We are setting up a side by side upgrade of a SMS server to SCCM, Native mode enabled with Active Directory discovery enabled, no boundaries single site. AD has been extended.

AD has the following objects in the Systems Management container and this where I am thinking part of the problem is we are having, we need to keep the current SMS enviorment working during this upgrade, so if we were to remove the Server locator Point for the SMS server I am not sure if this would continue to work.

Name                                 Object type

SMS-MP-001-NESMS01     mSSMSManagementPoint

SMS-MP-002-NESCCM01  mSSMSManagementPoint

SMS-SLP-001-NESMS01   mSSMSServerLocatorPoint

SMS-Site-001                 mSSMSSite

SMS-Site-002                 mSSMSSite

When we attemt to install a client the following is in the log files of the Test PC I used, with a setup command line of ccmsetup SMSSITECODE=002 SMSCACHESIZE=2048, install completes, and site code is set correctly but does not show up in colllection as installed and is not receiving policies. Automatic discovery fails as well for the site code as well. This was a clean install not anupgrade of an existing client, that was to be next test.

If you need specific logs please let me know

From my Location Services log files of a test PC I used to test  client install

A Fallback Status Point has not been specified.  Message with STATEID='500' will not be sent. LocationServices 12/17/2010 2:27:38 PM 2784 (0x0AE0)
Processing pending site assignment. LocationServices 12/17/2010 2:27:38 PM 2784 (0x0AE0)
Assigning to site '002' LocationServices 12/17/2010 2:27:38 PM 2784 (0x0AE0)
LSVerifySiteVersion : Verifying Site Version for <002> LocationServices 12/17/2010 2:27:38 PM 2784 (0x0AE0)
LSGetSiteVersionFromAD : Successfully retrieved version '4.00.6487.0000' for site '002' LocationServices 12/17/2010 2:27:38 PM 2784 (0x0AE0)
LSVerifySiteVersion : Verified Client Version '4.00.6487.2000' is not greater than Site Version '4.00.6487.0000'. Client can be assigned to site <002>. LocationServices 12/17/2010 2:27:38 PM 2784 (0x0AE0)
Site and assignment sitecode match. Verifying site version LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
LSVerifySiteVersion : Verifying Site Version for <002> LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
LSGetSiteVersionFromAD : Successfully retrieved version '4.00.6487.0000' for site '002' LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
LSVerifySiteVersion : Verified Client Version '4.00.6487.2000' is not greater than Site Version '4.00.6487.0000'. Client can be assigned to site <002>. LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Retrieved Default Management Point from AD: domain.local LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Assigning to default Management Point 'domain.local' LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
A Fallback Status Point has not been specified.  Message with STATEID='700' will not be sent. LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Successfully processed pending site assignment. LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Unknown task LSProxyMPModificationTask in non-quarantine - ignoring. LocationServices 12/17/2010 2:27:39 PM 2816 (0x0B00)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Retrieved Default Management Point from AD: domain.local LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Persisting the default management point in WMI LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Failed to reset certificate request times. (0x80041002) LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Persisted Default Management Point Location locally LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Failed to reset certificate request times. (0x80041002) LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Current AD site of machine is NE LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Refreshing client operational settings over AD LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Refreshed security settings over AD LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Resyncing policy on mixed to native transition. LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Resetting last certificate request times on mode transition. LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Security settings update detected, restarting CcmExec. LocationServices 12/17/2010 2:27:39 PM 2784 (0x0AE0)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
Retrieved Default Management Point from AD: domain.local LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
Persisting the default management point in WMI LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
Persisted Default Management Point Location locally LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
Current AD site of machine is NE LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
Refreshing client operational settings over AD LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
Refreshed security settings over AD LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
No security settings update detected. LocationServices 12/17/2010 2:27:49 PM 2160 (0x0870)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
Current AD site of machine is NE LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
LSGetAssignedSiteFromAD : Trying to Assign to the Site <001> LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
LSVerifySiteVersion : Verifying Site Version for <001> LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
LSGetSiteVersionFromAD : Failed to retrieve version for the site '001' (0x80004005) LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
Attempting to retrieve SLPs from AD LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
Retrieved SLPs from AD LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
Mixed-mode style request to http://NESMS01/sms_slp/slp.dll?site&sc=001 cannot be fulfilled since mixed-mode fallback is disallowed. LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
