Microsoft KB Archive Search

Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

  1. Home
  2. System Center Configuration Manager 2007 client may not install during an OSD Task Sequence in a Refresh scenario

System Center Configuration Manager 2007 client may not install during an OSD Task Sequence in a Refresh scenario

Symptoms

When the Windows operating system is being refreshed on a PC using a Configuration Manager 2007 OSD Task Sequence, the ConfigMgr 2007 client may fail to install during the "Setup Windows and ConfigMgr" task and the Task Sequence fails. Examining the SMSTS.log reveals the following error:

Installing SMS client OSDSetupHook
Clearing existing client configuration. OSDSetupHook
Cleaning existing client certificates from SMS certificate store OSDSetupHook
Restoring SMS client identity. OSDSetupHook
Could not import certificate to temporary store (0x80092024) OSDSetupHook
Failed to restore client certificates. Code 0x80092024. OSDSetupHook
Failed to restore SMS client identity. Code 0x80092024. OSDSetupHook

Failed to install SMS Client (0x80092024) OSDSetupHook

Failed to execute task sequence (0x80092024) OSDSetupHook

Examining the ccmsetup.log and client.msi.log reveals that the logs either do not exist or have not updated since the ConfigMgr 2007 client was originally installed on the reference image.

↑ Back to the top

Cause

This issue can happen under the following circumstances:

  1. KB974571 is installed on the reference image.

  2. Before the Task Sequence is started on the client PC to be refreshed, the KB977203 ConfigMgr 2007 client patch has not been installed on the client PC nor has theCCMCertFix.exe utility from KB977203 ever been run on the client PC.

  3. The Task Sequence is started in the full Window OS via an Advertised Task Sequence (i.e., the Task Sequence wasNOT started via PXE or Boot Media).

The problem is caused by the self-signed certificates automatically generated by the ConfigMgr 2007 client in mixed mode. If theKB977203 ConfigMgr 2007 client patch was not installed on the client PC when the certificates were generated, then the certificates will have an embedded NULL character in the friendly name as described inKB974571.

When an OSD Task Sequence is used to Refresh a PC, the ConfigMgr 2007 client certificates are migrated from the old Windows OS to the new Windows OS. If the ConfigMgr 2007 client certificates on the original Windows OS have an embedded NULL character in the friendly name as described in KB974571, and if KB974571 is installed as part of the reference image being deployed by the Task Sequence, then when the new Windows OS is installed, KB974571 will block the ConfigMgr 2007 client certificate with the embedded NULL character in the friendly name from being migrated over. This will cause the ConfigMgr 2007 client to fail to install.

↑ Back to the top

Resolution

When KB977203 is installed on the ConfigMgr 2007 site server, besides the site server being patched, the following client related activities also take place:

  1. A utility called CCMCertFix.exe, along with its documentation, is placed in the directory:

    <ConfigMgr_2007_Install_Directory>\Logs\KB977203

  2. A ConfigMgr 2007 client patch is placed in the directory:

    <ConfigMgr_2007_Install_Directory>\Client\i386\hotfix\KB977203

  3. A package for the KB977203 ConfigMgr 2007 client patch is created in the ConfigMgr 2007 administrator console under "Computer Management" --> "Software Distribution" --> "Packages" for . The package is called:

    KB977203 - Advanced Client Hotfix

When the KB977203 ConfigMgr 2007 client patch is installed on a client PC, it allows the ConfigMgr 2007 client to properly generate the self-signed certificates without an embedded NULL character in the friendly name. However, if the certificates have already been generated, installing the KB977203 ConfigMgr 2007 client patch will NOT resolve the issue. The KB977203 ConfigMgr 2007 client patch will only resolve any certificates that may be generated again in the future. It does NOT fix the current ConfigMgr 2007 client certificates on the PC nor does it regenerate them.

To fix the current ConfigMgr 2007 client certificates on the PC, run the CCMCertFix.exe utility from KB977203 on the client PC. Running the CCMCertFix.exe utility on a client PC fixes the currently installed self-signed certificates that were originally auto generated by the ConfigMgr 2007 client.

To resolve the problem during the Task Sequence, the CCMCertFix.exe utility from KB977203 needs to be run on the client PC BEFORE the Task Sequence is started. Running CCMCertFix.exe utility on the client PC will fix the ConfigMgr 2007 client certificates and will allow the certificates to migrate over to the new Windows OS successfully.

To resolve the problem:

  1. Using normal Software Distribution, deploy the Package and Program KB977203 - Advanced Client Hotfix created by the KB977203 installation on the site server to all client PCs in the environment. This will ensure that if the ConfigMgr 2007 client certificate is ever regenerated, it will be generated correctly without an embedded NULL character in the friendly name. For detailed instructions, please read the file ACReadme.txt which is located in the same directory as the CCMCertfix.exe utility.

  2. Using normal Software Distribution, create a Package and Program with the CCMCertFix.exe utility from KB977203. Once the package is created, run the Package and Program that runs CCMCertFix.exe on all client PCs in the environment. For detailed instructions, please read the file readme_ccmcertfix.txt which is located in the same directory as the CCMCertfix.exe utility.

  3. If distribution of the CCMCertFix.exe utility is not possibly using normal Software Distribution, run the CCMCertFix.exe utility BEFORE starting the Task Sequence. It cannot be run as part of the Task Sequence as this will NOT resolve the problem. Running of the CCMCertFix.exe utility before starting the Task Sequence can be performed either manually or by setting the Task Sequence to automatically run another program before it begins. To set the Task Sequence to automatically run another program before it begins:

    1. Using normal Software Distribution, create a Package and Program with the CCMCertFix.exe utility from KB977203.

    2. Right click on the Task Sequence and choose "Properties".

    3. Click on the "Advanced" tab.

    4. Click on the option "Run another program first:", and then select the Package and Program from Step 1.

      This method will automatically run the CCMCertFix.exe utility outside of the Task Sequence and before the Task Sequence begins.


If the Package and Program "KB977203 - Advanced Client Hotfix" created by the KB977203 installation on the site server cannot be run using normal Software Distribution, it is advisable to install the KB977203 ConfigMgr 2007 client patch during the Task Sequence using the method described in the KB977203 article. However, it is not necessary to install the KB977203 ConfigMgr 2007 client patch during the Task Sequence to actually fix the problem described in this article. The main reason for doing so is to prevent issues from occurring in the future.

↑ Back to the top

Keywords: vkball, kb

↑ Back to the top

Article Info
Article ID : 2028442
Revision : 1
Created on : 1/8/2017
Published on : 9/4/2010
Exists online : False
Views : 139