connection from SCCM server to clients failed Probably a problem with the certificate

קרץ מנחם 26 Reputation points
2022-03-15T11:59:23.803+00:00

this is the ccm log on one of the client machines:

==========[ ccmsetup started in process 6068 ]========== ccmsetup 15/03/2022 13:25:48 8060 (0x1F7C)
Running on platform X64 ccmsetup 15/03/2022 13:25:48 8060 (0x1F7C)
Detected client installed with version '' ccmsetup 15/03/2022 13:25:48 8060 (0x1F7C)
Updated security on object C:\WINDOWS\ccmsetup\cache. ccmsetup 15/03/2022 13:25:48 8060 (0x1F7C)
Launch from folder C:\WINDOWS\ccmsetup\ ccmsetup 15/03/2022 13:25:48 8060 (0x1F7C)
CcmSetup version: 5.0.9068.1008 ccmsetup 15/03/2022 13:25:48 8060 (0x1F7C)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 15/03/2022 13:25:48 8060 (0x1F7C)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 15/03/2022 13:25:48 8060 (0x1F7C)
In ServiceMain ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
Folder 'Microsoft\Microsoft\Configuration Manager' not found. Task does not exist. ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
[TECH-MENACHEM] Running on 'Microsoft Windows 10 Enterprise' (10.0.19043). Service Pack (0.0). SuiteMask = 272. Product Type = 18 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
Ccmsetup command line: "C:\WINDOWS\ccmsetup\ccmsetup.exe" /runservice /ForceInstall /ignoreskipupgrade /config:MobileClient.tcf ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
Command line parameters for ccmsetup have been specified. No registry lookup for command line parameters is required. ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
SslState value: 224 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
CCMHTTPPORT: 80 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
CCMHTTPSPORT: 443 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
CCMHTTPSSTATE: 1216 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
CCMHTTPSCERTNAME: ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
FSP: ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
CCMCERTSTORE: MY ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
CCMFIRSTCERT: 1 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
CCMPKICERTOPTIONS: 1 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
MANAGEDINSTALLER: 0 ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
HTTPS is enforced for Client. The current state is 63. ccmsetup 15/03/2022 13:25:48 18200 (0x4718)
Signing Certificate is not available in the store ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Begin searching client certificates based on Certificate Issuers ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Completed searching client certificates based on Certificate Issuers ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Begin to select client certificate ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
14 certificate(s) found in the 'MY' certificate store. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
The 'MY' of 'Local Computer' store has 14 certificate(s). Using custom selection criteria based on the machine name. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Machine name is 'tech-menachem.myDomian.com'. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
There are no certificate(s) that meet the criteria. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Performing search that includes SAN2 extensions... ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint F218A2B2F6D5F68E48472300D151013D55F15036] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint EED86BFCA18018E4ED0CC447A653EB2900C687AD] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint E8D10ABBB3522E621B4C7E1416BB3663AE5F505E] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint E8A7470D03BC220FB06D71F0309C56FA0E7463B2] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint D3AB3D64DDB624B4F889DFA091D53BF162B50184] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint C1C88F4A9722B03992D1EF54C9968B23AA9EC9C7] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint A5E83B69597B77832E02C7AF69B44AB5D094DE1C] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 977A5EAFFAE2E93196FBF67006D128C3F897F48D] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 7EFDB1538DBBF1159F5DEA493D922246890FB473] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 792A65941F29C34EB34CB9CF565281642F86890A] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 78AC3E30D3D7ACC4D0C4D60FDDBC289C669BB9E4] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 4E327AA72F353B80B2EC91D3EF17AE68689DF1D0] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 38FB188D9C7DA555EA66A36912C6BFBDA0BB5F37] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 3447CA580D82F8A6DC3778F7789CD725CF8264AE] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Using custom selection criteria based on the machine NetBIOS name. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Machine name is 'TECH-MENACHEM'. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
