MECM 2103: New SCCM Clients failing to register

Question

MECM 2103 - Single Primary
Primary: Windows 2012 R2
MP: Windows 2019

We have a single Primary in USA with 3 MPs in USA and 3 MPs in UK
Newly imaged PCs in USA work well, but those in UK fail during client registration
PKI is not enabled
eHTTP is not applicable

Notes:
All 3 USA MP's work well
All 3 UK MPs fail

Verbose/Debug Logging enabled on MP
Deleted PC from console

PC:
MECM Applet in Control Panel:
Assigned MP is correctly populated
Client Certificate = NO
Actions: Only Machine Policy and User Policy
MPCert/List work fine
Client is not in provisioning mode
Stopped ccmexec; deleted smscfg.ini; deleted 2 SMS certs; restarted ccmexec
ClientIDManagerSetup.log: Loops with: Client registration is pending

MP:
MP_RegistrationManager.log (MP Reg: Did not find client public key. This may be because the client has not registered yet
Portquery from MP to Primary is OK for 445/135

Primary site: No entries for this GUID in any log in ccm\logs or c:\PF\ConfigMgr\Logs

PC not in console
GUID not in v_r_system, system_disc, system_data, ClientKeyData

--------------------------------

On MP: MP_RegistrationManager.log

--------------------------------

Processing Registration request from Client 'GUID:5E03DE97-8590-401E-95E9-2D066B325DB3' MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
Successfully created certificate context. MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
MP Reg: Successfully created context from the raw signing certificate. MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
Begin validation of Certificate [Thumbprint xxx] issued to 'SMS' MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
Completed validation of Certificate [Thumbprint xxx] issued to 'SMS' MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
User name: MyDomain\MyPC$ mapped to SID S-1-5-21-xxx by authority MyDomain. MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
MP Reg: Regisration request from 'MyDomain\MyPC$ S-1-5-21-xxx' Windows authenticated sender. MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
Successfully created certificate context. MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
MP Reg: Successfully created context from the raw encryption certificate. MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
Registration Signature: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
MP Reg: DDR written to [F:\SMS\mp\outboxes\rdr.box\XNVHQG3E.RDR] for Client [GUID:5E03DE97-8590-401E-95E9-2D066B325DB3] with identity [AD, S-1-5-21-xxx] Certificate Thumbprint [xxx] MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
Mp Reg: Reply message <ClientRegistrationResponse ResponseType="Registration" TimeStamp="2022-11-06T07:13:34Z" Status="1" SMSID="GUID:5E03DE97-8590-401E-95E9-2D066B325DB3" ApprovalStatus="0"/>
MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
MP Reg: Processing completed. Completion state = 0 MP_RegistrationManager 11/6/2022 7:13:34 AM 548 (0x0224)
MP Reg: Message ReplyTo : direct:dummy:dummy MP_RegistrationManager 11/6/2022 7:14:34 AM 4472 (0x1178)
MP Reg: Message Timeout : 0 MP_RegistrationManager 11/6/2022 7:14:34 AM 4472 (0x1178)
Parsing done. MP_RegistrationManager 11/6/2022 7:14:34 AM 4472 (0x1178)
GetClientPublicKeyImpl( szClientID, eCheckType, bGetDetails, ppKey, pulKeyLen, 0, 0, penumKeyType, penumAgentType, penumStatus, penumApprovalStatus, pbMissingKeyInfo, ppEncThumbprint, pulEncThumbprintLen, ppClientIdentity, pulClientIdentityLen, pbstrSelfSignedKey ), HRESULT=87d00238 (mpdatabase.cpp,414) MP_RegistrationManager 11/6/2022 7:14:35 AM 4472 (0x1178)
MP Reg: Did not find client(GUID:5E03DE97-8590-401E-95E9-2D066B325DB3) public key. This may be because the client has not registered yet. MP_RegistrationManager 11/6/2022 7:14:35 AM 4472 (0x1178)
Mp Reg: Reply message <ClientRegistrationResponse ResponseType="Confirmation" TimeStamp="2022-11-06T07:13:34Z" Status="1" ApprovalStatus="-1"/>
MP_RegistrationManager 11/6/2022 7:14:35 AM 4472 (0x1178)
MP Reg: Processing completed. Completion state = 0 MP_RegistrationManager 11/6/2022 7:14:35 AM 4472 (0x1178)
MP Reg: Message ReplyTo : direct:dummy:dummy MP_RegistrationManager 11/6/2022 7:15:35 AM 4472 (0x1178)
MP Reg: Message Timeout : 0 MP_RegistrationManager 11/6/2022 7:15:35 AM 4472 (0x1178)
Parsing done. MP_RegistrationManager 11/6/2022 7:15:35 AM 4472 (0x1178)
GetClientPublicKeyImpl( szClientID, eCheckType, bGetDetails, ppKey, pulKeyLen, 0, 0, penumKeyType, penumAgentType, penumStatus, penumApprovalStatus, pbMissingKeyInfo, ppEncThumbprint, pulEncThumbprintLen, ppClientIdentity, pulClientIdentityLen, pbstrSelfSignedKey ), HRESULT=87d00238 (mpdatabase.cpp,414) MP_RegistrationManager 11/6/2022 7:15:35 AM 4472 (0x1178)

Please advise how I can troubleshoot further - Thanks

Answer 1

A workaround seems to have just worked on 1 PC

After forcing a UK PC to use a USA MP (regedit -> ccm\AllowedMPs) - the client registered fine and is now green in console

checking further

Answer 2

How are you installing the agent? Are the computers waiting to be approved in the console by any chance?

Answer 3

Thanks Rahul for helping out

(1) Client Approval is set to "Automatically approve"
(2) ccmsetup.exe smssitecode=ABC RESETKEYINFO=TRUE