SCCM client failing to install after windows 10 update

Question

SCCM client failing to install after windows 10 update

TravM 1

Hi,

We recently updated windows 10 devices to version 2004. After the windows update the sccm client on lot devices is failing to register. The client certificate is none, it should be on PKI. Clients are installing properly on new devices, no issue there. I have checked the Mpcontrol log and MP_Registration log, there is nothing there. The firewall is disabled.

I have reinstalled the client by completing removing the old client and the reg keys.
I have reset the WMI and repaired the WMI repository
I have reinstalled the MP
Tried installing client using Ccmsetup command line: ccmsetup.exe /runservice RESETKEYINFORMATION="TRUE" SMSSITECODE="XYZ"

Nothing seems to be working. The issue is only happening after the windows update.

Can't figure out what is causing this issue. If someone can point me in the right direction that will be very helpful.

Thanks,

Some logs:

ClientIDManagerStartup.log

Location Services.Log

CCmMessaging.Logs

1 answer

Your answer

Answer 1

HanyunZhu-MSFT 1,846 Microsoft External Staff

Hi @TravM ,

Thanks for posting in Microsoft Q&A forum.

It seems that we have done a lot of research and perform some troubleshooting steps to find the root cause.

According to the provided log picture, the error may be caused by that the client failed to communicate with management point.
We can try to uncheck the box from Site Properties which disable CRL check and check the log again.

If the error is still reported, we may need more information to move on. Since there's nothing wrong in mpcontrol.log, so that could you upload the complete LocationServices.log and CcmMessaging.log (with sensitive information masked), may be we can find some cause in the log file.

Thanks for your time.

If the response is helpful, please click "Accept Answer"and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

TravM 1 Reputation point

2021-06-23T04:42:37.017+00:00

Hi @HanyunZhu-MSFT ,

Thanks for your reply. Yes, I have unchecked clients check the CRL for the systems. I have reinstalled the client using parameters /NoCRLCheck /mp:smsmp01.contoso.com /logon SMSSITECODE=XZY on those devices but still having the same issue.

I was checking the logs in IIS and observed that these clients which are having this issue never send the " CCM_POST, /ccm_system_windowsauth/request, -, " request. I have attached the image of the IIS logs below.

I can see the client IP Address entery in MP_Location logs.
108379-mp-location.log
I have attached the LocationService log and CCMMessaging log.
108370-ccmmessaging.log

108436-locationservices.log

Thanks
HanyunZhu-MSFT 1,846 Reputation points Microsoft External Staff

2021-06-25T09:23:30.777+00:00

Hi,

Thanks for your update.

We may check the health of the management first. Open the Internet explorer and enter the following commands:
· http://<ServerName.FQDN>/sms_mp/.sms_aut?mplist
· http://<ServerName.FQDN>/sms_mp/.sms_aut?mpcert
For more details, please refer to this article:
https://www.enhansoft.com/how-to-test-your-mp-to-confirm-if-it-is-healthy/
(Note: This is not from MS, just for your reference.)

What's more, I found an article that have similar error with the log you provide, may be we can try it to troubleshooting:
https://www.syswow64.co.uk/2016/03/sccm-client-certificate-pki-value-is.html
(Note: This is not from MS, just for your reference.)
TravM 1 Reputation point

2021-06-27T04:32:30.163+00:00

HI,

Thanks for spending time on this.

Yes, I can access the mplist and mpcert after moving the SCCM Client Certificate to the personal user store in mmc.

I followed the instructions in the link that you shared. Devices don't have that reg key but I added It by running that script and restarted the SMS service few times, restarted the device. Still having the same issue.

I'm getting this error code 0x5, can't find anything about that on the internet.

Failed in WinHttpSendRequest API, ErrorCode = 0x5
TravM 1 Reputation point

2021-06-30T12:12:05.827+00:00

@HanyunZhu-MSFT ,

Okay, I joined one of those machine with faulty sccm client to my test SCCM environment. Assigned PKI cert, Installed the client and had the same issue.

Then I switched Sccm site, MP and DP on the test sccm server from https to http, and the client Installed successfully with the all action items.

It seems like the issue is on client side. Something has changed after the windows feature update.

Any idea why https might have stopped working after Windows update?

Thanks

Share via

SCCM client failing to install after windows 10 update

1 answer

Your answer