However, I've hit a wall when switching the MP over to HTTPS. The clients still continue to use HTTP! For the record, the overall Client Security settings are still set to 'HTTP or HTTPS' (without Enhanced HTTP turned on). From CCMEVAL I can see that it clearly tries to use HTTP. Client is set to use HTTPS when available. The current state is 480.The CMG connection analyzer tool fails when testing the CMG channel for a management point that uses a replica database. Errors resembling the following are recorded in the CCM_STS.log Return code: 500, Description: Failed to get info from DB, System.Data.SqlClient.SqlException (0x80131904): Invalid object name 'fn_GetUserResourceMapping'. Hello guys, Since two days ago, our Windows 10 client computers stopped reporting currently logged on users and are showing offline, although they're..Specify a name and select Cloud Management, click Next. In this step, the Azure Administrator will be required to create the web app and native client app. Click on Browse for the Web app. Click on Create. Click the Sign in and provide Azure administrator credentials. Default names do just fine.It works fine by changing the "UserCost" value as '0', after that CM client installation gets worked.May 19, 2020 · Failed to get ConfigMgr token with Azure AD token. Status code is '401' and status description is 'CMGConnector_Unauthorized'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The CRL is not reachable from internet so I disabled CRL check on the site and during setup. Does it matter if I disabled CRL checking on site after everything was setup I can't exactly remember when I changed the setting.Locationservices.log indicates "Failed to get CMG metadata 0x87d00231" and if I restart the smsagent service while internet connected I'm seeing what looks like it's referencing a certificate error: Successfully queued event on HTTP/HTTPS failure for server 'CMG.CENTRALUS.CLOUDAPP.AZURE.COM'.MCSE Cloud Platform and Infrastructure. MCSE: Mobility. MCSE: Data Management and Analytics. MCSE Productivity. Find technical communities in your area. MSDN Forums. Security Bulletins & Advisories. Microsoft Community Forums.Hi, I have configured a CMG and deployed to PKI certificate to Client for authentication. However still clients not get registered through CMG. Please help. Location Service ...Apr 10, 2019 · Failed to get ConfigMgr token with Azure AD token. Status code is '403' and status description is 'CMGConnector_Un-authorizedrequest'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Un-authorizedrequest'. Morning, I'm pushing out client to some of our DMZ servers. Client installation finished successfully as far as I can see from ccmsetup.log file. Investigating further, I noticed I kept getting the following in ClientIDManagerStartup.log: RegTask: Failed to send registration request message. Error: 0x87d00231.Failed to get ConfigMgr token with Azure AD token. Status code is '401' and status description is 'CMGConnector_Unauthorized'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Unauthorized'.The first thing we checked here is the port 443 connectivity from this test machine to the CMG public IP using the port query UI tool. Port connectivity was fine, and it was listening for port 443 without any issue. After hours of troubleshooting, we identified that the PKI infrastructure has multiple CAs.In the Configuration Manager console, go to Administration > Site Configuration > Servers and Site System Roles, and then select <SiteSystemName> in the right pane. In the bottom pane, right-click Software Update Point and then click Properties. On the General tab, specify or verify the WSUS configuration port numbers.It works fine by changing the "UserCost" value as '0', after that CM client installation gets worked.You would have to examine a combination of various logs to get an idea what was happening (CLientIDManagerStartup.log on the client, IIS logs, mpcontrol.log and MP_ClientRegistration.log on the MP). 