SCCM Client in untrusted forest

I've installed a client in an untrusted forest using the following command line

SMSSITECODE = xxx SMSMP=FQDN FSP=FQDN DNSSUFFIX=suffix

I see the machine in SCCM (unapproved but that's expected).  However, the client is only partially installed (only two actions in the control panel applet)

Looking at locationServices, I see that the client is looking to AD, then registry then DNS for its location and it's complaining that it can't find anything.

I haven't published site information to the untrusted forest, is that the recommendation? 

June 23rd, 2015 8:33am

Hi,

Did you approve it? otherwise the client will not show more than to actions in the control panel applett as it is not approved to talk to the SCCM Site.

Regards,
Jrgen

Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2015 8:38am

Yes we did, in LocationServices I am seeing

failed to retrieve MP certificate encryption info from AD

Failed to retrieve root site code from AD

June 23rd, 2015 8:41am

This single line does not help as it just shows that the client cannot retrieve anything from AD. Is it able to get the information from the MP itself instead?
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2015 8:55am

Here is a section of LocationServices.log

Executing Task LSRefreshDefaultMPTask LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Failed to refresh security settings over AD with error 0x87d00215. LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Retrieved MP [xxx.xxx.com] from Registry LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Attempting to retrieve lookup MP(s) from AD LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
No lookup MP(s) from AD LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Attempting to retrieve lookup MP(s) from DNS LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Attempting to retrieve default management points from DNS LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Found DNS record of xxx.xxx.com port 80 LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Lookup Management Points from DNS: LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Name: xxx.xxx.com HTTPS: 'N' ForestTrust: 'N' LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Retrieved lookup MP(s) from DNS LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Attempting to retrieve site information from lookup MP(s) via HTTP LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
LSGetSiteInformationFromManagementPoint('PIS'): Assignment Site Code [PIS], Version [5.00.8239.1000], Capabilities [<Capabilities SchemaVersion="1.0"/>], Client Operational Settings [<ClientOperationalSettings><Version>5.00.8239.1000</Version><SecurityConfiguration><SecurityModeMask>0</SecurityModeMask><SecurityModeMaskEx>480</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><SiteSigningCert>308202FC308201E4A00302010202105993B6E1DB9311B64D248D2CB7B16001300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3135303632313136313734335A180F32313135303532393136313734335A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100B5C845B013C225005EF0A27CD12D72474E9ED3BC76113BA597E0D47C0C9681B9615EF93F95E63319BACD868EF16350FC2121F0CA272CE3A410BFD72160D062647EB70DCD94B2E9AD8D5E7498C314D61C7057EFE45F03911984FB595BDEB12DB8E86CCD6CCAF97A2F8C9FF8349E4C05E4AB8129C3B4423C7A55203CCCC43C48B7DCC25BC4337A96B0BEB34B13FC20053CC4E74EF75F49F2F1D4830AC126D5DAA3AA6A5470612C430166E829013215F686811F1636B6E755F752B265CCE2C46B52710AD6A6B2E4DD1C30E8215B26419EC503669C727A6B273B930C05C92117BF449F51910393256A1E3116D6D7EC452CEC59FCBEBF08FDC7CA4D131482A73C89910203010001A3443042302A0603551D1104233021821F5049533033434449565343434D30312E4344492E434449436F72702E6E657430140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B0500038201010001F8782FE71E4336403AFF70F1970F9A2B3A31F75D3871F2F2D6FDCD5F59364BD2F34C663D96E4132B575238BE234932E0A7F9A8FE5F1FBFF863FB1DE5C371D97137F095D13DEE28FAB0C1663240C15BE650DEFD6650DA204319FDE1EB3047C748CF888A62FA9C4468DBFFAE39E6EC001D6E1106F6E5A0BF0FBCB851076AAC030583001DA149291DF4E89290CFD78AE1B1133B909E55E4FAF065849C5AF9A4EF4E96341C0CE6982759FA0D0F95B76A2BAEEF7998DB627274B111D520D154CD07DFA0EBF23C0A1C47FE38458D4EEFB32D4C94300C6BFEC06B5AC07145BEA28EC84BEEB0ED1BB49581CA703F56F8A6E952CF83047C45E3E4B5DB1C2CAEAD6E1740</SiteSigningCert></SecurityConfiguration></ClientOperationalSettings>]. LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Refreshed security settings over MP LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
No security settings update detected. LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Executing Task LSMPCommSuccessTask LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Retrieved MP [xxx.xxx.com] from Registry LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Attempting to retrieve lookup MP(s) from AD LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
No lookup MP(s) from AD LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Attempting to retrieve lookup MP(s) from DNS LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Attempting to retrieve default management points from DNS LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Found DNS record of xxx.xxx.com port 80 LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Lookup Management Points from DNS: LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Name: xxx.xxx.com HTTPS: 'N' ForestTrust: 'N' LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Retrieved lookup MP(s) from DNS LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Reset assigned MP error count LocationServices 6/23/2015 8:57:57 AM 1284 (0x0504)
