When SCCM is running in native mode, often SCCM clients fail to install Server Signing Certificate and we get this status message ( from site status node)
“The ConfigMgr Advanced Client rejected the site server signing certificate due to a trust-related failure (0x800b0109)”
LocationServices.log in the SCCM clients shows these errors:
“Failed to update Site Signing Certificate over AD with error 0x800b0109”
.
.
“Failed to set site signing certificate (0x800b0109”
.
.
“Failed to update Signing Certificate over HTTP with error 0x800b0109”
Solution:
Look for these registry values in a working client and apply the same on failing client:
X64 – HKLM\Software\WOW6432Node\Microsoft\CCM\Security
X86 – HKLM\Software\Microsoft\CCM\Security
Keys - AllowedRootCAHashCode, Signing Certificate.
Now a client repair/install will resolve the issue.
Look at this Technet document also for renewing or changing the Site Server Signing Certificate.
No comments:
Post a Comment