We had recently added a new role (WAP) to one of our servers, the meant adding a new SSL cert. Now I am unsure if it was this process that caused the issue but this unfortunately knocked out this servers SCCM client cert! It took me quite a while to figure this one out but after a few reinstalls of the client I noticed that only a handful of client logs were being created and sure enough the policies were never being requested and notified on the server console. I started watching the logs to see which ones were updated last and happened upon the ClientlDManagerStartup.log. After having a peruse through that I noticed the below which caught my eye:
I have just blanked out the name of the server. The bottom line interested me and just didn’t quite look right – why would it be using the cert for the ADFS Proxy Trust? I checked another servers logs and noted it was using the normal computer certificate. So I hopped back on and checked MMC on the broken server – yep we were missing a client cert! We have an online CA so I ran through the wizard and requested a client certificate for SCCM. After the logs looked much more pleasing:
And sure enough after a machine policy refresh all the actions reappeared and the client updated successfully in the console.
Hope it helps!