Hi - I know this question has been asked many times before - but I have tried almost everything and a no closer to solving the problem.

Background: Recently a SCCM 2012 SP1 single stand-alone site was upgraded to SCCM 2012 R2. The site is a single stand-alone primary site with a single DP, single MP, using mixed mode (HTTP). The R2 upgrade ran without any problem and all SCCM components are showing as healthy.

A few test SCCM 2012 SP1 clients were upgraded to the R2 client using client-push.

However the upgraded clients are not retrieving policy from the Management Point. In the Actions Tab of the SCCM client, only Machine Policy Retrieval and User Policy Retrieval are available. But kicking of those actions does not result in any of the advertised applications, Task Sequences becoming available. Infact Custom Client Settings are not being set either (e.g. Organisation Name in software Center).

I have checked and rechecked the following:

• The upgrade of the client completed successfully (checked ccmsetup.log) and the version number went from 5.00.7804.1000 (SP1) to 5.00.7958.1000 (R2).
• The MP health in the SCCM console is showing healthy.
• The MP access URL's load correctly when run from SCCm client computers
  • http://<ServerName>/sms_mp/.sms_aut?mplist is ok
  • http://<ServerName>/sms_mp/.sms_aut?mpcert is ok
• The SCCM clients are assigned to the site correctly verified via the SCCM client and ClientLocation.Log
• ClientIDManager.Log is not showing any errors
• CCMExec.log and ExecMgr.log don't show any advertisements being executed (Execmgr.log is almost empty and only has "Software ditrbution site settings policy does not yet exist on the client). If the client is not yest registered this is expected behaviour")
• The SCCM clients are Approved and NOT Blocked in SCCM
• I have attempted to upgrade the SCCM client and also completely removed and reinstalled - and both have the same result (no client policy dpwnloaded)
• I have also deleted the above clients completely from SCCM, Run divoery again and pushed the client to the machines again ...with the same result (SCCM client installs, assigns to correct site and then no policy downloaded)
• SCCM 2012 Boundaries are configured correctly and assigned to Boundary Groups correctly
• The SCCM clients do not have the firewall enabled
• Changed boundary from AD Site to Subnet to IP Address Range: Same issue exists
• Uninstalled MP role and reinstalled it: same Issue exists
• Tried to connect to SCCm client using 3rd party SCCM Client center tool but cannot connect
• ??? Not sure what else to try ???

• Edited by GeekierThanYou Monday, March 24, 2014 10:18 PM Updated

Thanks everyone for the suggestions - I have tried most of them with no success

#1) Changed the boundary to an IP Address Range = No change in client behaviour

#2) Restarting CCMExec - this happens when the SCCM client is reinstalled = No change in client behaviour

#3) Uninstalled the MP and reinstalled it = No change in client behaviour

#4) SCCM Client Center (great tool which I used in SCCm 2007 - didn't realise it was updated for SCCM 2012). However I can't connect to any SCCM Client using this - not sure why since the clients are on the same subnet as the SCCM Primary Site server and there are no firewall's/AV enabled on the SCCm server or the clients!

Just weird that the clients can't talk to the SCCM Primary Site server!

• Edited by GeekierThanYou Thursday, March 20, 2014 9:20 PM

Hello everyone - sorry for the slow response (weekend).

I have done a complete fresh SCCM 2012 R2 client install on a VM and have uploaded the requested logs to a public Google Drive store: http://bit.ly/1nV9hIb

Logs uploaded:

CcmExec.log

CcmMessaging.log

ClientIDManagerStartup.log

ClientLocation.log

execmgr.log

LocationServices.log

PolicyAgent.log

Any assistance would be greatly appreciated!

• Edited by GeekierThanYou Monday, March 24, 2014 10:13 PM

Hello, I did a fresh install of a client and research.

Agent is installed, it has found MP and site, Certificate - None,

ClientIDManagerStartup.log:

Failed to send registration request message. Error: 0x87d00309

I checked client ID in the MP_RegistrationManager.log:

Processing Registration request from Client 'GUID:8FB56521-A4CB-4968-9E37-D8BA35838767'

Begin validation of Certificate [Thumbprint A466797C487D34320D1EC257EB61C9D69CFDEA2F] issued to 'SMS'

Completed validation of Certificate [Thumbprint A466797C487D34320D1EC257EB61C9D69CFDEA2F] issued to 'SMS'

MP Reg: DDR written to [C:\Program Files\Microsoft Configuration Manager\inboxes\auth\ddm.box\regreq\KEQU5XHK.RDR] for Client [GUID:8FB56521-A4CB-4968-9E37-D8BA35838767] with Certificate Thumbprint [A466797C487D34320D1EC257EB61C9D69CFDEA2F]

MP Reg: Processing completed. Completion state = 0

What should I to check next?

• Edited by Andev Tuesday, June 03, 2014 10:43 AM

Hi all - sorry for the late response.

We managed to resolve the issue after logging a job with Microsoft Support.

The issue was that the SCCM 2012 R2 upgrade corrupted 2 tables in the SCCM Database - leading to corrupt SCCM client policies.

I am pasting the resolution email from Microsoft below:

(NOTE: This may not be the exact sypmtoms you are experiencing so do not implement this fix assuming it will fix your problem!)

ISSUE: 

- All clients are unable to download policies from the server

CAUSE:

- Bad policies in the Database

RESOLUTION: 

-Issue with PADbID - Run below query against SCCM DB to verify corrupt entries:

SELECT * FROM ResPolicyMap WHERE machineid = 0 and PADBID IN (SELECT PADBID FROM PolicyAssignment WHERE BodyHash IS NULL)

Confirmed Bad policies entries in the SCCM database

Run below query to delete the bad policy after which we resolved the issue:

Delete FROM ResPolicyMap WHERE machineid = 0 and PADBID IN (SELECT PADBID FROM PolicyAssignment WHERE BodyHash IS NULL)"

• Proposed as answer by Anoop C Nair Wednesday, June 04, 2014 2:34 AM

This worked perfectly.

Thanks