0x80072efe = "The connection with the server was terminated abnormally". This basically equates to something somewhere outside of ConfigMgr's ...The Application Catalog role configured an IIS redirect on the default web site so that all requests to the server were getting redirected to the Application catalog. Simply disabling the redirect and restarting IIS was enough to get our client install working across the CMG using AAD authentication with no PKI required.However, I've hit a wall when switching the MP over to HTTPS. The clients still continue to use HTTP! For the record, the overall Client Security settings are still set to 'HTTP or HTTPS' (without Enhanced HTTP turned on). From CCMEVAL I can see that it clearly tries to use HTTP. Client is set to use HTTPS when available. The current state is 480. Jul 22, 2019 · My lab recently started playing up when I noticed clients weren’t receiving any new policies. TDLR (it’s not even that long!): a while ago I moved my SUP/WSUS off host from the site server that also hosted a MP. The Application Catalog role configured an IIS redirect on the default web site so that all requests to the server were getting redirected to the Application catalog. Simply disabling the redirect and restarting IIS was enough to get our client install working across the CMG using AAD authentication with no PKI required.Apr 9, 2021 · Good afternoon Team. I hope you are well. I have a question, in my client we are installing the client via client push, at the end gives me as code 0 but the client still does not register. When reviewing the log file… Nov 9, 2022 · Error: 0x87d00231 ClientIDManagerStartup 08/11/2022 5:49:12 PM 5540 (0x15A4) RegTask: Failed to send registration request. Error: 0x87d00231 ClientIDManagerStartup 08/11/2022 5:49:12 PM 5540 (0x15A4) [RegTask] - Sleeping for 60 seconds ... Good afternoon Everyone! So my SCCM client will not install nor adequately communicate with any systems that did not already have the client installed prior to my MP failing. Luckily I fixed my MP, but I can only communicate with clients that were previously installed. And it communicates... My lab recently started playing up when I noticed clients weren’t receiving any new policies. TDLR (it’s not even that long!): a while ago I moved my SUP/WSUS off host from the site server that also hosted a MP.Cloud Management Gateway - client side problems. SOLVED It seems like it solved itself or by me rebooting the primary site server and/or the CMG. CMG is set up in our CM 1910 env by using a public wildcard certificate. That is all green in the console, as well as the CMG connection point. We are using Enhanced HTTP and hope to use AAD identity ...Feb 2, 2021 · Feb 2, 2021, 2:30 AM. Hi all, We have SCCM 2002 , after the CMG implementation , when we force the client to internet , sccm client not reporting to SCCM site server, with below error , any suggestion pls. Failed to get CMG metadata 0x87d00227. Failed to get management points from XXXXX. Error 0x87d00227. Jun 21, 2020 · we do have the cmg configured as a distribution point. CMG distro was up and working prior to the upgrade, however this would be the first time a client upgrade would have happened over cmg. we now have around 20 devices with a client, however I believe these were likely devices that came back on the intranet and got the client while onsite. Jul 21, 2023 · The Clients use internal PKI certs and CMG uses a public wildcard cert. When I put one of the Clients on the Internet and tried to get an app installed, the attempt failed, as well, the Client went grey in SCCM console. I checked the Client settings and found it knows about CMG, but cannot connect to it. in ccmMessaging.log I saw: Unfortunately, 0x87d00231 is a fairly generic error message that pretty much just means “something went wrong”. If you Google it, you will see a variety of solutions ranging from reinstalling the client to checking your PKI environment is functioning correctly or checking the health of your Management Point (s).Posts about 0x87d00231 written by Leldance40k. I am torn between two lines of thought. It’s down to the “No CRL checking” option being set on the Config Manager site server; whilst this may bypass some CRL “stuff”, it’s needed for to get other things going. The CMG connection analyzer tool fails when testing the CMG channel for a management point that uses a replica database. Errors resembling the following are recorded in the CCM_STS.log Return code: 500, Description: Failed to get info from DB, System.Data.SqlClient.SqlException (0x80131904): Invalid object name 'fn_GetUserResourceMapping'. I think the issue is with client to MP communication. Are you using any proxy within the network is blocking traffic on port 80 ?. Because i see that when you browse through the URL that you specified, you get ERROR_WINHTTP_CONNECTION_ERROR. What's in the ClientIDManagerStartup.log ?. Can you upload that file ?.Apr 10, 2019 · Failed to get ConfigMgr token with Azure AD token. Status code is '403' and status description is 'CMGConnector_Un-authorizedrequest'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Un-authorizedrequest'. The CMG connection analyzer tool fails when testing the CMG channel for a management point that uses a replica database. Errors resembling the following are recorded in the