SCCM Client Registration Error when trying to install client
We have a single computer (Windows Server 2003 SP2) that we are unable to get the client installed to. From the ccmsetup.log the installation is successful, but the ClientIDManagerStartup.log shows the same error every 10 minutes as it tries to register to the site:
RegTask - Executing registration task synchronously.ClientIDManagerStartup12/4/2008 2:07:07 PM9284 (0x2444)Read SMBIOS (encoded): 480051005A003800430032003100ClientIDManagerStartup12/4/2008 2:07:07 PM9284 (0x2444)Evaluated SMBIOS (encoded): 480051005A003800430032003100ClientIDManagerStartup12/4/2008 2:07:07 PM9284 (0x2444)No SMBIOS ChangedClientIDManagerStartup12/4/2008 2:07:07 PM9284 (0x2444)SMBIOS unchangedClientIDManagerStartup12/4/2008 2:07:07 PM9284 (0x2444)SID unchangedClientIDManagerStartup12/4/2008 2:07:07 PM9284 (0x2444)HWID unchangedClientIDManagerStartup12/4/2008 2:07:07 PM9284 (0x2444)RegTask: Initial backoff interval: 1 minutesClientIDManagerStartup12/4/2008 2:07:08 PM9284 (0x2444)RegTask: Reset backoff interval: 257 minutesClientIDManagerStartup12/4/2008 2:07:08 PM9284 (0x2444)RegEndPoint: Event notification: CCM_RemoteClient_ReassignedClientIDManagerStartup12/4/2008 2:07:09 PM8492 (0x212C)RegEndPoint: Received notification for site assignment change from '<none>' to 'DM1'.ClientIDManagerStartup12/4/2008 2:07:09 PM8492 (0x212C)GetSystemEnclosureChassisInfo: IsFixed=TRUE, IsLaptop=FALSEClientIDManagerStartup12/4/2008 2:07:09 PM9284 (0x2444)Computed HardwareID=2:E2D9009C93867AC39C0FD3C59C68A0087757F8FAWin32_SystemEnclosure.SerialNumber=HQZ8C21Win32_SystemEnclosure.SMBIOSAssetTag= Win32_BaseBoard.SerialNumber=..CN137402CP050E.Win32_BIOS.SerialNumber=HQZ8C21Win32_NetworkAdapterConfiguration.MACAddress=00:08:74:AF:0D:9EClientIDManagerStartup12/4/2008 2:07:09 PM9284 (0x2444)RegTask: Client is not registered. Sending registration request...ClientIDManagerStartup12/4/2008 2:07:09 PM9284 (0x2444)RegTask: Server rejected registration request: 3ClientIDManagerStartup12/4/2008 2:07:10 PM9284 (0x2444)RegTask: Initial backoff interval: 1 minutesClientIDManagerStartup12/4/2008 2:07:12 PM9284 (0x2444)RegTask: Reset backoff interval: 257 minutesClientIDManagerStartup12/4/2008 2:07:12 PM9284 (0x2444)Already refreshed within the last 10 minutes, Sleeping for the next 9 minutes before reattempt.ClientIDManagerStartup12/4/2008 2:07:12 PM9284 (0x2444)GetSystemEnclosureChassisInfo: IsFixed=TRUE, IsLaptop=FALSEClientIDManagerStartup12/4/2008 2:17:08 PM9284 (0x2444)Computed HardwareID=2:E2D9009C93867AC39C0FD3C59C68A0087757F8FAWin32_SystemEnclosure.SerialNumber=HQZ8C21Win32_SystemEnclosure.SMBIOSAssetTag= Win32_BaseBoard.SerialNumber=..CN137402CP050E.Win32_BIOS.SerialNumber=HQZ8C21Win32_NetworkAdapterConfiguration.MACAddress=00:08:74:AF:0D:9EClientIDManagerStartup12/4/2008 2:17:08 PM9284 (0x2444)RegTask: Client is not registered. Sending registration request...ClientIDManagerStartup12/4/2008 2:17:08 PM9284 (0x2444)RegTask: Server rejected registration request: 3ClientIDManagerStartup12/4/2008 2:17:08 PM9284 (0x2444)RegTask: Initial backoff interval: 1 minutesClientIDManagerStartup12/4/2008 2:17:11 PM9284 (0x2444)RegTask: Reset backoff interval: 257 minutesClientIDManagerStartup12/4/2008 2:17:11 PM9284 (0x2444)Already refreshed within the last 10 minutes, Sleeping for the next 9 minutes before reattempt.ClientIDManagerStartup12/4/2008 2:17:11 PM9284 (0x2444)
I found some information on the "Server Rejected Registration Request: 3" error, where the certificate might be the problem. We are in mixed mode and are not using SSL certificates, and the self signed certificate is installed on the local machine. We have tried uninstalling the client and deleting the two certificates; however a re-installation sees the exact same errors in the log, and the client never fully installs.
