SCCM: MP has rejected the request because CD(SMSID = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx) certificate has expired

This time I was working with a customer on a System Center Configuration Manager Update. The error message was: “MP has rejected the request because CD(SMSID = blablabla) certificate has expired. For a few minutes I had an idea that this could be a broken client (long day), this lead me into the SCCM database for troubleshooting.

ClientAuth.log showed error:

Client ‘cbc4f875-1194-401f-b979-890454806b5a’ is unknown or has an invalid key registered in the database.

Status Message Warning (SMS_MP_Control_Manager):

IMG1

The ”ClientKeyData” Table in the SCCM database contains information, about internal SCCM certificates like PXE but also self-signed client certificates.

I ran this SQL Query: “select SMSID,ValidUntil,AgentType from dbo.ClientKeyData” this returned the SMSID alerted in the Status Message. I also noticed that AgentType was set to 1, this seems to be 1 if it’s related to SCCM servers or roles.

IMG2

This lead me into the SCCM certificates, I found that one of the PXE certificates on a DP had expired. Easy fix but a backwards way to find out. Therefore, if you ever see this warning I recommend you to check the certificates node in the monitoring tab in SCCM first.

IMG3

3 thoughts on “SCCM: MP has rejected the request because CD(SMSID = xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxxx) certificate has expired

      • Found Certificates under Administration -> Security.. Far far from the pointed in the article.. TThe SMSID is not there tho 🙁

Leave a Reply

Your email address will not be published.