CCM_STS.log Return code: 500, Description: Failed to get info from DB, System.Data.SqlClient.SqlException (0x80131904): Invalid object name 'fn_GetUserResourceMapping'. Feb 2, 2021, 2:30 AM Hi all, We have SCCM 2002 , after the CMG implementation , when we force the client to internet , sccm client not reporting to SCCM site server, with below error , any suggestion pls Failed to get CMG metadata 0x87d00227 Failed to get management points from XXXXX. Error 0x87d00227 Not Monitored Sign in to follow 0 commentsHello guys, Since two days ago, our Windows 10 client computers stopped reporting currently logged on users and are showing offline, although they're..Jun 9, 2022 · In the SCCM CB console, choose Administration. 2. In the Administration workspace, expand Site Configuration, choose Sites, and then choose the primary site server. 3. Right-click on the Primary site server, choose Properties and choose the Client Computer Communication tab. You would have to examine a combination of various logs to get an idea what was happening (CLientIDManagerStartup.log on the client, IIS logs, mpcontrol.log and MP_ClientRegistration.log on the MP). 0x80072efe = "The connection with the server was terminated abnormally". This basically equates to something somewhere outside of ConfigMgr's ...Apr 14, 2020 · Cloud Management Gateway Choices. In most ways, a Cloud Management Gateway (CMG) in Microsoft Endpoint Configuration Manager (ConfigMgr) greatly simplifies any organization’s path to managing their Internet-connected Windows systems. Namely, you don’t have to worry about adding any on-premises infrastructure. Oct 3, 2022 · Choose the certificate type. Globally unique name. Issue the certificate. Create a DNS CNAME alias. Next steps. Applies to: Configuration Manager (current branch) The first step when you set up a cloud management gateway (CMG) is to get the server authentication certificate. The CMG creates an HTTPS service to which internet-based clients ... You would have to examine a combination of various logs to get an idea what was happening (CLientIDManagerStartup.log on the client, IIS logs, mpcontrol.log and MP_ClientRegistration.log on the MP). 0x80072efe = "The connection with the server was terminated abnormally". This basically equates to something somewhere outside of ConfigMgr's ...Go to Monitoring / Cloud Management. Natiguate to the bottom of the Dashboard, in the Cloud Management Gateway Statistics section. From there you can validate that there’s some client communicating and their authentication methods. If there’s anything wrong, the next step is to use the Cloud Management Gateway Connection Analyser.Failed to get ConfigMgr token with Azure AD token. Status code is '401' and status description is 'CMGConnector_Unauthorized'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Unauthorized'. CMG Connection point. CMG status is ready and connection point is in Connected status. On the client machine--> Control panel--> Configuration Manager-->Network tab shows the Internet-based MP FQDN correctly which is the CMG. Assigned the new MP site system to the boundary group and confirmed that the client is able to identify the available MPs.Max 10 retries. ccmsetup 2020-07-20 10:29:09 5876 (0x16F4) Updated security on object C:\Windows\ccmsetup\. ccmsetup 2020-07-20 10:29:09 5876 (0x16F4) Sending state '100'... ccmsetup 2020-07-20 10:29:09 5876 (0x16F4) Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0 ccmsetup 2020-07-20 10:29:09 5876 (0x16F4) Failed to get client ...RegTask: Failed to send registration request message. Error: 0x87d00231 ClientIDManagerStartup 3/3/2020 9:45:48 AM 26272 (0x66A0) RegTask: Failed to send registration request. Error: 0x87d00231 ClientIDManagerStartup 3/3/2020 9:45:48 AM 26272 (0x66A0) Nov 9, 2022 · Error: 0x87d00231 ClientIDManagerStartup 08/11/2022 5:49:12 PM 5540 (0x15A4) RegTask: Failed to send registration request. Error: 0x87d00231 ClientIDManagerStartup 08/11/2022 5:49:12 PM 5540 (0x15A4) [RegTask] - Sleeping for 60 seconds ... Oct 27, 2018 · Expert-led, virtual classes. Microsoft Virtual Academy. Free Windows Server 2012 courses. Microsoft Official Courses On-Demand. MCSE Cloud Platform and Infrastructure. MCSE: Mobility. MCSE: Data Management and Analytics. MCSE Productivity. Find technical communities in your area. In the Site Properties under client communications the option 'Check CRL' was checked. In our environment the CRL is not published. This setting caused the authentication to fail as it is unable to retrieve the CRL information. After unchecking that option and reinstalling the SCCM agent from the primary site, the authentication is now