There are no certificate(s) that meet the criteria. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to read assigned site code from registry. Error code = 0x80070002 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Unable to load profiler: 0x80070002 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Performing AD query: '(&(ObjectCategory=mSSMSManagementPoint)(mSSMSDefaultMP=TRUE)(mSSMSSiteCode=770))' ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
OperationalXml '<ClientOperationalSettings><Version>5.00.9068.1000</Version><SecurityConfiguration><SecurityModeMask>1024</SecurityModeMask><SecurityModeMaskEx>1216</SecurityModeMaskEx><HTTPPort>80</HTTPPort><HTTPSPort>443</HTTPSPort><CertificateStoreName></CertificateStoreName><CertificateIssuers></CertificateIssuers><CertificateSelectionCriteria></CertificateSelectionCriteria><CertificateSelectFirstFlag>1</CertificateSelectFirstFlag><PKICertOptions>1</PKICertOptions><SiteSigningCert>308202EF308201D7A00302010202105F59EA478B57CCA14016285B51D69914300D06092A864886F70D01010B05003016311430120603550403130B53697465205365727665723020170D3135303631303133323635335A180F32313135303531383133323635335A3016311430120603550403130B536974652053657276657230820122300D06092A864886F70D01010105000382010F003082010A0282010100D8C74F13BFB0B4FBB1A5AAB596B5F45F096BB31FEB15FA885BA82F471B608EDF5ADF959647FD43BD19EFDF05C6CA3F52E83C46A985970A16EB7E24DEF6681662CF5CD26E92FEC79C95C902B05652F74BE9F62F2C4A51B3C58E9AA53BFB169B6B737ACC6610124B77066D00B88E055B830B5915C05013AA78C65C1CF54DEF09E8FABEACA1D6B1E56B29ECD770C102B12E27813CB9E136A5509D2B83D2369E2E273DD090F54BCAEFEA858A860E178C5B3D1FA54EC5313FABB99855C8FDCA6132DF5FC68D666062DF073F16C5D925AFB48CF17CE00EEB657A51737A2C81B18F864E0F2FF0AF7AFB0B716BBBE008FACA1AE9080918A7B75FAFB8C26E2F0A0698D80F0203010001A3373035301D0603551D110416301482125343434D2E426569744368616E612E6F726730140603551D25040D300B06092B060104018237650B300D06092A864886F70D01010B05000382010100A48C416F269899840902D70BE3BC32173C7490D90863A9DABB1C3C235C1DF076FAA74C33187E76B90E3EE9D0857860F9CC587F7E7D348EAF4BF53F894B740083DF281CC4A16CF229725F297A56B49B34CE93C298F1E1DB355CC3805F62D3C06994C6127B0E7DC5535F9AFFF783E778D8A5F22F9A27DD4681A42672345C850BC6E88EE0DC57A7C08FC70341E0A72E3766A7D6D2642BB330E439F71A4C78F6375E49CB051285873CFFC9CB554754C3350CC5DC9090D4A861AEFE9A55989B7E9CE76C4AB07522CEB108F22ECCA3BE7563371FC6E83C27D2CA0A85564F32414107AB50F0D971D8F1EF0161A0E7772CBD291270536DB207CF38B7131680A21F6E049C</SiteSigningCert></SecurityConfiguration><RootSiteCode>770</RootSiteCode><CCM> <CommandLine>SMSSITECODE=770</CommandLine> </CCM><FSP> <FSPServer></FSPServer> </FSP><Capabilities SchemaVersion ="1.0"><Property Name="SSL" Version="1" /><Property Name="SSLState" Value="31" /></Capabilities><Domain Value="myDomian.com" /><Forest Value="myDomian.com" /><AADConfig Version="1.0"><Tenants></Tenants></AADConfig></ClientOperationalSettings>' ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to get client identification object, 0x80041010 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to get client identification object, 0x80041010 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
The MP name retrieved is 'SCCM.myDomian.com' with version '9068' and capabilities '<Capabilities SchemaVersion="1.0"><Property Name="SSL" Version="1"/><Property Name="SSLState" Value="31"/></Capabilities>' ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
MP 'SCCM.myDomian.com' is not compatible ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Retrieved 0 MP records from AD for site '770' ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
No AAD tenants information found. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Updating AAD onboarding info to ClientAppId '', ResourceUri '', AADAuthUrl '', UserAuthReady 1 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Persisted AAD on-boarding info. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
FromAD: command line = SMSSITECODE=770 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Local Machine is joined to an AD domain ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Current AD forest name is myDomian.com, domain name is myDomian.com ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Domain joined client is in Intranet ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
CMPInfoFromADCache requests are throttled for 00:59:59 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Successfully refresh bootstrap information from AD. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Begin searching client certificates based on Certificate Issuers ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Completed searching client certificates based on Certificate Issuers ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Begin to select client certificate ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
The 'Certificate Selection Criteria' was not specified, counting number of certificates present in 'MY' store of 'Local Computer'. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
14 certificate(s) found in the 'MY' certificate store. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
The 'MY' of 'Local Computer' store has 14 certificate(s). Using custom selection criteria based on the machine name. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Machine name is 'tech-menachem.myDomian.com'. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
There are no certificate(s) that meet the criteria. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Performing search that includes SAN2 extensions... ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint F218A2B2F6D5F68E48472300D151013D55F15036] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint EED86BFCA18018E4ED0CC447A653EB2900C687AD] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint E8D10ABBB3522E621B4C7E1416BB3663AE5F505E] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint E8A7470D03BC220FB06D71F0309C56FA0E7463B2] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint D3AB3D64DDB624B4F889DFA091D53BF162B50184] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint C1C88F4A9722B03992D1EF54C9968B23AA9EC9C7] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint A5E83B69597B77832E02C7AF69B44AB5D094DE1C] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 977A5EAFFAE2E93196FBF67006D128C3F897F48D] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 7EFDB1538DBBF1159F5DEA493D922246890FB473] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 792A65941F29C34EB34CB9CF565281642F86890A] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 78AC3E30D3D7ACC4D0C4D60FDDBC289C669BB9E4] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 4E327AA72F353B80B2EC91D3EF17AE68689DF1D0] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 38FB188D9C7DA555EA66A36912C6BFBDA0BB5F37] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Certificate [Thumbprint 3447CA580D82F8A6DC3778F7789CD725CF8264AE] doesn't have SAN2 extension. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Using custom selection criteria based on the machine NetBIOS name. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Machine name is 'TECH-MENACHEM'. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
There are no certificate(s) that meet the criteria. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to get client identification object, 0x80041010 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to get client identification object, 0x80041010 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
MP 'HTTPS://SCCM.myDomian.com' is HTTPS. Client does not allow to use PKI issued cert and is not AAD capable. Ignoring this MP. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
No MP or source location has been explicitly specified. Trying to discover a valid content location... ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Looking for MPs from AD... ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
CMPInfoFromADCache requests are throttled for 00:59:59 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
No AAD tenants information found. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Updating AAD onboarding info to ClientAppId '', ResourceUri '', AADAuthUrl '', UserAuthReady 1 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Persisted AAD on-boarding info. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
FromAD: command line = SMSSITECODE=770 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Current AD forest name is myDomian.com, domain name is myDomian.com ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Domain joined client is in Intranet ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
CMPInfoFromADCache requests are throttled for 00:59:59 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
No valid source or MP locations ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Sending state '322'... ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 2147500037 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to get client version for sending state messages. Error 0x80041010 ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
[] Params to send '5.0.9068.1008 Deployment "C:\WINDOWS\ccmsetup\ccmsetup.exe" /runservice /ForceInstall /ignoreskipupgrade /config:MobileClient.tcf' ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Sending message with STATEID='322' via the existing client. ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to open StateMsg namespace with error 0x8004100e ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to send state message via the existing client. Error 0x8004100e ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to send status 322. Error (8004100E) ccmsetup 15/03/2022 13:25:49 18200 (0x4718)
Failed to connect to policy namespace. Error 0x8004100e ccmsetup 15/03/2022 13:25:49 8060 (0x1F7C)
Failed to revoke client upgrade local policy. Error 0x8004100e ccmsetup 15/03/2022 13:25:49 8060 (0x1F7C)
Sending state '301'... ccmsetup 15/03/2022 13:25:49 8060 (0x1F7C)
Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 2147500037 ccmsetup 15/03/2022 13:25:49 8060 (0x1F7C)
CcmSetup failed with error code 0x80004005 ccmsetup 15/03/2022 13:25:49 8060 (0x1F7C)

Microsoft Security | Intune | Configuration Manager | Other
0 comments No comments
{count} votes

17 answers

Sort by: Most helpful
  1. Amandayou-MSFT 11,156 Reputation points
    2022-03-28T06:32:36.367+00:00

    Hi,

    According to the record,

    WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set
    WINHTTP_CALLBACK_STATUS_FLAG_INVALID_CA is set

    The error id from the MP, WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED,It means Certification revocation checking has been enabled, but the revocation check failed to verify whether a certificate has been revoked. The server used to check for revocation might be unreachable.

    So please uncheck the option of Clients check the certificate revocation list(CRL) for site systems.

    187373-328.png


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

    0 comments No comments

  2. Menachem Kratz 1 Reputation point
    2022-03-29T08:19:10.27+00:00

    I did it was not enough

    Logs and a screenshot of the current state of the screen on which the change was made are again attached
    Thank you
    And special thanks for detailing and explaining why you think this is what needs to be done187825-ccmsetup.log

    187834-ccmsetup.log

    187788-ccmsetup.log

    187789-image.png

    0 comments No comments

  3. Menachem Kratz 1 Reputation point
    2022-03-29T08:19:46.41+00:00

    ---> Attempting to connect to administrative share '\G-AVI\admin$' using account 'BEITCHANA770\Administrator' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> SspiEncodeStringsAsAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> SspiExcludePackage succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> SspiMarshalAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> NetUseAdd failed: 1396: dwParamError = 0 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> NTLM fallback is enabled SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account BEITCHANA770\Administrator (00000574) SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> Attempting to connect to administrative share '\G-AVI\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> Failed to connect to \G-AVI\admin$ using machine account (1396) SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> ERROR: Failed to connect to the \G-AVI\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> ERROR: Unable to access target machine for request: "2097153120", machine name: "G-AVI", access denied or invalid network path. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    Execute query exec [sp_CP_SetLastErrorCode] 2097153120, 1396 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    Stored request "2097153120", machine name "G-AVI", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097153120, 2 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    Execute query exec [sp_CP_SetLatest] 2097153120, N'03/28/2022 22:37:56', 157 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    <======End request: "2097153120", machine name: "G-AVI". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ======>Begin Processing request: "2097153124", machine name: "T-MICHA" SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    Execute query exec [sp_IsMPAvailable] N'770' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> Attempting to connect to administrative share '\T-Micha.BeitChana.org\admin$' using account 'beitchana770\cmadmin' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> SspiEncodeStringsAsAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> SspiExcludePackage succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    ---> SspiMarshalAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:56 1392 (0x0570)
    Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Getting a new request from queue "Retry" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Found CCR "2097153125.ccr" in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Execute query exec [sp_CP_GetPushRequestMachine] 2097153125 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Successfully retrieved information for machine S-CAMERA from DB SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Execute query exec [sp_CP_GetPushRequestMachineIP] 2097153125 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Execute query exec [sp_CP_GetPushRequestMachineResource] 2097153125 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Execute query exec [sp_CP_GetPushMachineName] 2097153125 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Received request: "2097153125" for machine name: "S-CAMERA" on queue: "Retry". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Error event time has expired for Request "2097153125" for machine "S-CAMERA". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Stored request "2097153125", machine name "S-CAMERA", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097153125, 1 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:57 7584 (0x1DA0)
    ----- Started a new CCR processing thread. Thread ID is 0x3848. There are now 3 processing threads SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 7584 (0x1DA0)
    Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 7584 (0x1DA0)
    Getting a new request from queue "Retry" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 7584 (0x1DA0)
    Sleeping for 60 minutes for queue "Retry". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 7584 (0x1DA0)
    ======>Begin Processing request: "2097153125", machine name: "S-CAMERA" SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 14408 (0x3848)
