Hello, I'm having trouble with a particular client that stops receiving SCCM advertisements and seems to throw no errors. Here's what I've got so far:

The name of the client in question is "Joetest" I have taken numerous steps to resolve this issue and I have attempted to document them all here. I have also re-imaged this computer and started from scratch. I was able to reproduce
this "state" of not receiving software advertisements, but I'm not at all clear on how I did this. I have not found any production computers that have fallen into this "state".

I'd like some criticism on how to better troubleshoot this, what I can do to continue troubleshooting and some thoughts on what may cause this to happen.

color code:
green is a microsoft knowledge base or other microsoft source.
blue is a log.
red is an error line in that log.
black is me.
brown is a decorated forum participant from that link.



Symptoms: Client doesn't recieve Advertisements.



Is the client getting the advertisement policy?

Check the ccmexec.log for the advertisementID.
If the advertisementID is not in the ccmexec.log, check the ccmexec.log for errors communicating with the Management Point.
If the ccmexec.log shows errors communicating with the MP, follow basic connectivity tests such as pinging the MP by IP address, pinging the MP by hostname
and telnetting to port 80 on the MP. If these all succeed, also verify that the Default Web Site in IIS on the MP is bound to port 80.
If the ccmexec.log indicates the client can communicate with the MP, check the Management Point to see if the policy exists there using MPGetPolicy.exe.
If the policy is not on the MP, ensure communications from the site server to the Management Point.

This is the first and last lines of a package called Adobe Reader 9.3.0 MUI, which installed successfully (it also ran a program to uninstall the 9.1.0 version of Reader).

Last application pushlog
from (joetest)execmgr.log:

Policy arrived for parent package <redacted> program Default execmgr 5/4/2010 12:06:56 PM 432 (0x01B0)
Program exit code 0 execmgr 5/4/2010 12:11:41 PM 3908 (0x0F44)

After this, i receive no further advertisements as far asthe execmgr.log is concerned.

So, I've started digging into (joetest)ccmexec.log
around the time of the last successful application push

This would be the notification in ccmexec-20100504-113644.log

Notifying endpoint 'execmgr' of __InstanceCreationEvent settings change on object CCM_SoftwareDistribution.ADV_AdvertisementID="RED20061",PKG_PackageID="Red00032",PRG_ProgramID="Default"
for user 'S-1-5-18'. CCMEXEC 5/4/2010 12:06:56 PM 432 (0x01B0)

Notifying endpoint 'execmgr' of __InstanceCreationEvent settings change on object CCM_SoftwareDistribution.ADV_AdvertisementID="RED20061",PKG_PackageID="Red00032",PRG_ProgramID="Uninstall
Reader 9_1_3 Silent" for user 'S-1-5-18'. CCMEXEC 5/4/2010 12:06:56 PM 3320 (0x0CF8)
Notifying endpoint 'execmgr' of __InstanceModificationEvent settings change on object CCM_SoftwareDistribution.ADV_AdvertisementID="RED20061",PKG_PackageID="Red00032",PRG_ProgramID="Default"
for user 'S-1-5-18'. CCMEXEC 5/4/2010 12:48:39 PM 2772 (0x0AD4)

There is no further mention of AdvertisementID in the remainder of the log, or the continuation of it in the active ccmexec.log file.

As far as I can tell, there are no communication issues present between Redacted(MP) and client.

I can ping Redacted from Joetest both by IP and hostname.

MPGetPolicy.exe appears to be a tool that is unique to SMS 2003, so at this point my guide may be obsolete. Looking for a comperable tool in SCCM 2007 - so far I haven't found one and I've hardly got a clue what I'd be looking for if I did find a comperable tool.

Ruled out typical issues:

no apparent WMI issues that happened after the last successful software install.
DNS had issues before i started even working on pushing software updates and I had corrected it. It seems fine now.
AD authentication is fine - tested my unid account which is new to the computer.

Checked ClientLocation.log, per this post, and nothing looks wrong there. It clearly picks up Redacted as its MP.


Current Management Point is Redacted.Org.State.EDU
with version 6487 and capabilities: <Capabilities SchemaVersion="1.0">

<Property Name="SSL" Version="1"/></Capabilities>. ClientLocation 5/4/2010 11:36:46 AM 364 (0x016C)

SCCM Clients Not Receiving Advertisements

The target clients must be in the collection targeted. And they must show as Client = Yes.


If so, then I'd check the Policypv.log. If clients are targeted, it will say that the resource to policy map for x clients

(the currentpolicypv.log
file only goes back to 5/5/2010, which misses the events on 5/4/2010)

c:\program files (x86)\Microsoft Configuration Manager\Logs\policypv.log - on 5/4 will be recovered.

Then on the client, it would be the PolicyAgent.log. It should show that there was a delta policy with x policies.

Not sure what this means, but in C:\windows\system32\CCM\logs\PolicyAgent.log I got this error repeating often and it goes
back to 5/5/2010... the bkup log file only goes back to 5/5/2010 at 7 am and it is persistent from that point...

Signature verification failed for PolicyAssignmentID {6f94f2c5-4c5c-4ddd-a2ea-87b8772085c4}. PolicyAgent_ReplyAssignments 5/5/2010 11:46:58 PM 1824 (0x0720)


post #6

I've got no clue if there is any way to tell, whether or not the certs are correct... The only thing you can do is check with the Microsoft documentation... Most
of the times when you get the error Signature verification failed for PolicyAssignmentID
it has to do with a mismatch between the Client certificate and the Site Signing Certificate.

Then on the client, check the DataTransferService.log. It will show the downloading of policies.
If so, then the PolicyEvaluator.log will show that the policy was evaluated (two minutes after downloading).

Client Certificate Verify:

Start > Run... "mmc" ... file > add/remove snapin > add... certificates, system account. expand the certificates tree, under personal, open the certificates folder
and identify the Org-RedactedM-CA cert, (valid).
0 Comments   [ + ] Show Comments


Please log in to comment

Rating comments in this legacy AppDeploy message board thread won't reorder them,
so that the conversation will remain readable.


One thing we have seen is that sometimes the machines dont get entered into SCCM Properly. Along the same lines as verifying that the machine says Client = Yes, Make sure the system is also Approved. You can right click the machine and choose Approve.

Also, if you have any polling setup to pull machines from Active Directory or Heartbeat polling or what not. Try and delete the machine from SCCM and wait for SCCM to pick it up again. This sometimes allows SCCM to repoll the machine and pick it up correctly.

One other thing to look at, is if you have multiple buildings, verify that the site code for the machine is the site code of your PRIMARY site and not any other site code. For example, our primary SCCM server Site code is ABC, and we also have sites DEF, GHI, JKL. Even though the machine is at JKL, in SCCM its site code is supposed to be ABC. It didnt really make sense to me, but unless SCCM listed it as ABC, it didnt receive advertisements. SO deleting it from SCCM and waiting for it to be picked up again usually fixed that for us.
Answered 03/20/2012 by: cjgrasty
White Belt

Please log in to comment
Answer this question or Comment on this question for clarity