Client registration check status: 2

2 users found this article helpful

Symptoms

PMM is configured in PKI mode, agents fail to connect to proxy.

pma_agent.log contains errors like this:
03-19 13:23:28.313 D /ClientStatusChecker:68120:1f0b/ Client registration check status: 2

pma_isv_proxy_service.log:
03-19 13:23:29.090 D /SmsMsgApi:10852:3100/ {send_message @ RegistrationMessage.cpp:412} Registration response for message type 0: '<ClientRegistrationResponse ResponseType="Registration" TimeStamp="2019-03-19T13:23:28Z" Status="3" ApprovalStatus="-1"/>'
03-19 13:23:29.090 W /SmsMsgApi:10852:3100/ {send_message @ RegistrationMessage.cpp:421} Unable to parse registration response for message type 0: '<ClientRegistrationResponse ResponseType="Registration" TimeStamp="2019-03-19T13:23:28Z" Status="3" ApprovalStatus="-1"/>'
03-19 13:23:29.090 W /SmsResourceMgr:10852:3100/ Registration response could not be parsed
03-19 13:23:29.090 W /CmProxyUtils:10852:3100/ Could not reregister client 'BB83AE5D-ABE0-044E-A593-144487E3D922' with PKI certificate '30b0d9fbb6334fd93bc3b2e4ef560171843416ce': 3
03-19 13:23:29.090 W /CmProxyUtils:10852:3100/ Not re-registered client 'BB83AE5D-ABE0-044E-A593-144487E3D922' with peer certificate 30b0d9fbb6334fd93bc3b2e4ef560171843416ce (PKI mode): 3
03-19 13:23:29.090 D /pma_isv_proxy_service:10852:3100/ Sending registration status 2 to 10.3.98.103 (lnr-0a9f5yw-mb.cudirect.com, bb83ae5d-abe0-044e-a593-144487e3d922)

MP_RegistrationManager.log:
<![LOG[Begin validation of Certificate [Thumbprint 30B0D9FBB6334FD93BC3B2E4EF560171843416CE] issued to 'BB83AE5D-ABE0-044E-A593-144487E3D922']LOG]!><time="13:23:29.075+420" date="03-19-2019" component="MP_RegistrationManager" context="Registration" type="1" thread="14304" file="CcmCert.cpp:1703">
<![LOG[The certificate chain processed correctly but terminated in a root certificate not trusted per ConfigMgr CTL.]LOG]!><time="13:23:29.075+420" date="03-19-2019" component="MP_RegistrationManager" context="Registration" type="3" thread="14304" file="CcmCert.cpp:1460">
<![LOG[Completed validation of Certificate [Thumbprint 30B0D9FBB6334FD93BC3B2E4EF560171843416CE] issued to 'BB83AE5D-ABE0-044E-A593-144487E3D922']LOG]!><time="13:23:29.075+420" date="03-19-2019" component="MP_RegistrationManager" context="Registration" type="1" thread="14304" file="CcmCert.cpp:1865">
<![LOG[MP Reg: Client in-band certificate is not valid due to failures in certificate chain validation, Raising status event. Failure HR = 0x800b0109, In-band Cert SubjectName =

Cause

SCCM doesn't trust CA that issued PMM PKI certificates.

Resolution

Export Root CA certificate and and specify it in SCCM Console > Administration > Site Configuration > Sites > %Properties of the site% > Client Computer Communication:

Was this article helpful?

Tell us how we can improve it.