Updated site to MEM 2107 various issues

Copper Contributor

Hi All, 

i've updated two site to MEM 2107  and i've encountered these problems

 

Site 1 upgraded, Version 2002 to 2107:

PROBLEM: all the clients seems need re-registration of the key

MP has rejected a message from GUID:6****9 because the signature could not be validated. If this is a valid client, it will attempt to re-register automatically so its signature can be correctly validated.
Message ID 5447
The clients work fine but flooding all my MPs with the message 5447, the MP re-register the clients fine, i saw this in the clients logs.
RESOLUTION : i don't know how to resolve. Please Help me! i'm trying RESETKEYINFORMATION=TRUE on client push
 
Site 2 upgraded 2103 to 2107 :
PROBLEM: all the the new OS deployment clients after startup shows no applications, updates install as usual (boundaries are correct)
RESOLUTION: i've created a new revision of all application updating "support contact" and problem is gone away.
PROBLEM: during imaging of the clients we install all VC REDIST updated and if you try to reinstall the MEM Client 5.00.5098.1018 it fails for prerequisite because a newer version of the VC REDIST 2015-2019 x86 is present (WTF!)
RESOLUTION : disable the installation VCREDIST 2015-2019 from the os deployment for new clients, and for already installed clients, after removed the VC REDIST 2015-2019, the client reinstall as usual.
This thing have the cleintd updated with the VCREDIST 2015-2019 supplied by configuration manager client
 
too much BUGS, is needed a corrective patch for the new MEM 2107
 
 
 
 
 

 

3 Replies

Hi Luca,

Sorry to hear about your issue.

I can confirm that i have the exact same issue as described in your Site 1 description.
I've updated from version 2006 to 2107 without any version in between.
Did you receive any update so far?


Kind regards,
Mitch

@MitchIT 

Hi Mitch, 

 

i've around 4000 clients connected to that Site 1 , i belive the problem still persist for all new clients deployment , after the client re-generate the key , the key mismatch stop.

you can see that in client log folder ClientIDManagerStartup.log

 

Key 'ConfigMgrPrimaryKey' not found, 0x80090016. ClientIDManagerStartup 28/08/2021 21:05:23 6220 (0x184C)
Key 'ConfigMgrMigrationKey' not found, 0x80090016. ClientIDManagerStartup 28/08/2021 21:05:23 6220 (0x184C)
Client key not found, populating registration hint. ClientIDManagerStartup 28/08/2021 21:05:23 6220 (0x184C)
Preserving the current client self-signed signing certificate... ClientIDManagerStartup 28/08/2021 21:05:23 6220 (0x184C)
Preserved the current client self-signed signing certificate. ClientIDManagerStartup 28/08/2021 21:05:23 6220 (0x184C)
Retrieved Certificate options successfully ClientIDManagerStartup 28/08/2021 21:05:23 6220 (0x184C)
Begin validation of Certificate [Thumbprint AECEBE8C2537****143AA50F45] issued to 'SMS' ClientIDManagerStartup 28/08/2021 21:05:23 6220 (0x184C)
Completed validation of Certificate [Thumbprint AECEBE8C2537****143AA50F45] issued to 'SMS' ClientIDManagerStartup 28/08/2021 21:05:23 6220 (0x184C)

 

this error still persist on every client

Key 'ConfigMgrMigrationKey' not found, 0x80090016

it fill the CertificateMaintenance.log with this

Key 'ConfigMgrMigrationKey' not found, 0x80090016. CertificateMaintenance 03/09/2021 18:42:06 11604 (0x2D54)
Raising event:
instance of CCM_ServiceHost_CertRetrieval_Status
{
ClientID = "GUID:b78eb594-*****-70e6e90473d7";
DateTime = "20210903164206.355000+000";
HRESULT = "0x00000000";
ProcessID = 9440;
ThreadID = 11604;
};
CertificateMaintenance 03/09/2021 18:42:06 11604 (0x2D54)

 

the RESETKEYINFORMATION=TRUE put in the client installation push didn't resolve anything.

 

i've not any problem at client level.

i'm using HTTP Enhanced for communication. Can be this the problem because i've enabled the http with confmgr certificates only 2 days before the 2107 upgrade and not all the clients can be switched to use it...and... during the upgrade see this like a migration not completed of the key .. i think..

On site 2 i've enabled that from the beginning and not problem found on any MP DP.

 

i belive we need a support from MS to resolve or wait a complete distribution of the new 2107 confmgr client and open a case if persist. i must wait about 2-3 weeks to reach all the clients for upgrade, after that i belive that messages on MP are stopped or few.

 

Another problem i've seen on Site 1 .... Some OS Deployments not install all the application present in the task sequence and i've resolved creating a new revision of that.

 

 

best regards

Luca

 

 

@Luca_Solcia 

Hi Luca,


Thank you for your reply!


I have a less fewer cliënts, around 700.


I will take a look at those specific log files and let you know what i see.
I can only take a look at the client logfiles if i know what clients are having trouble.
Since the SCCM log is only showing "MP has rejected a message from GUID:6****9 because the signature could not be validated.". I have to take a look in the SQL tables to find out what GUID belongs to which MachineSID, which i then can compare to all the machineSID's in our Active Directory.

i'm using HTTP Enhanced for communication. Can be this the problem because i've enabled the http with confmgr certificates only 2 days before the 2107 upgrade and not all the clients can be switched to use it.

I've been using "HTTPS Only" with my site since a couple of years now. So i cannot answer your question, sorry.

I've been having trouble with my Task Sequences as well, during the image a lot of software was missing. I had to redeploy some Applications to my distribution points to fix that.
Also, when i performed the upgrade to 2107, i've noticed some errors on different components (Monitoring->System Status->Component Status). After carefully reading the logfiles I've noticed that some of my content files are corrupt. That's how i found out that i had to redistribute one driver pack as well.

Kind regards,

Mitch