LSGetSiteVersionFromSLP : No site version  returned from SLP for site <001> LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
LSVerifySiteVersion: Failed to get Site Version from AD and SLP LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
A Fallback Status Point has not been specified.  Message with STATEID='608' will not be sent. LocationServices 12/17/2010 2:30:07 PM 3240 (0x0CA8)
Current AD site of machine is NE LocationServices 12/17/2010 2:31:12 PM 464 (0x01D0)
LSGetAssignedSiteFromAD : Trying to Assign to the Site <001> LocationServices 12/17/2010 2:31:12 PM 464 (0x01D0)
LSVerifySiteVersion : Verifying Site Version for <001> LocationServices 12/17/2010 2:31:12 PM 464 (0x01D0)
LSGetSiteVersionFromAD : Failed to retrieve version for the site '001' (0x80004005) LocationServices 12/17/2010 2:31:13 PM 464 (0x01D0)
Attempting to retrieve SLPs from AD LocationServices 12/17/2010 2:31:13 PM 464 (0x01D0)
Retrieved SLPs from AD LocationServices 12/17/2010 2:31:13 PM 464 (0x01D0)
Mixed-mode style request to http://NESMS01/sms_slp/slp.dll?site&sc=001 cannot be fulfilled since mixed-mode fallback is disallowed. LocationServices 12/17/2010 2:31:13 PM 464 (0x01D0)
LSGetSiteVersionFromSLP : No site version  returned from SLP for site <001> LocationServices 12/17/2010 2:31:13 PM 464 (0x01D0)
LSVerifySiteVersion: Failed to get Site Version from AD and SLP LocationServices 12/17/2010 2:31:13 PM 464 (0x01D0)
Won't send a client assignment fallback status point message because the last assignment error matches this one. LocationServices 12/17/2010 2:31:13 PM 464 (0x01D0)
A Fallback Status Point has not been specified.  Message with STATEID='500' will not be sent. LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Processing pending site assignment. LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Assigning to site '002' LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
LSVerifySiteVersion : Verifying Site Version for <002> LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
LSGetSiteVersionFromAD : Successfully retrieved version '4.00.6487.0000' for site '002' LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
LSVerifySiteVersion : Verified Client Version '4.00.6487.2000' is not greater than Site Version '4.00.6487.0000'. Client can be assigned to site <002>. LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Assigning to default Management Point 'NESCCM01.domain.local' LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
A Fallback Status Point has not been specified.  Message with STATEID='700' will not be sent. LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Successfully processed pending site assignment. LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Downloading Site Signing certificate. LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Refreshing Site Signing Certificate over AD LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Successfully stored new site signing certificate... LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Name      : The site code of this site server is 002 LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Sha1 Hash : F1B74BA6A0C8E89EF13084C89410A07C44AD5E95 LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Valid From: 2010-06-01, 15:50 LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Valid To  : 2012-05-31, 15:50 LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Refreshed Site Signing Certificate over AD LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Persisting the default management point in WMI LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Persisted Default Management Point Location locally LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Failed to reset certificate request times. (0x80041002) LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 2:33:42 PM 3580 (0x0DFC)
Current AD site of machine is NE LocationServices 12/17/2010 2:33:43 PM 3580 (0x0DFC)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 2:33:43 PM 3580 (0x0DFC)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 2:33:43 PM 3580 (0x0DFC)
Refreshing client operational settings over AD LocationServices 12/17/2010 2:33:43 PM 3580 (0x0DFC)
Refreshed security settings over AD LocationServices 12/17/2010 2:33:43 PM 3580 (0x0DFC)
No security settings update detected. LocationServices 12/17/2010 2:33:43 PM 3580 (0x0DFC)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Persisting the default management point in WMI LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
Persisting the default management point in WMI LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
Persisted Default Management Point Location locally LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Persisted Default Management Point Location locally LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
Current AD site of machine is NE LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Refreshing client operational settings over AD LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Refreshed security settings over AD LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
No security settings update detected. LocationServices 12/17/2010 2:43:42 PM 3972 (0x0F84)
Current AD site of machine is NE LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
Refreshing client operational settings over AD LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
Refreshed security settings over AD LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
No security settings update detected. LocationServices 12/17/2010 2:43:42 PM 3580 (0x0DFC)
A Fallback Status Point has not been specified.  Message with STATEID='500' will not be sent. LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Processing pending site assignment. LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Assigning to site '002' LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
