failed to get client certificate for transportation error 0x87d00215

(Just giving I haven't seen real example of using TLS so I am not entirely sure I am doing the right thing. Error 0x87d00282. Begin searching client certificates based on Certificate Issuersccmsetup01/03/2019 16:38:072612 (0x0A34) Did you try the suggestion in that thread including settingCCMFIRSTCERT=1 CCMCERTSTORE=MY? I am trying to push the client to the server that is hosting my SCCM. LocationServices 8/9/2019 10:44:28 AM 9416 (0x24C8), 1 internet MP errors in the last 10 minutes, threshold is 5. ccmsetup01/03/2019 16:38:071124 (0x0464) Sending message body ' ', Completed searching client certificates based on Certificate Issuers, instance of CCM_ServiceHost_CertRetrieval_Status. Client is set to use webproxy if available. I just completed a new SCCM Primary Site installation for a customer who has a requirement of HTTPS communication only. ccmsetup01/03/2019 16:38:072612 (0x0A34) SiteVersion: 5.00.8740.1002ccmsetup01/03/2019 16:38:072612 (0x0A34) If I use the Cloud management Gateway connection analyzer with an Azure AD user sign in, it fails on the "Testing the CMG channel for management point: 'thenameoftheMP'" step with the following error: Failed to get ConfigMgr token with Azure AD token. Distribution Manager also requires that IIS Web Services be installed on the Distribution Point Server that needs to support Background Intelligent Transfer Service (BITS)? CCMSETUP bootstrap from Internet: 0 AllowFallbackToUnprotectedDP = 0 Failed to get DP locations as the expected version from MP 'HTTPS://VRPSCCMPR01.ad'. Error 0x8004100e ccmsetup 6/15/2017 12:24:47 AM 4480 (0x1180) SOLVED FAILED TO GET TARGETED UPDATE ERROR = 0X87D00215. ccmsetup01/03/2019 16:38:072612 (0x0A34) Error code = 0x80070002 ccmsetup 6/16/2017 9:09:51 PM 432 (0x01B0)Params to send '5.0.8412.1004 Deployment "C:\Windows\ccmsetup\ccmsetup.exe" ' ccmsetup 6/16/2017 9:09:51 PM 432 (0x01B0)Sending message with STATEID='322' via the existing client. GetSSLCertificateContext failed with error 0x87d00280 ccmsetup Defaulting to state of 63.ccmsetup01/03/2019 16:38:072612 (0x0A34) Failed to get DP locations as the expected version from MP 'HTTPS://SCCM-Server-Dan.cork.local'. 6/15/2017 12:24:47 AM 2680 (0x0A78) CCMCERTISSUERS: CN=SCCM-Server-Dan.cork.localccmsetup01/03/2019 16:38:072612 (0x0A34) I'm not great with ConfigMgr logs but ADALOperationProvider.log on the endpoint comes up with "Getting AAD (device) token" with the client ID, ResourceURL, and AccountID every so often but I don't see any errors. Status code is '401' and status description is 'CMGConnector_Unauthorized'. ', Begin validation of Certificate [Thumbprint B2400DEC508EBAACE84613AE21A33F4F59683BD0] issued to 'PTW01CISWB001. \\WINSCCM.TESTLAB.COM\SMSClient ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) Shutdown has been requested ccmsetup 6/15/2017 9:50:24 PM 4244 (0x1094) [DESKTOP-TM866AV] Running on 'Microsoft Windows 10 Pro' (10.0.10240). When looking on the client in control panel I see it has no certificate and the connection type is unknown 2. Get the device ID using "dsregcmd /status" to verify against your AAD information. 01:44 PM. [WINDOWS10X64] Running on 'Microsoft Windows 10 Enterprise 2016 LTSB' GetHttpRequestObjects failed for verb: 'CCM_POST', url: 'HTTPS://winsccm.testlab.com/ccm_system/request Opens a new window' ccmsetup 6/15/2017 12:24:47 AM 2680 (0x0A78) Error 0x87d00454ccmsetup01/03/2019 16:38:072612 (0x0A34) Failed to get client version for sending state messages. Source \\winsccm.testlab.com\SMSClient is inaccessible (67) ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) Uninstall Symantec Management Agent, refresh client in Microsoft Endpoint Configuration Manager console and the client immediately goes offline. Failed to get client certificate for transportation. This setting is correct and has been for quite some time so I know that the client is ignoring this, or not getting the correct information. MapNLMCostDataToCCMCost() returning Cost 0x1ccmsetup01/03/2019 16:38:072612 (0x0A34) Error 0x87d00215ccmsetup01/03/2019 16:38:072612 (0x0A34) [CCMHTTP] ERROR INFO: StatusCode=200 StatusText=ccmsetup01/03/2019 16:38:072612 (0x0A34) OS is not Win10RS3+, ENDOK. Error 0x87d00215. ccmsetup01/03/2019 16:38:072612 (0x0A34) From previous experience, I know that I should check client certificate selection settings to confirm that the client should select the certificate with the longest validity period. 16:38:072612 (0x0A34) not exist. Source \\WINSCCM.TESTLAB.COM\SMSClient is inaccessible (67) ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) 12:24:47 AM 2680 (0x0A78) Retrieved 0 MP records from AD for site '101'ccmsetup01/03/2019 16:38:072612 (0x0A34) - edited CcmSetup failed with error code 0x87d00280 ccmsetup 6/15/2017 12:24:47 AM 4480 (0x1180), Looks like an issue with using https for your client communication verify your clinet has the correct certs. Command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice /ignoreskipupgrade /config:MobileClient.tcfccmsetup01/03/2019 16:38:072612 (0x0A34) ccmsetup01/03/2019 16:38:072612 (0x0A34) I had also faced issue in upgrading SCCM Site server from 1806 to 1810 but not the same error which you received , however I checked above 2 log files and got the root cause. Certificate Issuer 1 [CN=SCCM-Server-Dan.cork.local]ccmsetup01/03/2019 16:38:072612 (0x0A34) Error 0x8004100e ccmsetup 6/15/2017 9:50:24 PM 4140 (0x102C) Domain joined client is in Intranetccmsetup01/03/2019 16:38:072612 (0x0A34) ccmsetup 6/15/2017 Your daily dose of tech news, in brief. Do you have enough disk space on the remote DP? There are at least 2 certificates valid for ConfigMgr usage that meet the selection criteria. Well occasionally send you account related emails. ConfigMgrAdminUISetupVerbose.log ? (0x0C94) I might be wrong. ccmsetup These are the errors I am getting. Failed to connect to machine policy namespace. SuiteMask = 272. dism.exe /online /norestart /enable-feature /ignorecheck /featurename:"IIS-WebServerRole" /featurename:"IIS-WebServer" /featurename:"IIS-CommonHttpFeatures" /featurename:"IIS-StaticContent" /featurename:"IIS-DefaultDocument" /featurename:"IIS-DirectoryBrowsing" /featurename:"IIS-HttpErrors" /featurename:"IIS-HttpRedirect" /featurename:"IIS-WebServerManagementTools" /featurename:"IIS-IIS6ManagementCompatibility" /featurename:"IIS-Metabase" /featurename:"IIS-WindowsAuthentication" /featurename:"IIS-WMICompatibility" /featurename:"IIS-ISAPIExtensions" /featurename:"IIS-ManagementScriptingTools" /featurename:"MSRDC-Infrastructure" /featurename:"IIS-ManagementService". GET 'HTTPS://winsccm.testlab.com/CCM_Client/ccmsetup.cab Opens a new window' The below command line was used for the client installation. (Just giving hint to find the issue ) Also please check whether Prerequisites check was successful. Unable to find any Certificate based on Certificate Issuersccmsetup01/03/2019 16:38:072612 (0x0A34) ', Begin validation of Certificate [Thumbprint BC0B3996CCDBED300F78A7A9A1EEFC32BCEA8EAE] issued to 'PTW01CISWB001. Error 0x8004100e. LocationServices01/03/2019 16:38:072612 (0x0A34) Yes server has full control in system management container. Failed to connect to policy namespace. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. Can you check "HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\windows\WindowsUpdate WUServer" on the device? Thank you very much for your feedback and sharing. Looking at registry settings from other clients that use HTTPS and are working I can see the following Dword. of certificates present in 'MY' store of 'Local Computer'. Finding certificate by issuer chain returned error 80092004ccmsetup01/03/2019 16:38:072612 (0x0A34) but if I scroll up enough in the log I do find an error "Failed to get client certificate for transportation. Find out more about the Microsoft MVP Award Program. Save my name, email, and website in this browser for the next time I comment. Task does I have got below message in target system: Begin to select client certificate ccmsetup 6/15/2017 12:24:47 I added a "LocalAdmin" -- but didn't set the type to admin. We are working every day to make sure our community is one of the best. CcmSetup failed with error code 0x80004004 ccmsetup 6/15/2017 9:50:24 PM 4140 (0x102C) Root CA specified. Is there a way i can do that please help. Similar thread for your reference, the issue is due to access privileges. Searching for DP locations from MP(s)ccmsetup01/03/2019 16:38:072612 (0x0A34) Please find the below Prajwal Desai link to upgrade SCCM 1810. https://www.prajwaldesai.com/sccm-1810-upgrade-guide - Maybe helpful. This is what I am getting now. @alexandertuvstrom The Web Server role (IIS, with a couple of specific role services enabled) only needs to be installed on the Distribution Point server, not on the site server.Installation and configuration of the Distribution Point role is indeed handled by the SMS_DISTRIBUTION_MANAGER component, which runs on the site server, but it doesn't need IIS installed on the site server itself for . The browser definitely can see the authority and recognize it: But in the case of grpc, the error comes from the client and says it cannot recognize it: transport: x509: certificate signed by unknown authority, Does that look correct? Have you check any error statement inConfigMgrAdminUISetup.log and ccmsetup 6/16/2017 9:09:51 PM 432 (0x01B0) ccmsetup 6/16/2017 9:09:51 PM 432 (0x01B0)CcmSetup failed with error code 0x80004005 ccmsetup 6/16/2017 9:09:51 PM 432 (0x01B0). It may not display this or other websites correctly. i have seen a fix to this by restarting the DP and distribute again the content but still it persist. @Kirk FrancisDid you ever get an answer to this? [CCMHTTP] ERROR: URL=https://SCCM-Server-Dan.cork.local/ccm_system/request, Port=0, Options=63, Code=0, Text=CCM_E_NO_CLIENT_PKI_CERTccmsetup01/03/2019 16:38:072612 (0x0A34) The SCCM client installation fails with below error shown in ccmsetup.log file. Sep 16 2020 LocationServices 8/9/2019 10:44:28 AM 9416 (0x24C8), 0 internet MP errors in the last 10 minutes, threshold is 5. Uninstall Symantec Management Agent, refresh client in Microsoft Endpoint Configuration Manager console and the client immediately goes offline. Can you share with us a screenshot of your: I think the issue might be resolved but I do have a question can you have overlaping boundaries and boundary groups with mutiple SCCM standalone servers. It has been sent. windows 11 deplyment is failed via sccm (sccm version:2111) and getting this error "Getupdate -failed to get targated update error= 0x87d00215 in updatedeployment.log. Can anyone explain each one to me? I have it worked before, but now nothing work, including windows 10 and 7. Is it a factor also for the updates not deploying to client computer? SCCM Software Updates not installing to endpoints, that SCCM site server computer account are in the Local. Flashback: March 3, 1971: Magnavox Licenses Home Video Games (Read more HERE.) The same settings worked for windows 10 machine but I am not sure why this is not working for windows 7 system. MEM clients go offline after Altiris / Symantec Management Agent get uninstalled Check if your boundaries and boundary groups are correctly configured. I used a third party certificate from a public and globally trusted certificate provider for the CMG server authentication certificate. ', Begin validation of Certificate [Thumbprint 6F72447F3B4EBC63F25AAB9023986F3F3FC22975] issued to 'PTW01CISWB001. Status text ''ccmsetup01/03/2019 16:38:072612 (0x0A34) No registry Start machine policy retrieval in configuration manager client control, WUserver is pointing in the sccm SUP and i have run the machine policy retrieval. Task does not exist. Failed to get site version from AD with error 0x87d00215 ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) ccmsetup Params to send '5.0.8412.1004 Deployment Error: 0x0, ' ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) IsSslClientAuthEnabled - Determining provisioning mode state failed with 80070002. ccmsetup.exe /SMSSITECODE = P01 Cause: The above error indicates that a new version of client installation source was required. IsSslClientAuthEnabled - Determining provisioning mode state failed with 80070002. Sign up for a free GitHub account to open an issue and contact its maintainers and the community. Retry time: 10 minute(s)ccmsetup01/03/2019 16:38:072612 (0x0A34) ', Begin validation of Certificate [Thumbprint E570B76528BE092F69297AEFB668FDC80DD28CBB] issued to 'PTW01CISWB001. ', Based on Certificate Issuer 'domainname Enterprise Root 01i001' found Certificate [Thumbprint 259ECEA46C3DAC33F0B5838C5B82E36B1BD872E3] issued to 'ptw01ciswb001. The text was updated successfully, but these errors were encountered: This is not an grpc issue. 