working.Failed to get ConfigMgr token with Azure AD token. Status code is '403' and status description is 'CMGConnector_Un-authorizedrequest'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Un-authorizedrequest'.Nov 27, 2017 · but the client did not get it !!! what could be the issue? in ClientIDManagerStartup.log [RegTask] - Client is not registered. Sending registration request for GUID:0F401FC7-A72A-468C-8949-D07C22A761D0 ... ClientIDManagerStartup 11/20/2017 3:58:31 PM 2888 (0x0B48) RegTask: Failed to send registration request message. Oct 3, 2022 · Choose the certificate type. Globally unique name. Issue the certificate. Create a DNS CNAME alias. Next steps. Applies to: Configuration Manager (current branch) The first step when you set up a cloud management gateway (CMG) is to get the server authentication certificate. The CMG creates an HTTPS service to which internet-based clients ... Failed to get ConfigMgr token with Azure AD token. Status code is '403' and status description is 'CMGConnector_Un-authorizedrequest'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Un-authorizedrequest'.Sep 27, 2020 · CMG Connection point. CMG status is ready and connection point is in Connected status. On the client machine--> Control panel--> Configuration Manager-->Network tab shows the Internet-based MP FQDN correctly which is the CMG. Assigned the new MP site system to the boundary group and confirmed that the client is able to identify the available MPs. Jun 21, 2020 · we do have the cmg configured as a distribution point. CMG distro was up and working prior to the upgrade, however this would be the first time a client upgrade would have happened over cmg. we now have around 20 devices with a client, however I believe these were likely devices that came back on the intranet and got the client while onsite. Failed to get ConfigMgr token with Azure AD token. Status code is '403' and status description is 'CMGConnector_Un-authorizedrequest'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Un-authorizedrequest'.ClientIDManagerStartup 3/16/2018 9:13:33 AM 7968 (0x1F20) CCM Identity is in sync with Identity stores ClientIDManagerStartup 3/16/2018 9:13:33 AM 7968 (0x1F20) Begin searching client certificates based on Certificate Issuers ClientIDManagerStartup 3/16/2018 9:13:33 AM 7968 (0x1F20) Certificate Issuer 1 [CN=Entrust Root Certification Authority ...The Clients use internal PKI certs and CMG uses a public wildcard cert. When I put one of the Clients on the Internet and tried to get an app installed, the attempt failed, as well, the Client went grey in SCCM console. I checked the Client settings and found it knows about CMG, but cannot connect to it. in ccmMessaging.log I saw:Failed to get ConfigMgr token with Azure AD token. Status code is '401' and status description is 'CMGConnector_Unauthorized'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Unauthorized'. Unexpected response status code is NameResolutionFailure. For more information, Configuration version of the CMG service should be 1. Failed to get CMG service metadata. For more information, There is no CMG connection point configured to connect to the CMG service. There is no site system roles enabled for the CMG service. Jul 21, 2023 · The Clients use internal PKI certs and CMG uses a public wildcard cert. When I put one of the Clients on the Internet and tried to get an app installed, the attempt failed, as well, the Client went grey in SCCM console. I checked the Client settings and found it knows about CMG, but cannot connect to it. in ccmMessaging.log I saw: The Application Catalog role configured an IIS redirect on the default web site so that all requests to the server were getting redirected to the Application catalog. Simply disabling the redirect and restarting IIS was enough to get our client install working across the CMG using AAD authentication with no PKI required.Nov 27, 2017 · but the client did not get it !!! what could be the issue? in ClientIDManagerStartup.log [RegTask] - Client is not registered. Sending registration request for GUID:0F401FC7-A72A-468C-8949-D07C22A761D0 ... ClientIDManagerStartup 11/20/2017 3:58:31 PM 2888 (0x0B48) RegTask: Failed to send registration request message. After the process of installing the workgroup clients in the internal network is completed and the clients go to the Internet, they are unable to communicate the cmg. I think the root problem is that they were unable to register to the internal MP-HTTPS server during the task and get the token. PKI cert for cmg issued from our internal CA. Feb 2, 2021 · Feb 2, 2021, 2:30 AM. Hi all, We have SCCM 2002 , after the CMG implementation , when we force the client to internet , sccm client not reporting to SCCM site server, with below error , any suggestion pls. Failed to get CMG metadata 0x87d00227. Failed to get management points from XXXXX. Error 0x87d00227. Posts about 0x87d00231 written by Leldance40k. I am torn between two lines of thought. It’s down to the “No CRL checking” option being set on the Config Manager site server; whilst this may bypass some CRL “stuff”, it’s needed for to get other things going. Apr 10, 2019 · Failed to get ConfigMgr token with Azure AD token. Status code is '403' and status description is 'CMGConnector_Un-authorizedrequest'. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: 'Un-authorizedrequest'. After upgrading from SCCM 2203 to 2207, the upgrade failed, we were getting an error, failed to update key vault, bad request. so in an effort to work around the problem, we decided we could try to tear out the existing CMG and reimplement using all new names and to a new resource group, However, the new cmg fails to deploy with the same exact ...After upgrading from SCCM 2203 to 2207, the upgrade failed, we were getting an error, failed to update key vault, bad request. so in an effort to work around the problem, we decided we could try to tear out the existing CMG and reimplement using all new names and to a new resource group, However, the new cmg fails to deploy with the same exact ...Jul 22, 2019 · My lab recently started playing up when I noticed clients weren’t receiving any new policies. TDLR (it’s not even that long!): a while ago I moved my SUP/WSUS off host from the site server that also hosted a MP. Sounds like you need to reconfigure it to use HTTPS. We've resolved this, apparently it was becuase we needed to use /mp: https://SCCMServer.FQDN for an install parameter. We were missing the "https://" previously.Mar 5, 2020 · One of our stations fails to connect to SCCM, the log errors are: RegTask: Failed to send registration request message. Error: 0x87d00231. RegTask: Failed to send registration request. Error: 0x87d00231. If this is related then the MP is set to HTTP. I’m paranoid. We recently upgraded our site to ConfigMgr 2002, first fast ring, then the hotfix. We also installed a Cloud Management Gateway, re-worked our Boundary Groups to handle VPN better, added a second Management Point and generally made a butt-load of changes to our environment to help our remote clients have access to content more easily.Good afternoon Everyone! So my SCCM client will not install nor adequately communicate with any systems that did not already have the client installed prior to my MP failing. Luckily I fixed my MP, but I can only communicate with clients that were previously installed. And it communicates...Nov 9, 2022 · Error: 0x87d00231 ClientIDManagerStartup 08/11/2022 5:49:12 PM 5540 (0x15A4) RegTask: Failed to send registration request. Error: 0x87d00231 ClientIDManagerStartup 08/11/2022 5:49:12 PM 5540 (0x15A4) [RegTask] - Sleeping for 60 seconds ... RegTask: Failed to refresh site code. Error: 0x8000ffff ClientIDManagerStartup 23/08/2021 14:39:42 14956 (0x3A6C) Sleeping for 289 seconds before refreshing location services. ClientIDManagerStartup 23/08/2021 14:39:43 14956 (0x3A6C) LocationService.Log - Security settings update detected, restarting CcmExec.Jun 27, 2021 · Hi, I have installed in our environment SCCM CMG and the client is unable to receive software updates. This is what I see in WUAHandler.log: Its a WSUS Update Source type ({A4BF5916-DF74-44C1-BF58-68AE14A43278}), adding it. … This check occurs every 25 hours, when the SMS Agent Host service starts or when it detects a network change. When the client connects to the site and learns of a CMG, it automatically updates this valu e. After learning about CMG, Internet Management Point values will be updated. SCCM Client side log validation
Since we are using Internal PKI cert on CMG, I have exported the Root certificate and imported into DMZ server, Installation went fine and client was able to communicate well after the installation. It received all policies and able to push software updates/apps.. Scooby doo rule 34
