Program rejected invalid policy'. But a part of the script is to copy files from a UNC path to the SCCM client. Could not be run because the policy contains an invalid combination of requirements. The program is set to require user input. SCCM MindMap; Clients Do Not Run. Program rejected (Invalid Policy). The program for the advertisement 'QAZ200A6'. How can the answer be improved?
SCCM: MP has rejected the request because CD(SMSID = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx) certificate has expired This time I was working with a customer on a System Center Configuration Manager Update. The error message was: “MP has rejected the request because CD(SMSID = blablabla) certificate has expired. For a few minutes I had an idea that this could be a broken client (long day), this lead me into the SCCM database for troubleshooting. ClientAuth.log showed error: Client ‘cbc4f875-1194-401f-b906b5a’ is unknown or has an invalid key registered in the database. SCCM 2012 has a nice little feature called subscriptions that can help compile up the reports you want and have them saved onto a file share or even sent straight to your inbox on a regular basis! How neat is that? You can set up subscriptions for yourself, others or groups of people as you would expect.
So for us to set up a subscription, we must first go to the report we want to subscribe to. In this tutorial, we’ll create a subscription to “Computers with low memory (less than or equal to specified MB)”.
Expand the Reporting and Reports node and click on the “Hardware – Memory” node. SQL Query To Retrieve Advanced Clients Assigned Site Code And Client Version This SQL Query will allow you to list the assigned site code and client version numbers for your advanced client resources. SQL Query: Select SD.Name0 ‘Machine Name’, SC.SMSAssignedSites0 ‘Assigned Site’, SD.ClientVersion0 Version From vRSystem SD Join vRASystemSmsAssignedSites SC on SD.ResourceID = SC.ResourceID Join vGSOperatingSystem OS on SD.ResourceID = OS.ResourceID Where SD.Client0 = 1 And SD.ClientType0 = 1 Order By ‘Machine Name’. Install Windows Server 2008 or higher NOTE: The instructions apply for Windows Server 2008 R2, Windows Server 2012, Windows Server 2012 R2.
PREREQUISITES On Domain Controler Change the computer name to something proper Run “dcpromo” to promote the server to domain controller. Extend AD schema – check the log if it is successful Open ADSI, connect to the default site Select System and create new object Select container class and name it System Management Open Properties- Security of the new object and add the server computer to the security group with full control Click advanced and on System select This object and all descending objects.
As you may already know, Microsoft’s latest antivirus product, FEP (Forefront Endpoint Protection) integrates very tightly with the Configuration Manager 2007 product. When we rolled the product out, everything went smoothly throughout the installation process, but once we got the product installed and deployed we started seeing a few issues. We quickly found that the FEP installation broke SCCM’s Inventory features (Software and Hardware Inventory) in our central site. The FEP infrastructure is also very dependent on these roles. We found that none of the FEP collections were being correctly populated, notifications did not work, and report data was not available (FEP dashboard did not have valid data). However, the FEP client installs via SCCM worked just fine and policy distribution was working as expected; just the features mentioned previously did not work properly. We found most of our clients were getting tagged as “Locally Removed”, which was not correct.
However, everything continued to function at my child sites, but FEP Server services were not installed in those sites specifically (they are leveraging from the central site). Clients in our child site, were properly getting marked as deployed, collections were accurate, and reports worked as expected. After some digging I found the following errors in our Central Site.
On the SMSINVENTORYDATALOADER (Message 2703): SMS Inventory Data Loader failed to process the delta MIF file “XHIS9QJA2.MIF” and has moved it to “C: Program Files (x86) Microsoft Configuration Manager inboxes auth dataldr.box BADMIFS sbklk1e3.MIF.” Possible cause: The file attempted to update inventory information in the SMS site database that does not already exist, or the file contains invalid syntax. Solution: The client inventory needs to be resynchronized, which will be done automatically.
Look for the status messages 2714 and 2715, which indicate the resynchronization has begun. SMSSOFTWAREINVENTORYPROCESSOR (Message 3701): SMS Software Inventory Processor failed to process software inventory file “C: Program Files (x86) Microsoft Configuration Manager inboxes auth sinv.box 2DOF71GM.SID,” and has moved it to “C: Program Files (x86) Microsoft Configuration Manager inboxes sinv.box BADSinv d3vjuy2u.SID.”Possible cause: The file attempted to update inventory information in the SMS site database that does not already exist, or the file contains invalid syntax. Solution: The client inventory needs to be resynchronized, which will be done automatically.
Look for the subsequent message 3703, which indicates the resynchronization has begun. SMSMPCONTROLMANAGER (Message 5447): MP has rejected a policy request from GUID:67721D88-256E-4282-AF9A-71D0AF14E4FD because it was not approved. These errors would be in the logs hundreds of times in matter of seconds. Unfortuantely, the fix we found was not a simple one and is somewhat disruptive to the SCCM environment and time consuming. Brandon, I have never been able to reproduce this issue on a new installation, it has always “just worked” as it should. Unfortunately, I don’t know any way to “prevent” it from happening as I can’t make it happen on demand.
I’ve only seen it happen in production environment (that is a year or two old), but never in a new lab setup. My guess would be that if you have a clean new site and new installation, it will probably just work (hopefully). Having a clean rebuild should be similiar to steps above, just more details of doing everything not just the components above. Sorry I’m not more helpful.