LSVerifySiteVersion : Verifying Site Version for <002> LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
LSGetSiteVersionFromAD : Successfully retrieved version '4.00.6487.0000' for site '002' LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
LSVerifySiteVersion : Verified Client Version '4.00.6487.2000' is not greater than Site Version '4.00.6487.0000'. Client can be assigned to site <002>. LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Assigning to default Management Point 'NESCCM01.domain.local' LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
A Fallback Status Point has not been specified.  Message with STATEID='700' will not be sent. LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Successfully processed pending site assignment. LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Downloading Site Signing certificate. LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Refreshing Site Signing Certificate over AD LocationServices 12/17/2010 2:50:33 PM 2448 (0x0990)
Successfully stored new site signing certificate... LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Name      : The site code of this site server is 002 LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Sha1 Hash : F1B74BA6A0C8E89EF13084C89410A07C44AD5E95 LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Valid From: 2010-06-01, 15:50 LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Valid To  : 2012-05-31, 15:50 LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Refreshed Site Signing Certificate over AD LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Persisting the default management point in WMI LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Persisted Default Management Point Location locally LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Failed to reset certificate request times. (0x80041002) LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Current AD site of machine is NE LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Refreshing client operational settings over AD LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Refreshed security settings over AD LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Security settings update detected, restarting CcmExec. LocationServices 12/17/2010 2:50:34 PM 2448 (0x0990)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 2:50:43 PM 3288 (0x0CD8)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
Current AD site of machine is NE LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
LSGetAssignedSiteFromAD : Trying to Assign to the Site <001> LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
LSVerifySiteVersion : Verifying Site Version for <001> LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
LSGetSiteVersionFromAD : Failed to retrieve version for the site '001' (0x80004005) LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
Attempting to retrieve SLPs from AD LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
Retrieved SLPs from AD LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
Mixed-mode style request to http://NESMS01/sms_slp/slp.dll?site&sc=001 cannot be fulfilled since mixed-mode fallback is disallowed. LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
LSGetSiteVersionFromSLP : No site version  returned from SLP for site <001> LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
LSVerifySiteVersion: Failed to get Site Version from AD and SLP LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
A Fallback Status Point has not been specified.  Message with STATEID='608' will not be sent. LocationServices 12/17/2010 2:52:25 PM 2316 (0x090C)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 3:00:44 PM 3288 (0x0CD8)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 3:10:44 PM 3288 (0x0CD8)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 3:20:44 PM 3288 (0x0CD8)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 3:30:44 PM 3288 (0x0CD8)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 3:40:44 PM 3288 (0x0CD8)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 3:50:44 PM 3288 (0x0CD8)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 4:00:44 PM 3288 (0x0CD8)
Attempting to retrieve default management point from AD LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Persisting the default management point in WMI LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Persisted Default Management Point Location locally LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Attempting to retrieve local MP from AD LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Current AD site of machine is NE LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Refreshing client operational settings over AD LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
Current AD site of machine is NE LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSGetAssignedSiteFromAD : Trying to Assign to the Site <001> LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSVerifySiteVersion : Verifying Site Version for <001> LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSGetSiteVersionFromAD : Failed to retrieve version for the site '001' (0x80004005) LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
Attempting to retrieve SLPs from AD LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
Retrieved SLPs from AD LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
Mixed-mode style request to http://NESMS01/sms_slp/slp.dll?site&sc=001 cannot be fulfilled since mixed-mode fallback is disallowed. LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSGetSiteVersionFromSLP : No site version  returned from SLP for site <001> LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSVerifySiteVersion: Failed to get Site Version from AD and SLP LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
A Fallback Status Point has not been specified.  Message with STATEID='608' will not be sent. LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)