Since we are using Internal PKI cert on CMG, I have exported the Root certificate and imported into DMZ server, Installation went fine and client was able to communicate well after the installation. It received all policies and able to push software updates/apps. Locationservices.log indicates "Failed to get CMG metadata 0x87d00231" and if I restart the smsagent service while internet connected I'm seeing what looks like it's referencing a certificate error: Successfully queued event on HTTP/HTTPS failure for server 'CMG.CENTRALUS.CLOUDAPP.AZURE.COM'.Post to https:///ccm_system/request failed with 0x87d00231. LOCATIONSERVICES: Unable to retrieve AD site membershipJul 22, 2019 · My lab recently started playing up when I noticed clients weren’t receiving any new policies. TDLR (it’s not even that long!): a while ago I moved my SUP/WSUS off host from the site server that also hosted a MP. The first thing we checked here is the port 443 connectivity from this test machine to the CMG public IP using the port query UI tool. Port connectivity was fine, and it was listening for port 443 without any issue. After hours of troubleshooting, we identified that the PKI infrastructure has multiple CAs.CMG Connection point. CMG status is ready and connection point is in Connected status. On the client machine--> Control panel--> Configuration Manager-->Network tab shows the Internet-based MP FQDN correctly which is the CMG. Assigned the new MP site system to the boundary group and confirmed that the client is able to identify the available MPs.The ping test will fail, that’s normal, but it should still resolve the cmg host name with an ip. If you see a warning in the browser it means that your device does not trust the cmg server authentication certificate, you’ll have to fix that issue first. Your device needs a client auth cert that chains to the same root.Press J to jump to the feed. Press question mark to learn the rest of the keyboard shortcutsThis check occurs every 25 hours, when the SMS Agent Host service starts or when it detects a network change. When the client connects to the site and learns of a CMG, it automatically updates this valu e. After learning about CMG, Internet Management Point values will be updated. SCCM Client side log validation Prajwal Desai is a Microsoft MVP in Intune and SCCM. He writes articles on SCCM, Intune, Windows 365, Azure, Windows Server, Windows 11, WordPress and other topics, with the goal of providing people with useful information.In here your CMG certificate chain should include the correct certificate chain. as you can see in the illustration, the issuer of this certificate can’t be found, and as such our trust is broken. To fix the issue, copy and import your missing root certificate(s) to the Azure cloud management gateway server.Mar 19, 2018 · ClientIDManagerStartup 3/16/2018 9:13:33 AM 7968 (0x1F20) CCM Identity is in sync with Identity stores ClientIDManagerStartup 3/16/2018 9:13:33 AM 7968 (0x1F20) Begin searching client certificates based on Certificate Issuers ClientIDManagerStartup 3/16/2018 9:13:33 AM 7968 (0x1F20) Certificate Issuer 1 [CN=Entrust Root Certification Authority ... Post to https:///ccm_system/request failed with 0x87d00231. LOCATIONSERVICES: Unable to retrieve AD site membershipMax 10 retries. ccmsetup 2020-07-20 10:29:09 5876 (0x16F4) Updated security on object C:\Windows\ccmsetup\. ccmsetup 2020-07-20 10:29:09 5876 (0x16F4) Sending state '100'... ccmsetup 2020-07-20 10:29:09 5876 (0x16F4) Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 0 ccmsetup 2020-07-20 10:29:09 5876 (0x16F4) Failed to get client ...Hi, I have configured a CMG and deployed to PKI certificate to Client for authentication. However still clients not get registered through CMG. Please help. Location Service ...If so, please check if the SSL certificate common name (host name field) is correct and the hostname the client is connecting to is matched with the certificate's subject or subject alternate name. It is recommended that we could check the certificate and use the FQDN of the server in the Common Name section.Jul 20, 2018 · Failed to get ConfigMgr token with Azure AD token. Status code is ‘503’ and status description is ‘CMGConnector_ServiceUnavailable’. A possible reason for this failure is the CMG connection point failed to forward the message to the management point. The management point returned the following error: ‘ServiceUnavailable’. Dec 10, 2013 · Hi All, I uncheck the check box from Site Properties which disable CRL check. I reinstalled client with SMSMP and /NoCRLCheck switches and Client is now appearing in the Console as Active. Unfortunately, 0x87d00231 is a fairly generic error message that pretty much just means “something went wrong”. If you Google it, you will see a variety of solutions ranging from reinstalling the client to checking your PKI environment is functioning correctly or checking the health of your Management Point (s).Jul 22, 2019 · My lab recently started playing up when I noticed clients weren’t receiving any new policies. TDLR (it’s not even that long!): a while ago I moved my SUP/WSUS off host from the site server that also hosted a MP. .