Any ideas? Thanks!
Brandon
December 4th, 2008 3:20pm
Could you open locationservices.log to see whether the client can find the correct site code and the correct MP to talk to? If not, the would explain why the client can't register. If the client can't get the correct site code, you can try to force the client to assign to the correct site by enter the correct site code to the client UI.
Thanks,
Minh.
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2008 4:16pm
Here is the sequence of events in the locationservices.log:
Attempting to retrieve default management point from ADLocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)Retrieved Default Management Point from AD: sysadmin06.corp.ruan.comLocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)Persisting the default management point in WMILocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)Persisted Default Management Point Location locallyLocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)Attempting to retrieve local MP from ADLocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)Current AD site of machine is Default-First-Site-NameLocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)Retrieved local Management Point from AD: sysadmin06.corp.ruan.comLocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)The 'Certificate Store' is empty in the registry, using default store name 'MY'.LocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)Refreshing client operational settings over ADLocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)Refreshed security settings over ADLocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)No security settings update detected.LocationServices12/4/2008 3:15:51 PM3572 (0x0DF4)
It does see my MP and AD site. It doesn't show the site code, but it does see the server information in AD. I am not having problems with other client installs at this time. Thanks!
Brandon
December 4th, 2008 4:23pm
I hit send too early...
Also, the site code does successfully show up on the "Advanced" tab in the Configuration Manager window on the client, and it is assigned to the correct site code in the SCCM console (site code is listed and Assigned column is "yes"). Thanks!
Brandon
Free Windows Admin Tool Kit Click here and download it now
December 4th, 2008 4:25pm
Hi BrandonDid you solve this ?I've got the same on a few machines. I've tried everything except rebuilding.Other machines in the same AD site is working without any issues.Please tell me you found the answer :)RegTask: Server rejected registration request: 3G-Man8
April 16th, 2009 12:03pm
unfortunately I never did - we ended up retiring the server that the problem was on, so it became a non-issue. Thanks!
Free Windows Admin Tool Kit Click here and download it now
June 3rd, 2009 3:48pm
in my case, i found the cert causing the issue.
During the client installation via push, it selected an existing certificate with client auth capability, but for different purpose and different key length.
>>> Client selected the PKI Certificate [Thumbprint 6BD82B1851ECBB0B0FBA6654BCF1CC68E668CE34] issued to 'Wireless Music Sync'
The MP rejected the client due to the key length.
"MP has rejected registration request from GUID:23A5A4C2-7F7E-4A86-B66D-614683EB21E2 because the Client Certificate has insufficient key length."
To solve it, modify the client certificate select criteria in the site properties uder Client Computer Computer Communication tab.
BTW, this is SCCM 2012 hierarchy, without a PKI
May 4th, 2012 12:35pm
For 2012 questions, you should start a new thread in the 2012 forums:
http://social.technet.microsoft.com/Forums/en-US/category/systemcenter2012configurationmanager.
Have you enabled HTTPS communication on the MP? If so, certificates (generally issues by an internally PKI) are required.Jason | http://blog.configmgrftw.com | Twitter @JasonSandys
Free Windows Admin Tool Kit Click here and download it now
May 4th, 2012 2:14pm