Unable to retrieve compatible MP(s) from AD LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Attempting to retrieve default management points from lookup MP(s) via HTTP LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Current AD site of machine is Default-First-Site-Name LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Default Management Points from MP: LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Name: xxx.xxx.com HTTPS: 'N' ForestTrust: 'N' LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Name: xxx.xxx.com HTTPS: 'N' ForestTrust: 'N' LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
LSUpdateInternetManagementPoints LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Current AD site of machine is Default-First-Site-Name LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
LSUpdateInternetManagementPoints: No internet MPs were retrieved from MP PIS03CDIVSCCM01.CDI.CDICorp.net, clearing previous list. LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Persisting the default management points in WMI LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Default Management Points from MP: LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Name: xxx.xxx.com HTTPS: 'N' ForestTrust: 'N' LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Name: xxx.xxx.com HTTPS: 'N' ForestTrust: 'N' LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Persisted Default Management Point Locations locally LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Current AD site of machine is Default-First-Site-Name LocationServices 6/23/2015 8:57:57 AM 3456 (0x0D80)
Attempting to retrieve local MPs from the assigned MP LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Current AD site of machine is Default-First-Site-Name LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Refreshing the Management Point List for site PIS LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Failed to retrieve MP certificate encryption info from AD. LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:9791BF07-90B6-42CE-BFE3-236E114ABA08";
 DateTime = "20150623125758.493000+000";
 HostName = "PIS03CDIVSCCM01.CDI.CDICorp.net";
 HRESULT = "0x00000000";
 ProcessID = 3428;
 StatusCode = 0;
 ThreadID = 3456;
};
 LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Refreshing trusted key information LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Failed to retrieve Root Site Code from AD with error 0x87d00215. LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:9791BF07-90B6-42CE-BFE3-236E114ABA08";
 DateTime = "20150623125758.555000+000";
 HostName = "xxx.xxx.com";
 HRESULT = "0x00000000";
 ProcessID = 3428;
 StatusCode = 0;
 ThreadID = 3456;
};
 LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Persisting the management point authentication information in WMI LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Persisted Management Point Authentication Information locally LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Current AD site of machine is Default-First-Site-Name LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Failed to retrieve MP certificate encryption info from AD. LocationServices 6/23/2015 8:57:58 AM 1284 (0x0504)
Current AD site of machine is Default-First-Site-Name LocationServices 6/23/2015 8:57:58 AM 3456 (0x0D80)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:9791BF07-90B6-42CE-BFE3-236E114ABA08";
 DateTime = "20150623125758.727000+000";
 HostName = "PIS03CDIVSCCM01.CDI.CDICorp.net";
 HRESULT = "0x00000000";
 ProcessID = 3428;
 StatusCode = 0;
 ThreadID = 1284;
};
 LocationServices 6/23/2015 8:57:58 AM 1284 (0x0504)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:9791BF07-90B6-42CE-BFE3-236E114ABA08";
 DateTime = "20150623125758.805000+000";
 HostName = "xxx.xxx.com";
 HRESULT = "0x00000000";
 ProcessID = 3428;
 StatusCode = 0;
 ThreadID = 1284;
};
 LocationServices 6/23/2015 8:57:58 AM 1284 (0x0504)
Attempting to refresh certificate information from AD LocationServices 6/23/2015 8:57:58 AM 1956 (0x07A4)
Failed to refresh certificate information from AD LocationServices 6/23/2015 8:57:58 AM 1956 (0x07A4)
Refreshing Certifcate Information over HTTP LocationServices 6/23/2015 8:57:58 AM 1956 (0x07A4)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:9791BF07-90B6-42CE-BFE3-236E114ABA08";
 DateTime = "20150623125758.883000+000";
 HostName = "xxx.xxx.com";
 HRESULT = "0x00000000";
 ProcessID = 3428;
 StatusCode = 0;
 ThreadID = 1956;
};
 LocationServices 6/23/2015 8:57:58 AM 1956 (0x07A4)
Refreshed Certificate Information over HTTP LocationServices 6/23/2015 8:57:58 AM 1956 (0x07A4)
Updating portal information. LocationServices 6/23/2015 8:57:58 AM 2884 (0x0B44)
Received reply of type PortalCertificateReply LocationServices 6/23/2015 8:57:59 AM 2884 (0x0B44)
The reply from location manager contains 1 certificates LocationServices 6/23/2015 8:57:59 AM 2884 (0x0B44)
Updating portal certificates LocationServices 6/23/2015 8:57:59 AM 2884 (0x0B44)
Successfully created context from the raw certificate. LocationServices 6/23/2015 8:57:59 AM 2884 (0x0B44)
Raising event:
instance of CCM_CcmHttp_Status
{
 ClientID = "GUID:9791BF07-90B6-42CE-BFE3-236E114ABA08";
 DateTime = "20150623125759.071000+000";
 HostName = "pis03cdivsccm02.CDI.CDICorp.net";
 HRESULT = "0x00000000";
 ProcessID = 3428;
 StatusCode = 0;
 ThreadID = 1284;
};
 LocationServices 6/23/2015 8:57:59 AM 1284 (0x0504)

June 23rd, 2015 9:12am

Looks good (given that xxx is the correct MP). What does ClientIDManagerStartup.log tell?
Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2015 9:27am

For some reason I cannot post the contents of the log file, here is a link to the log

http://1drv.ms/1K8gCx0

looks like WMI?

June 23rd, 2015 10:10am

Just to update this thread in case anyone else reads this.

After waiting over an hour the client is installed.  Other clients didn't take that long to install so I have no idea why this one did.

Thanks for all your help...

Free Windows Admin Tool Kit Click here and download it now
June 23rd, 2015 1:06pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics