This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
We recently upgraded to MEMCM 2002. Around the same timeframe, we noticed applications that have the Primary User requirement and are deployed to a user collection are not installing on machines. This happens with existing machines and newly imaged machines.
After a machine is imaged, I can see other content downloading and installing without issue. It appears to only be those with Primary User defined.
We can confirm that Primary User is defined correctly and I can see in the logs that the app evaluates as being needed. The issue is that it can't download the content.
As a test, I copied an existing script and deployed it to my VM. As a new application, it installed just fine. We can't do that for every since application that we deploy though.
In the DTS logs, we see _BITS_SecureFailure error :
DTS job {42DEAEE9-CC04-4EB0-B7E8-B8B84ED70403} BITS job {C9BC7EE4-06F4-4F6C-9ECB-7AF0084ABE06} failed to download source file https://PrimarySite:443/SMS_MP/.sms_pol?ScopeId_AFAC600D-0DF9-4D76-BA45-FD94BFFE5A4A/RequiredApplication_a7b9da8e-e014-4bbd-9938-cc0860c7a0cc/VI/VS.SHA256:229A18F27A4824FDF4CFE57DE8EBC3DA54BC4E3D63B446779278632DD60682BF to destination C:\WINDOWS\CCM\Staging\ScopeId_AFAC600D-0DF9-4D76-BA45-FD94BFFE5A4A-RequiredApplication_a7b9da8e-e014-4bbd-9938-cc0860c7a0cc-VI-VS.4.00.tmp with error 0x80190193
Cache size isn't an issue. There is plenty of room, but as a test, I cleared the Cache. It didn't resolve the issue.
I have tried changing properties in the existing application so that it creates a new version. It still fails. I have tried replicating content and it still fails.
I can confirm that all DP's are replicating content correctly.
It isn't a connection to the PS, as I can put the URL into the browser and hit the IIS site.
WMI looks to be healthy.
Deployment Types look good. Requirement is set to Win 64-bit OS and Primary User.
The MP's are correct in the ClientLocation.log
Has anyone else run into this issue; especially after upgrading?
"As a test, I copied an existing script and deployed it to my VM. As a new application, it installed just fine."
If I'm reading this correctly, post-2002, if you make a new application with a primary user requirement; it works as expected. But apps which existed prior to upgrading to 2002; with the exact same requirements (as visible in the console) do not work like this new one does; when it looks like it should work fine.
My guess, and it's a pure guess, is that there is some policy change which is present in 2002 in the underlying code which gets correctly done when it's a 'new' thing; but older ones are not seeing it right.
You may need to engage Microsoft for this issue; to see if it's a bug and if it can be worked around with a scripted solution; or if the issue has already been corrected in 2006; and the recommendation is to upgrade to 2006.
Yes, you understood correctly. Thank you. We will take a look at our policies.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(281.6, 18%, 37%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ERA%3C/text%3E%3C/svg%3E)
I just wanted to come back and post the solution to my issue in the event someone else runs into the same issue.
The issue was our PKI cert on the machines. We were not using key encipherment for the key usage. According to the MS engineer, the updated clients now look at that setting in the cert. Once we issued a new cert with the key encipherment setting, user deployments started deploying correctly.