Environment- SCCM 2012 R2 SP1
Issue- Clients in trusted domains not auto approving or converting from approved to not approved.
Error / Verbose Logging:
[RegTask] – Client is not registered. Sending registration request for GUID:XXX
[RegTask] – Client is registered. Server assigned ClientID is GUID:XXX. Approval status 0
Create Collection with Direct Query rule for Unapproved clients:
select SYSTEM.ResourceID,SYSTEM.ResourceType,SYSTEM.Name,SYSTEM.SMSUniqueIdentifier,SYSTEM.ResourceDomainORWorkgroup,SYSTEM.Client from SMS_R_System as system join SMS_FullCollectionMembership as collection on system.ResourceID = collection.ResourceID where collection.IsApproved=0
Clients that are not approved:
Validate Hierarchy setting “Client Approval and Conflicting Records”. “Manually approve each computer” should not be selected and “Automatically resolve conflicting records” should be selected.
Validate on ALL SCCM Management points IIS settings under CCM_System_WindowsAuth Authentication that “Windows Authentication” is Enabled, and “Anonymous Authentication” is disabled. The root cause in this instance was “Anonymous Authentication” was enabled.
“Anonymous Authentication” was enabled due to Microsoft troubleshooting a WSUS issue on the management point, in which they forgot to disable it after their test. You gota watch these support engineers, they are only human.