Nov 02 2022 10:09 AM
In my SCCM CR 2207 environment I am not using HTTPS so no PKI. ISS is healthy, boundaries are configured properly. After the upgrade to CR 2207 I've noticed that I can't install the SCCM client onto any domain joined machine. The client installs and all log files appear in c:\windows\ccm\logs. When you look in Control Panel \ ConfigMan icon you only see Machine & User Policy, nothing else.
then I found this. In the file called LocationServices.log I see this over and over
Attempting to refresh certificate information from AD LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to refresh certificate information from AD LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Refreshing Certifcate Information over HTTP LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising event:
instance of CCM_CcmHttp_Status
{
DateTime = "20221102163532.451000+000";
HostName = "SCCM1.OurDomain.net";
HRESULT = "0x00000000";
ProcessID = 8736;
StatusCode = 0;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Status Agent hasn't been initialized yet. Attempting to create pending event. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising pending event:
instance of CCM_CcmHttp_Status
{
DateTime = "20221102163532.451000+000";
HostName = "SCCM1.OurDomain.net";
HRESULT = "0x00000000";
ProcessID = 8736;
StatusCode = 0;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify Certificate with error 0x80070057. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Refreshed Root Site Code from AD LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Attempting to refresh TRK from AD LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Refreshed TRK from AD LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising event:
instance of CCM_CcmHttp_Status
{
DateTime = "20221102163532.513000+000";
HostName = "SCCM1.OurDomain.net";
HRESULT = "0x00000000";
ProcessID = 8736;
StatusCode = 0;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Status Agent hasn't been initialized yet. Attempting to create pending event. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising pending event:
instance of CCM_CcmHttp_Status
{
DateTime = "20221102163532.513000+000";
HostName = "SCCM1.OurDomain.net";
HRESULT = "0x00000000";
ProcessID = 8736;
StatusCode = 0;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify Certificate with error 0x80070057. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify thumbprint with error '0x87d00304'. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to validate the certificate '' from management point 'SCCM1.OurDomain.net' LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising event:
instance of CCM_LocationServices_ManagementPointCertificate_CrossVerificationFailure
{
DateTime = "20221102163532.529000+000";
ManagementPoint = "SCCM1.OurDomain.net";
ProcessID = 8736;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Status Agent hasn't been initialized yet. Attempting to create pending event. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising pending event:
instance of CCM_LocationServices_ManagementPointCertificate_CrossVerificationFailure
{
DateTime = "20221102163532.529000+000";
ManagementPoint = "SCCM1.OurDomain.net";
ProcessID = 8736;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Refreshed Certificate Information over HTTP LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify message. Could not retrieve certificate from MPCERT. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
MPCERT requests are throttled for 00:04:59 LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Refreshing the Management Point List for site TST LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to retrieve MP certificate encryption info from AD. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising event:
instance of CCM_CcmHttp_Status
{
DateTime = "20221102163532.607000+000";
HostName = "SCCM1.OurDomain.net";
HRESULT = "0x00000000";
ProcessID = 8736;
StatusCode = 0;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Status Agent hasn't been initialized yet. Attempting to create pending event. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising pending event:
instance of CCM_CcmHttp_Status
{
DateTime = "20221102163532.607000+000";
HostName = "SCCM1.OurDomain.net";
HRESULT = "0x00000000";
ProcessID = 8736;
StatusCode = 0;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Refreshing trusted key information LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Refreshed Root Site Code from AD LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Attempting to refresh TRK from AD LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Refreshed TRK from AD LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising event:
instance of CCM_CcmHttp_Status
{
DateTime = "20221102163532.669000+000";
HostName = "SCCM1.OurDomain.net";
HRESULT = "0x00000000";
ProcessID = 8736;
StatusCode = 0;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Status Agent hasn't been initialized yet. Attempting to create pending event. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Raising pending event:
instance of CCM_CcmHttp_Status
{
DateTime = "20221102163532.669000+000";
HostName = "SCCM1.OurDomain.net";
HRESULT = "0x00000000";
ProcessID = 8736;
StatusCode = 0;
ThreadID = 9512;
};
LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Persisting the management point authentication information in WMI LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Persisted Management Point Authentication Information locally LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify message. Sending MP [SCCM1] not in cached MPLIST. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
MPLIST requests are throttled for 00:59:59 LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to send management point list Location Request Message to SCCM1.OurDomain.net LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Persisted Default Management Point Locations locally LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Attempting to retrieve local MPs from the assigned MP LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Current AD site of machine is Default-First-Site-Name LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
CcmGetLocationOverride LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify message. Could not retrieve certificate from MPCERT. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
MPCERT requests are throttled for 00:04:59 LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify message. Sending MP [SCCM1] not in cached MPLIST. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
MPLIST requests are throttled for 00:59:59 LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to send management point list Location Request Message to SCCM1.OurDomain.net LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Current AD site of machine is Default-First-Site-Name LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
CcmGetLocationOverride LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Current AD site of machine is Default-First-Site-Name LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
CcmGetLocationOverride LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify message. Could not retrieve certificate from MPCERT. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
MPCERT requests are throttled for 00:04:59 LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
Failed to verify message. Sending MP [SCCM1] not in cached MPLIST. LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
MPLIST requests are throttled for 00:59:59 LocationServices 11/2/2022 9:35:32 AM 9512 (0x2528)
I have googled a lot of these errors and many point to certs which we're not using. I have granted full permissions on just about everything I can find including in AD the System Management container. I even deleted the container, restarted the SMS EXEC service and it recreated everything.
My machines in my collections show the Approve grayed out.
What else would cause this?
Nov 02 2022 11:12 AM