

ERROR: Invalid message header from client when receive SignIn message. readSize 0 != 14 SMS_NOTIFICATION_SERVER 1.6.2015 11:24:20 13072 (0x3310)

DDM.log has many of these:

Processing file XWOH9XE4.RDR SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
ApprovalMethod = 1 SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
exec spUpdateClientRegistration N'CM1', N'GUID:FE93B929-39CC-4D98-AF21-ECB919712C90', NULL, <a lot of snipped data> N'2015-05-25 04:57:37.000', N'2016-05-24 04:57:37.000', 0,NULL ,NULL ,N'2:CE0B100088958466037B2BBF2E5D155D63A2692F',NULL ,0,1,0,1,0, 1, N'5.00.8239.1000',N'TESTPC321',N'TESTPC321.local', 0 SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
*** [42000][8169][Microsoft][SQL Server Native Client 11.0][SQL Server]Conversion failed when converting from a character string to uniqueidentifier. : SMSDBMON_ClientKeyData_PfxCertsClientKeyData_Chg_upd SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
Moving bad file XWOH9XE4.RDR to .\inboxes\auth\ddm.box\regreq\BAD_DDRS\XWOH9XE4.RDR. SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)
CDiscoverDataManager::ProcessDDRs_PS - Moved bad DDR SMS_DISCOVERY_DATA_MANAGER 1.6.2015 11:17:57 24304 (0x5EF0)

ClientLocation.log doesn't show any errors, it shows all the correct data about discoveries. PolicyAgent.log only has the line "Processing preshutdown event".

All existing clients work fine, and communicate to the MP using HTTPS.

• Edited by Node M Monday, June 01, 2015 10:58 AM typo

I installed a new client this morning with still the same problem. In MP_RegistrationManager.log, I get those log entries for this client:

Processing Registration request from Client 'GUID:FF35CE10-9486-4A1C-B71E-1034C006ADFF'	MP_RegistrationManager	2015-06-01 09:59:18	3604 (0x0E14)
Begin validation of Certificate [Thumbprint D590BE85F3FE757B9F5ED94560B255166525A3C2] issued to 'W70PLAH103X00V.vd.cerfs'	MP_RegistrationManager	2015-06-01 09:59:18	3604 (0x0E14)
Completed validation of Certificate [Thumbprint D590BE85F3FE757B9F5ED94560B255166525A3C2] issued to 'W70PLAH103X00V.vd.cerfs'	MP_RegistrationManager	2015-06-01 09:59:18	3604 (0x0E14)
MP Reg: DDR written to [E:\SMS\mp\outboxes\rdr.box\L0N8X42A.RDR] for Client [GUID:FF35CE10-9486-4A1C-B71E-1034C006ADFF] with Subject [S-1-5-21-3374974842-646949122-2071794536-49693] Certificate Thumbprint [D590BE85F3FE757B9F5ED94560B255166525A3C2]	MP_RegistrationManager	2015-06-01 09:59:18	3604 (0x0E14)

Which seems right but the client still has no certificate and no policies.

However for other client I see those messages:

Processing Registration request from Client 'GUID:346E9171-1D1A-4B44-9859-F5A042821DD3'	MP_RegistrationManager	2015-06-01 10:52:31	1136 (0x0470)
Begin validation of Certificate [Thumbprint 7F3DD609B2A4FEA8E2241C1E5571DADEB5D7B736] issued to 'W45PCLB106X02B.vd.cerfs'	MP_RegistrationManager	2015-06-01 10:52:31	1136 (0x0470)
Completed validation of Certificate [Thumbprint 7F3DD609B2A4FEA8E2241C1E5571DADEB5D7B736] issued to 'W45PCLB106X02B.vd.cerfs'	MP_RegistrationManager	2015-06-01 10:52:31	1136 (0x0470)
Registration hint is expired.	MP_RegistrationManager	2015-06-01 10:52:31	1136 (0x0470)
CCMValidateAuthHeaders failed (0x87d0029b) to validate headers for client 'GUID:346E9171-1D1A-4B44-9859-F5A042821DD3'.	MP_RegistrationManager	2015-06-01 10:52:31	1136 (0x0470)

Check to ensure the clients are not in provisioning mode 

reg query hklm\software\microsoft\ccm\ccmexe

You will get back something similar to this

HKEY_LOCAL_MACHINE\software\microsoft\ccm\ccmexec

    CheckIdleEndpointSeconds    REG_DWORD    0x12c

    CheckMemorySeconds    REG_DWORD    0x3c

    FileCleanupSeconds    REG_DWORD    0xa8c0

    CoFreeSeconds    REG_DWORD    0x258

    LowMemoryThresholdMBytes    REG_DWORD    0x14

    SystemTaskExcludes    REG_SZ

    CheckUserSeconds    REG_DWORD    0x258

    ProvisioningMode    REG_SZ    false

    ADTimeOutSeconds    REG_DWORD    0x258

If Provisioning mode is "true" then the sccm client must be taken out of provisioning mode before all of the client components will be fully functional. 

Here is a powershell snippet to bring the client out of provisioning mode

Invoke-WmiMethod namespace root\CCM class SMS_Client name SetClientProvisioningMode ArgumentList $false

 

It doesn't seems to be that:

C:\WINDOWS\system32>reg query hklm\SOFTWARE\Microsoft\CCM\CcmExec /v ProvisioningMode

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\CCM\CcmExec
    ProvisioningMode    REG_SZ    false

There is a good post stepping through the client approval process for 2007. You might try reviewing the troubleshoot steps to see if they lead to your issue http://blogs.technet.com/b/configurationmgr/archive/2010/01/20/how-it-works-automatic-client-approval-in-configuration-manager-2007.aspx

Hi Blanalex,

Could you please try the below troubleshooting steps:

First publish the CRL and verify that it can be accessed from the client. You can verify whether the CRL is accessible by running the below command:

Certutil verify urlfetch <cert name>.cer

If this shows that the CRL is not accessible, check the ports. You may notice that port 10123 is blocked.

Port 10123 is used by the Management Point to notify client computers about an action that it must take when an administrative user selects a client action in the Configuration Manager console, such as download computer policy or initiate a malware scan. If this is blocked, add the following as an exception to the Windows Firewall:

Outbound: TCP Port 10123

If this communication does not succeed, Configuration Manager automatically falls back to using the existing client-to-Management Point communication port of HTTP or HTTPS:

Outbound: TCP Port 80 (for HTTP communication)
Outbound: TCP Port 443 (for HTTPS communication)

Thanks
________________________________________
Don't forget to mark helpful posts, and answers. It helps others to find relevant posts to the same question.

This is a really extensive guide (packet trace!) I don't have the time right now to go through this but I'll definitly try it out. In the mean time I have a new element:

This is not really new client that can't register. This is computers already known by SCCM that I'm reinstalling with a task sequence. However, if I delete the system resource in the console and restart the client, the client can now get it's policies correctly.

Have you checked the client record to see if it needs to be approved or if there is a conflicting record after the build? 

No doesn't seem to be the case. When a right-click on a client record, the Approve action is grayed out and there's no duplicate entries.

We found this:

http://www.windows-noob.com/forums/index.php?/topic/12499-no-client-certificate-after-r2-sp1-upgrade-failed-to-register/

It worked for us, we'll wait for the next cumulative update for the real fix.

• Proposed as answer by Jon Warnken 13 hours 57 minutes ago

Good to hear you got it resolved