Environment- SCCM 2012 R2 SP1

Issue- Clients in trusted domains not auto approving or converting from approved to not approved.

Error / Verbose Logging:

[RegTask] – Client is not registered. Sending registration request for GUID:XXX

[RegTask] – Client is registered. Server assigned ClientID is GUID:XXX. Approval status 0

ClientIDManagerStartup.log

 

Create Collection with Direct Query rule for Unapproved clients:

select SYSTEM.ResourceID,SYSTEM.ResourceType,SYSTEM.Name,SYSTEM.SMSUniqueIdentifier,SYSTEM.ResourceDomainORWorkgroup,SYSTEM.Client from SMS_R_System as system join SMS_FullCollectionMembership as collection on system.ResourceID = collection.ResourceID where collection.IsApproved=0

Clients that are not approved:

ss-0

Link

Troubleshooting Steps-

Validate Hierarchy setting “Client Approval and Conflicting Records”.  “Manually approve each computer” should not be selected and “Automatically resolve conflicting records” should be selected.

screenshot_1

link

Validate on ALL SCCM Management points IIS settings under CCM_System_WindowsAuth  Authentication that “Windows Authentication” is Enabled, and “Anonymous Authentication” is disabled.  The root cause in this instance was “Anonymous Authentication” was enabled.

screenshot_2

link

Conclusion

“Anonymous Authentication” was enabled due to Microsoft troubleshooting a WSUS issue on the management point, in which they forgot to disable it after their test.  You gota watch these support engineers, they are only human.

-EOL-