    Execute query exec [sp_IsMPAvailable] N'770' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 14408 (0x3848)
    ---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 14408 (0x3848)
    ---> Attempting to connect to administrative share '\S-Camera.BeitChana.org\admin$' using account 'beitchana770\cmadmin' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 14408 (0x3848)
    ---> SspiEncodeStringsAsAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 14408 (0x3848)
    ---> SspiExcludePackage succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 14408 (0x3848)
    ---> SspiMarshalAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:37:59 14408 (0x3848)
    ---> NetUseAdd succeeded for IPC$ authentication! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    ---> Searching for SMSClientInstall.* under '\G-Sara.BeitChana.org\admin$\' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    ---> Unable to get Win32_OperatingSystem object from WMI on remote machine "G-Sara.BeitChana.org", error = 0x80041010. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    ---> Unable to connect to remote machine "G-SARA" using Kerberos with machine account, error - 0x80070005. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    --> NTLM fallback is enabled, remote machine "G-SARA" is continuing with client push. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    ---> Unable to connect to WMI on remote machine "G-SARA", error = 0x80070005. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    ---> Deleting SMS Client Install Lock File '\G-Sara.BeitChana.org\admin$\SMSClientInstall.770' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    Execute query exec [sp_CP_SetLastErrorCode] 2097153106, -2147024891 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    Stored request "2097153106", machine name "G-SARA", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097153106, 2 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    Execute query exec [sp_CP_SetLatest] 2097153106, N'03/28/2022 22:38:14', 157 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    <======End request: "2097153106", machine name: "G-SARA". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:14 9128 (0x23A8)
    ---> NetUseAdd failed: 53: dwParamError = 0 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> NTLM fallback is enabled SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account beitchana770\cmadmin (00000035) SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> The device S-Camera.BeitChana.org does not exist on the network. Giving up SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> Attempting to connect to administrative share '\S-CAMERA\admin$' using account 'beitchana770\cmadmin' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> SspiEncodeStringsAsAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> SspiExcludePackage succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> SspiMarshalAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:20 14408 (0x3848)
    ---> NetUseAdd failed: 53: dwParamError = 0 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> NTLM fallback is enabled SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account beitchana770\cmadmin (00000035) SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> The device T-Micha.BeitChana.org does not exist on the network. Giving up SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> Attempting to connect to administrative share '\T-MICHA\admin$' using account 'beitchana770\cmadmin' SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> SspiEncodeStringsAsAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> SspiExcludePackage succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> SspiMarshalAuthIdentity succeeded! SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:21 1392 (0x0570)
    ---> NetUseAdd failed: 53: dwParamError = 0 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    ---> NTLM fallback is enabled SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account beitchana770\cmadmin (00000035) SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    ---> The device S-CAMERA does not exist on the network. Giving up SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    ---> ERROR: Unable to access target machine for request: "2097153125", machine name: "S-CAMERA", access denied or invalid network path. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    Execute query exec [sp_CP_SetLastErrorCode] 2097153125, 53 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    Stored request "2097153125", machine name "S-CAMERA", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097153125, 2 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    Execute query exec [sp_CP_SetLatest] 2097153125, N'03/28/2022 22:38:41', 157 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    <======End request: "2097153125", machine name: "S-CAMERA". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:41 14408 (0x3848)
