SCCM Revoked Clients Registration
I ran into an issue where a few sites would call my SCCM team indicating they were having client problems. They would say the clients do not have all action items and it has been over 2 hours since the system finished the OSD Process. I had a few initial thoughts but they all were wrong. First we verified that VMware tools on the MP was fine, boundaries were correct, and that the client was not stuck in provisioning mode. The next course of action was to connect to a machine, investigate the bad client and start checking log files.
The SCCM Client looked as below with certificate set to none as you can see below instead of self-signed. This points out the client has not yet registered with the MP.
The next was to investigate the ClientIDManagerStartup.log which showed the error “Server Rejected registration Request: 3” This gave me the idea of clearing out the certs and trying to reinstall the client again.
however this produced another GUID with the same error problem so the pointed me to check log files on the MP.
This was quickly becoming a high exposure problem was our environment images anywhere between 25 – 175 machines a day. After a quick google search we were able to find a blog post where the solution was a few simple SQL lines.
The line below will identify systems that have revoked clients
Select * from ClientKeyData where isrevoked=1
The line below will clear out the problematic requests. Once these are cleared the systems should be able to successfully register
Update ClientKeyData set isrevoked=0 where isrevoked=1
Thanks to Emmanuel Rached blogpost below this was quickly resolved. The log files were screencaps from his blog post and everything else was from my environment. Please check out his blog as there is tons of other great stuff. https://www.emmanuelrached.com/2014/09/08/sccm-revoked-clients-registration/
ALSO CHECK: SQL Query to identify Win 10 security features for HP / DELL