(0x0CD8)
Refreshed security settings over AD LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
No security settings update detected. LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
Current AD site of machine is NE LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSGetAssignedSiteFromAD : Trying to Assign to the Site <001> LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSVerifySiteVersion : Verifying Site Version for <001> LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSGetSiteVersionFromAD : Failed to retrieve version for the site '001' (0x80004005) LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
Attempting to retrieve SLPs from AD LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
Retrieved SLPs from AD LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
Mixed-mode style request to http://NESMS01/sms_slp/slp.dll?site&sc=001 cannot be fulfilled since mixed-mode fallback is disallowed. LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSGetSiteVersionFromSLP : No site version  returned from SLP for site <001> LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
LSVerifySiteVersion: Failed to get Site Version from AD and SLP LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)
A Fallback Status Point has not been specified.  Message with STATEID='608' will not be sent. LocationServices 12/17/2010 4:12:40 PM 916 (0x0394)

ReplyQuotePropose As AnswerEditDelete

Do you have any Native mode clients working or are the all doing this?

Do the logs show anything else (clientlocation,  ClientIDManagerStartup.log)

Obviously it is communicating (or attempting to) it knows the MP, so I have to assume you have a valid cert.  I just looks like it truely isn't in native mode for some reason.  Check the cert on the machine just to be sure

Get your boundaries worked out, even if it is for just this one machine, check the MP to make sure it is working correctly

Also what is your command line for installing the client?

Do you have any Native mode clients working or are the all doing this?      Not yet this was the 1st one I did as a test. We are upgrading from SMS 2003, the old server is still in place and functioning.

The SLP record for SMS 2003 is still in AD, if we remove this I am not sure if this will cause an issue with the current clients till the upgrade is complete.

This is the portion of the log I see the problem

Current AD site of machine is NE LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/17/2010 4:10:44 PM 3288 (0x0CD8)

New Server running SCCM is NESCCM01 with a site code of 002, old server with SMS is NESMS01 and a site code of 001. This is a single site Native mode using AD System Discovery, which had no problem with Discovery of PC's, AD has been extended for SCCM. system group discovery is not discovering groups seperate issue and was going to post that seperately.

There are no boundaries set on either server, this is a singe site with all roles on each server.

This is the command line I used ccmsetup SMSSITECODE=002 SMSCACHESIZE=2048

Thanks for your help

Steve

 

you should keep your boundaries intact so they don't overlap.  You can see it is finding the old site as it's intended primary.  At least add a boundary to include the ip address of this new machine and the site server/mp for the native mode site.

you should use the /native switch when installing. Granted if you don't the client should figure out that it is a native mode site and flip over but you need to verify this.  Have you verified the correct Computer Cert on the client machine?

No boundaries were ever set on either server, so I did not think there would be overlap. the /native switch from what I read on this is used when you have computers in another forest or workgroup, I did try that as well and this did not work either.

Last place I working at was mixed mode and as far as I know no certs were needed, and I am new to Native mode. To verify Certs on the client this is under the Certificate MMC?

Sorry but have never had to trace down certs.

Yes, you will load the MMC and look under the personal Store.  You should have a computer Certificate

http://technet.microsoft.com/en-us/library/bb680733.aspx

 

Making progress

My mistake on Boundaries, not seeing them under the Site Settings in SMS made me think they were not setup. I configured a Boundary for this PC specificly and I was able to discover the SCCM site. The Cert is showing as the old SMS server, ending characters for cert are 001. 

Latest Location Services Log entries since rerun of ccmsetup

 

Attempting to retrieve default management point from AD LocationServices 12/23/2010 9:12:32 AM 2116 (0x0844)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
Persisting the default management point in WMI LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
Persisted Default Management Point Location locally LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
Attempting to retrieve local MP from AD LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
Current AD site of machine is NE LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
Refreshing client operational settings over AD LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
Refreshed security settings over AD LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
No security settings update detected. LocationServices 12/23/2010 9:12:34 AM 2116 (0x0844)
A Fallback Status Point has not been specified.  Message with STATEID='500' will not be sent. LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Processing pending site assignment. LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Assigning to site '002' LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
LSVerifySiteVersion : Verifying Site Version for <002> LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
LSGetSiteVersionFromAD : Successfully retrieved version '4.00.6487.0000' for site '002' LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
LSVerifySiteVersion : Verified Client Version '4.00.6487.2000' is not greater than Site Version '4.00.6487.0000'. Client can be assigned to site <002>. LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Attempting to retrieve default management point from AD LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Assigning to default Management Point 'NESCCM01.domain.local' LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
A Fallback Status Point has not been specified.  Message with STATEID='700' will not be sent. LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Successfully processed pending site assignment. LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Downloading Site Signing certificate. LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Refreshing Site Signing Certificate over AD LocationServices 12/23/2010 9:20:58 AM 2196 (0x0894)
Successfully stored new site signing certificate... LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Name      : The site code of this site server is 002 LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Sha1 Hash : F1B74BA6A0C8E89EF13084C89410A07C44AD5E95 LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Valid From: 2010-06-01, 15:50 LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Valid To  : 2012-05-31, 15:50 LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Refreshed Site Signing Certificate over AD LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Attempting to retrieve default management point from AD LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Persisting the default management point in WMI LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Persisted Default Management Point Location locally LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Failed to reset certificate request times. (0x80041002) LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Attempting to retrieve local MP from AD LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Current AD site of machine is NE LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Refreshing client operational settings over AD LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
Refreshed security settings over AD LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
No security settings update detected. LocationServices 12/23/2010 9:20:59 AM 2196 (0x0894)
DhcpGetOriginalSubnetMask entry point not supported. LocationServices 12/23/2010 9:23:06 AM 2840 (0x0B18)
Current AD site of machine is NE LocationServices 12/23/2010 9:23:06 AM 2840 (0x0B18)
This client might be within the boundaries of more than one site - AD SiteCode search matched 2 entries LocationServices 12/23/2010 9:23:07 AM 2840 (0x0B18)
The client will be assigned to the first valid site LocationServices 12/23/2010 9:23:07 AM 2840 (0x0B18)
LSGetAssignedSiteFromAD : Trying to Assign to the Site <002> LocationServices 12/23/2010 9:23:07 AM 2840 (0x0B18)
LSVerifySiteVersion : Verifying Site Version for <002> LocationServices 12/23/2010 9:23:07 AM 2840 (0x0B18)
LSGetSiteVersionFromAD : Successfully retrieved version '4.00.6487.0000' for site '002' LocationServices 12/23/2010 9:23:07 AM 2840 (0x0B18)
LSVerifySiteVersion : Verified Client Version '4.00.6487.2000' is not greater than Site Version '4.00.6487.0000'. Client can be assigned to site <002>. LocationServices 12/23/2010 9:23:07 AM 2840 (0x0B18)
Attempting to retrieve default management point from AD LocationServices 12/23/2010 9:30:58 AM 2196 (0x0894)
Retrieved Default Management Point from AD: NESCCM01.domain.local LocationServices 12/23/2010 9:30:58 AM 2196 (0x0894)
Persisting the default management point in WMI LocationServices 12/23/2010 9:30:58 AM 2196 (0x0894)
Persisted Default Management Point Location locally LocationServices 12/23/2010 9:30:58 AM 2196 (0x0894)
Attempting to retrieve local MP from AD LocationServices 12/23/2010 9:30:58 AM 2196 (0x0894)
Current AD site of machine is NE LocationServices 12/23/2010 9:30:59 AM 2196 (0x0894)
Retrieved local Management Point from AD: NESMS01 LocationServices 12/23/2010 9:30:59 AM 2196 (0x0894)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. LocationServices 12/23/2010 9:30:59 AM 2196 (0x0894)
Refreshing client operational settings over AD LocationServices 12/23/2010 9:30:59 AM 2196 (0x0894)
Refreshed security settings over AD LocationServices 12/23/2010 9:30:59 AM 2196 (0x0894)
No security settings update detected. LocationServices 12/23/2010 9:30:59 AM 2196 (0x0894)

 

So it looks like it is assigning to the correct site now.  Give it time to sync up and then check the Actions panel to see if you have all the actions on the client.  Then refresh the console to show that it is assigned.  Look at the ClientIDManagerStartup.log to make sure it regeisted correctly.

Yes getting right site code, Under the Actions Tab only 2 items showing up

Machine Policy Retrieval & Evaluation Cycle

User Policy Retrieval and Evalaution Cycle

Components all show installed and nothing is enabled as of yet.

Recent portion of ClientIDManagerStartup.log

 There are no certificates in the 'MY' store. ClientIDManagerStartup 12/23/2010 10:00:55 AM 2196 (0x0894)
Raising event:

instance of CCM_ServiceHost_CertRetrieval_Status
{
 DateTime = "20101223150055.718000+000";
 HRESULT = "0x80040280";
 ProcessID = 1500;
 ThreadID = 2196;
};
 ClientIDManagerStartup 12/23/2010 10:00:55 AM 2196 (0x0894)
Already refreshed within the last 10 minutes, Sleeping for the next 9 minutes before reattempt. ClientIDManagerStartup 12/23/2010 10:00:55 AM 2196 (0x0894)
RegTask: Failed to get certificate. Error: 0x80040280 ClientIDManagerStartup 12/23/2010 10:04:37 AM 2196 (0x0894)
Error initializing client registration (0x80040222). ClientIDManagerStartup 12/23/2010 10:04:37 AM 2196 (0x0894)
Initializing native mode registration renewal. ClientIDManagerStartup 12/23/2010 10:06:19 AM 3980 (0x0F8C)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. ClientIDManagerStartup 12/23/2010 10:06:19 AM 3980 (0x0F8C)
Succesfully intialized registration renewal. ClientIDManagerStartup 12/23/2010 10:06:19 AM 3980 (0x0F8C)
RegTask - Executing registration task synchronously. ClientIDManagerStartup 12/23/2010 10:06:19 AM 3980 (0x0F8C)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. ClientIDManagerStartup 12/23/2010 10:06:19 AM 3980 (0x0F8C)
There are no certificates in the 'MY' store. ClientIDManagerStartup 12/23/2010 10:06:19 AM 3980 (0x0F8C)
Raising event:

instance of CCM_ServiceHost_CertRetrieval_Status
{
 DateTime = "20101223150619.818000+000";
 HRESULT = "0x80040280";
 ProcessID = 3956;
 ThreadID = 3980;
};
 ClientIDManagerStartup 12/23/2010 10:06:19 AM 3980 (0x0F8C)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. ClientIDManagerStartup 12/23/2010 10:06:20 AM 3980 (0x0F8C)
There are no certificates in the 'MY' store. ClientIDManagerStartup 12/23/2010 10:06:20 AM 3980 (0x0F8C)
Raising event:

instance of CCM_ServiceHost_CertRetrieval_Status
{
 DateTime = "20101223150620.208000+000";
 HRESULT = "0x80040280";
 ProcessID = 3956;
 ThreadID = 3980;
};
 ClientIDManagerStartup 12/23/2010 10:06:20 AM 3980 (0x0F8C)
RegTask: Failed to get certificate. Error: 0x80040280 ClientIDManagerStartup 12/23/2010 10:06:20 AM 3980 (0x0F8C)
RegTask: Initial backoff interval: 1 minutes ClientIDManagerStartup 12/23/2010 10:06:21 AM 3980 (0x0F8C)
RegTask: Reset backoff interval: 257 minutes ClientIDManagerStartup 12/23/2010 10:06:21 AM 3980 (0x0F8C)
The 'Certificate Store' is empty in the registry, using default store name 'MY'. ClientIDManagerStartup 12/23/2010 10:06:21 AM 3980 (0x0F8C)
There are no certificates in the 'MY' store. ClientIDManagerStartup 12/23/2010 10:06:21 AM 3980 (0x0F8C)
Raising event:

instance of CCM_ServiceHost_CertRetrieval_Status
{
 DateTime = "20101223150621.223000+000";
 HRESULT = "0x80040280";
 ProcessID = 3956;
 ThreadID = 3980;
};
 ClientIDManagerStartup 12/23/2010 10:06:21 AM 3980 (0x0F8C)
Already refreshed within the last 10 minutes, Sleeping for the next 9 minutes before reattempt. ClientIDManagerStartup 12/23/2010 10:06:21 AM 3980 (0x0F8C)

RegTask: Failed to get certificate. Error

The 'Certificate Store' is empty in the registry, using default store name 'MY'. ClientIDManagerStartup 12/23/2010 10:06:21 AM 3980 (0x0F8C)
There are no certificates in the 'MY' store

 

You don't have a client certificate.  Verify by opening the MMC and loading the Certificates section.  Review the PKI link I have above and make sure your GPO is set to push the Client Certificate out.  If you have all this setup then force a Group Policy update and then wait and restart the machine.

 

Group policy is not pushing cert, the admin before me was provided a cert, which he added to the server, when looking at the properties of the cert I cannot find anything that relates to that server or the other one.

Under certificates in the SCCM console I have Boot Media, PXE, and ISV Proxy. Boot Media is the only one that has a reference to this server, which is probably for OS Deployment.

I also had the group that created the cert check for additional certs for the SMS server and there were none.

Also for the Certs that are installed 1.3.6.1.4.1.311.101 SMS Signing Certificate 1.3.6.1.4.1.311.101.2 SMS Encryption Certificate Expiration is not for another 100 years so that should not be problem

All computers/server  that will have a client will need to have a computer client Certificate.

http://technet.microsoft.com/en-us/library/bb694041.aspx

This is different from the Site Signing Cert, Web cert, OSD deploy cer and PXE cert.