    ---> NetUseAdd failed: 53: dwParamError = 0 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    ---> NTLM fallback is enabled SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account beitchana770\cmadmin (00000035) SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    ---> The device T-MICHA does not exist on the network. Giving up SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    ---> ERROR: Unable to access target machine for request: "2097153124", machine name: "T-MICHA", access denied or invalid network path. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    Execute query exec [sp_CP_SetLastErrorCode] 2097153124, 53 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    Stored request "2097153124", machine name "T-MICHA", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097153124, 2 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    Execute query exec [sp_CP_SetLatest] 2097153124, N'03/28/2022 22:38:42', 157 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    <======End request: "2097153124", machine name: "T-MICHA". SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:38:42 1392 (0x0570)
    The Site Control File has not changed since the last parameter update. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Updating Site Parameters SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    MP Ports: 80 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    IISPreferedPort: 80 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    MP SSL Ports: 443 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    IISSSLPreferedPort: 443 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Default MP: SCCM.BeitChana.org SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Default MP Type: 1 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Default MP: [None] SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Certificate Selection Criteria: SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Certificate Store: SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    SSL State: 448 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    PKI Cert Options: 0x1 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Select First Certificate: 1 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Certificate Issuers: CN=BeitChana-CA; DC=BeitChana; DC=org SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Checking configuration information for server: SCCM.BEITCHANA.ORG. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    No Fallback Status Point installed on the Site SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Install on DC: False SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Option for installing using IP address: 0 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Sleeping for 1200 seconds... SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:40:08 7512 (0x1D58)
    Thread has been inactive too long. Closing thread SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:14 9128 (0x23A8)
    --- This thread is terminating due to inactivity SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:14 9128 (0x23A8)
    ----- Terminated CCR processing thread. There are now 2 processing threads SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:14 9128 (0x23A8)
    Thread has been inactive too long. Closing thread SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:41 14408 (0x3848)
    --- This thread is terminating due to inactivity SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:41 14408 (0x3848)
    ----- Terminated CCR processing thread. There are now 1 processing threads SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:41 14408 (0x3848)
    Thread has been inactive too long. Closing thread SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:42 1392 (0x0570)
    --- This thread is terminating due to inactivity SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:42 1392 (0x0570)
    ----- Terminated CCR processing thread. There are now 0 processing threads SMS_CLIENT_CONFIG_MANAGER 29/03/2022 01:48:42 1392 (0x0570)
    The Site Control File has not changed since the last parameter update. SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    Updating Site Parameters SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    MP Ports: 80 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    IISPreferedPort: 80 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    MP SSL Ports: 443 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    IISSSLPreferedPort: 443 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    Default MP: SCCM.BeitChana.org SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    Default MP Type: 1 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    Default MP: [None] SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    Certificate Selection Criteria: SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    Certificate Store: SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 7512 (0x1D58)
    SSL State: 448 SMS_CLIENT_CONFIG_MANAGER 29/03/2022 02:00:08 75


  4. Menachem Kratz 1 Reputation point
    2022-03-30T09:40:25.99+00:00

    B"H
    in the mmc i find the cert:
    188352-image.png

    but when i try to use the url's i get access deny
    here is the screanshut`s:

    188372-mp-nottrusted.png

    188381-cert-mp.png

    188342-mp-cert2.png

    188326-mp.png

    And in the second URL (using Firefox):
    188374-sms-mp1.png
    188353-sms-mp2.png188230-sms-mp3.png

    0 comments No comments

  5. Menachem Kratz 1 Reputation point
    2022-03-30T09:47:09.417+00:00

    I see in MMC that the certificate was issued by my computer: tech-menachem, is that what it should be?
    This is probably a certificate I issued based on your reference to this guide:
    https://www.prajwaldesai.com/export-root-ca-certificate-for-configmgr

    0 comments No comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.