02:27 PM. "Check configuration settings of the CMG service is up to date" has an error of "Configuration version of the CMG service should be 2. If you go to this location in the SCCM Console: Administration\Overview\Site Configuration\Sites. Also please check whether Prerequisites check was successful. and highlight your SCCM server then right click and choose "Client Installation Settings" > Client Push Installation and click on the tab called Installation Properties you can add the MP server and site code in there. ccmsetup01/03/2019 16:38:071124 (0x0464) Check if respective boundary group is associated with a Distribution Point. ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) ccmsetup01/03/2019 16:38:072612 (0x0A34) Failed to get directory list from 'HTTPS://site server name/CCM_Client'. Can somebody please give me an answer that actually worked to Folder 'Microsoft\Microsoft\Configuration Manager' not found. More info about Internet Explorer and Microsoft Edge, SOLVED FAILED TO GET TARGETED UPDATE ERROR = 0X87D00215. Did the example code above for the grpc client and server looked correct to you? ', Completed validation of Certificate [Thumbprint 6A5230A9641239E4489CA42559685F7358C8A0BB] issued to 'PTW01CISWB001. Client OS Version 6.2 Service Pack 0.0 ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register. The 'Certificate Selection Criteria' was not specified, counting number ccmsetup01/03/2019 16:38:072612 (0x0A34) A Fallback Status Point has not been specified and no client was Our community has been around for many years and pride ourselves on offering unbiased, critical discussion among people of all different backgrounds. ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) Did you setup your boundaries? Client re-install error Unable to find any Certificate based on Certificate Issuers Failed to get client certificate for transportation. Installation files will be reset and downloaded again. Only one MP HTTPS://SCCM-Server-Dan.cork.local is specified. The tlsConfig is initialised exactly the same for grpc, the certificate is returned using the GetCertificate method of *tls.Config. Ccmsetup command line: "C:\Windows\ccmsetup\ccmsetup.exe" /runservice Error 0x87d00282. Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0ccmsetup01/03/2019 16:38:072612 (0x0A34) SuiteMask = 272. Error: 0x87d00215, Torsten Meringer | http://www.mssccmfaq.de. Config file: C:\Windows\ccmsetup\MobileClientUnicode.tcfccmsetup01/03/2019 16:38:072612 (0x0A34) ccmsetup 6/15/2017 9:50:35 PM 3220 (0x0C94) Detected 33121 MB free disk space on system drive. I'm glad you may have found the root cause! ccmsetup 6/15/2017 12:24:47 AM 2680 (0x0A78) 3. Task does not exist. 'ccmsetup01/03/2019 16:38:072612 (0x0A34) ', Begin validation of Certificate [Thumbprint 259ECEA46C3DAC33F0B5838C5B82E36B1BD872E3] issued to 'ptw01ciswb001. Launch from folder C:\Windows\ccmsetup\ccmsetup01/03/2019 16:38:071124 (0x0464) Sharing best practices for building any app with .NET. ccmsetup01/03/2019 16:38:071124 (0x0464) Error 0x87d00282 "go to client computer communication and set the "Action to take if multiple certificates match criteria" to "Select the certificate with the longest validity period", has been set, a long time ago, I also tried turning it off for a few hours and back on, no difference. Error: Conn.resetTransport failed to create client transport: connection error: desc = "transport: x509: certificate signed by unknown authority".

failed to get client certificate for transportation error 0x87d00215 2023