question

klin74-4704 avatar image
0 Votes"
klin74-4704 asked HanyunZhu-MSFT commented

MEM clients go offline after Altiris / Symantec Management Agent get uninstalled

MEM clients go offline after Altiris / Symantec Management Agent get uninstalled
Uninstall Symantec Management Agent, refresh client in Microsoft Endpoint Configuration Manager console and the client immediately goes offline.

Client re-install error
Unable to find any Certificate based on Certificate Issuers
Failed to get client certificate for transportation. Error 0x87d00215


GetDirectoryList failed with a non-recoverable failure, 0x87d00454 )
Failed to get directory list from 'HTTPS://site server name/CCM_Client'. Error 0x87d00454
Failed to correctly receive a WEBDAV HTTPS request.. (StatusCode at WinHttpQueryHeaders: 0) and StatusText: '' )
Failed to check url HTTPS://site server name/CCM_Client/ccmsetup.cab. Error 0x80004005
Accessing the URL 'HTTPS://site server name/CCM_Client/ccmsetup.cab' failed with 80004005
Checking the URL 'HTTPS://site server name/CCM_Client/ccmsetup.cab'
IsSslClientAuthEnabled - Determining provisioning mode state failed with 80070002. Defaulting to state of 63.
MapNLMCostDataToCCMCost() returning Cost 0x1 )
Failed to connect to machine policy namespace. 0x8004100e
Client is on internet
Client is set to use webproxy if available.
IsSslClientAuthEnabled - Determining provisioning mode state failed with 80070002. Defaulting to state of 63.


Site server properties are set
HTTPS only
Use PKI cert box checked
Root CA specified.




mem-cm-general
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

GarthJones-MVP avatar image
0 Votes"
GarthJones-MVP answered

Did you look to see if there are still certs on the computer or does the Symantec Management Agent uninstall remove them?

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

klin74-4704 avatar image
0 Votes"
klin74-4704 answered

Certificates - Local Computer\Personal\Certificates
Issued by: (Nameofcompany)IssueCA01
Valid from 9/4/202 to 9/4/2021

5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HanyunZhu-MSFT avatar image
0 Votes"
HanyunZhu-MSFT answered

@klin74-4704

Thanks for posting in Microsoft Q&A forum.

First, you can check whether the client agent is running normally by using task manager: In the Details tab, the status of CcmExec.exe is running.
87692-1.png
Then you may need to check the certificates again, in order to confirm if the certificates are met the following requirments:
1) In the Issure and subject, at least one should contain the client's computer name.
87693-2.png 87694-3.png
2) In the Enhanced key usage, it should contain Client Authentication.
87666-4.png

If the above requirements are met, it is suggested to share the locationservice.log which sensitive information has been masked. More reasons that cause the client goes offline may can be found in the log.


If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.









1.png (86.9 KiB)
2.png (29.9 KiB)
3.png (32.6 KiB)
4.png (33.7 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

klin74-4704 avatar image
0 Votes"
klin74-4704 answered

Name PID Status User name CPU Memory (active private working set) UAC virtualization
CcmExec.exe 13956 Running SYSTEM 00 16,076 K Not allowed


87774-mem-cert.png


87767-image.png


87677-image.png



mem-cert.png (8.1 KiB)
image.png (16.7 KiB)
image.png (7.1 KiB)
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

HanyunZhu-MSFT avatar image
0 Votes"
HanyunZhu-MSFT answered

@klin74-4704

Thanks for posting in Microsoft Q&A forum.

There may have a problem with the fast notification communication channel.

To confirm the client is communicating to the management point properly, you can check the following logs:
1) On the client: through the path C:\Windows\CCM\Logs
Check LocationService.log to find the management point.
Check CcmNotificationAgent.log & CCMMessaging.log to find there's any error of MP communication noted.
2) On management point: throuth the path C:\Program Files\Microsofft Configuration Manager\Logs
Check BgbServer.log if it shows any warning about notification server.

For more details of client notification, here are two article for reference:
https://www.anoopcnair.com/overview-client-online-status-sccm-console/
https://www.anoopcnair.com/troubleshoot-sccm-fast-channel-push-notification-issues/
Note: These are not from MS, just for your reference.

Or you can upload the logs after masking the sensitive information to review.

Hope the above information can help you.


If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

klin74-4704 avatar image
0 Votes"
klin74-4704 answered HanyunZhu-MSFT commented

Resolved. Uninstall of Symantec Management Agent removed most of the Trusted Certs. Used GPO to import certs back.

· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi,

Thank you very much for your feedback and sharing. We're glad that the question is solved now. It may help others who have similar issue with you. If you have any questions in future, we welcome you to post in Microsoft Q&A forum again.

Have a nice day!

Best Regards,
Alan

0 Votes 0 ·