At the bottom of this document  http://technet.microsoft.com/en-us/library/cc872789.aspx  It gives you in structions on how to setup the client cert and deploy it via GPO or login script.

The client that is installed should have a Certificate in the Personal Store marked "Client Authentication".  Intended purpose,

Client Authentication (1.3.6.1.5.5.7.3.2) /  Server Authentication (1.3.6.1.5.5.7.3.1)

Certificate type: Computer

Theses are the current certs installed on the site server

SMS Encryption Certificate 1.3.6.1.4.311.101.2
SMS Signing Certificate    1.3.6.1.4.311.101

They do not match what you provided I should have. Not sure if it makes a difference but the SCCM server is a 2008 server, the Certificate Authority is a 2003 server. The above certs are what is in cert store on the SCCM server.

For the properties in Site Mode I have 4 certs listed

1.   Ensures the identity of a remote computer

2.   Ensures the identity of a remote computer

     Proves your identity to a remote computer

3. Proves your identity to a remote computer

   Ensures the identity of a remote computer

4.  Document Signing

Also the certs you specified are included the under site mode properties, I installed them, after installing and imported on the client for Client/server authentication  and the install still fails

Or as it seems looking at the workflow on the page you sent it was done incorrectly

These are the details of the certs

Ensures the identity of a remote computer

Enhanced Key properties: Server Authentication (1.3.6.1.5.5.7.3.1)

Ensures the identity of a remote computer
Proves your identity to a remote computer

Enhanced Key properties: Server Authentication (1.3.6.1.5.5.7.3.1)
                         Client Authentication (1.3.6.1.5.5.7.3.2)

Proves your identity to a remote computer
Ensures the identity of a remote computer

Enhanced Key properties: Client Authentication (1.3.6.1.5.5.7.3.2)
                         Server Authentication (1.3.6.1.5.5.7.3.1)

I do not have a cert that shows intended purpose Client Authentication by itself and by the workflow you sent I think this part was missed (Step 10)

In the Edit Application Policies Extension dialog box, select Client Authentication, press Shift and select Server Authentication, and then click Remove.

The person I need to talk to is out today, so I will not be able to update till they come in next week.

 

Another part I just noticed after clicking install for those certs I now have an exclamation mark on the site properties stating it cannot find a certificate that matches the Thumbprint.

If you could let me know about that it would be appreciated.

You shouldn't have to install any of the certs, if they are in your personal Store, with the appropriate extensions then you should be good.

The only cert on the Client should be a Computer cert.  Have you verified this?

See if this guide steps you through your certificates and shows you what you are lacking

http://msaadexpert.googlepages.com/SCCM_NativeMode.pdf

 

 

As it seems the certs were not created correctly, I do not have a cert that shows Client Authentication by itself just Client Authentication/Server Authentication. So as I said above when the cert was created I think they skipped step 10, and did not remove server authentication when creating the template.

The certs I listed above are what I had on the server, but when I thought I was doing what I needed to get this to work by clicking install they have dissappeared and I am trying to find out how to recover them.

Tested on SCCM 2012 R2 SP1

It does seems that client certificate HAS TO HAVE Client Authentication (but not ONLY by itself)

Default domain certificate (Computer) does have both Client Authentication/Server Authentication which is accepted by SCCM.

Anybody could confirm?

Seb

• Edited by scerazy 18 hours 10 minutes ago

Tested on SCCM 2012 R2 SP1

It does seems that client certificate HAS TO HAVE Client Authentication (but not ONLY by itself)

Default domain certificate (Computer) does have both Client Authentication/Server Authentication which is accepted by SCCM.

Anybody could confirm?

Seb

• Edited by scerazy Monday, August 24, 2015 1:29 PM

Tested on SCCM 2012 R2 SP1

It does seems that client certificate HAS TO HAVE Client Authentication (but not ONLY by itself)

Default domain certificate (Computer) does have both Client Authentication/Server Authentication which is accepted by SCCM.

Anybody could confirm?

Seb

• Edited by scerazy Monday, August 24, 2015 1:29 PM

Tested on SCCM 2012 R2 SP1

It does seems that client certificate HAS TO HAVE Client Authentication (but not ONLY by itself)

Default domain certificate (Computer) does have both Client Authentication/Server Authentication which is accepted by SCCM.

Anybody could confirm?

Seb

• Edited by scerazy Monday, August 24, 2015 1:29 PM