We have had some policy issues again. This all started around November 14th when we starting having falures in our OSD environment. The logs were showing:
1 2 3 4 5 6 7 8 9 10 11 12 13 |
12/10/2013 2:22:52 AM 2064 (0x0810) Failed to invoke Execution Manager to Install Software for PackageID='XXX00086' ProgramID='HUMINST-SMSNomad' AdvertID='XXX21109' hr=0x87d02004 12/10/2013 2:22:52 AM 2064 (0x0810) InstallSoftware failed, hr=0x87d02004 12/10/2013 2:22:52 AM 2064 (0x0810) 0, HRESULT=87d02004 (e:nts_sccm_releasesmsclientosdeploymentinstallsoftwareinstallsoftware.cpp,777) 12/10/2013 2:22:52 AM 2064 (0x0810) Entering ReleaseSource() for \Server871.rsc.comSMSPKGF$XXX00086 12/10/2013 2:22:52 AM 2064 (0x0810) reference count 1 for the source \Server871.rsc.comSMSPKGF$XXX00086 before releasing 12/10/2013 2:22:52 AM 2064 (0x0810) Released the resolved source \Server871.rsc.comSMSPKGF$XXX00086 12/10/2013 2:22:52 AM 2064 (0x0810) pInstall->Install(sPackageID, sProgramName), HRESULT=87d02004 (e:nts_sccm_releasesmsclientosdeploymentinstallsoftwaremain.cpp,361) 12/10/2013 2:22:52 AM 2064 (0x0810) Install Software failed, hr=0x87d02004 12/10/2013 2:22:52 AM 2544 (0x09F0) Process completed with exit code 2278563844 12/10/2013 2:22:52 AM 2544 (0x09F0) !--------------------------------------------------------------------------------------------! 12/10/2013 2:22:52 AM 2544 (0x09F0) Failed to run the action: Install Tivoli ESSO Agent. The software distribution policy was not found. (Error: 87D02004; Source: CCM) 12/10/2013 2:22:52 AM 2544 (0x09F0) MP server http://Server.RSC.COM. Ports 80,443. CRL=false. |
Now, this was happening in one of our two primary sites. The other site has more clients in it, but it ran without fail. So, we got Microsoft involved. To start off with, we wanted to get some more verbose logging so we went to the child primary site server and made some changes in the registry. First, we changed HKLMSoftwareMicrosoftSMSTracing and set SqlEnabled from 0 to 1. Then we went to HKLMSoftwareMicrosoftSMSTracingSMS_Policy_Providor and set DebugLogging from 0 to 1 and Logging level from 1 to 0. We then bounced SMSExec service.
After recreating the issue and collecting the logs, Microsoft informed us:
I see you are hitting a distinct problem that is addressed in CU3. Please install CU3 to resolve this issue. There is an article scheduled to be written but has not been written yet, here is the article number for your reference: 2857452
The indicator is here:
1 |
Deleting policy 'CAS21136-CAS00487-C48BE8D2' version '1.00' PolicyAgent_PolicyDownload 11/26/2013 12:48:38 PM 4252 (0x109C) |
And here:
1 |
Policy [CCM_Policy_Policy5.PolicyID="Windows/x64_Windows_XP_Professional_SP2/VI/VS",PolicySource="SMS:SDC",PolicyVersion="1.00"] <b>is pointing to invalid DTS job</b> [{C765A805-08E7-4F33-B689-E32E2BEC1E3B}]. Will attenpt to re-download PolicyAgent_RequestAssignments 11/26/2013 8:23:23 AM 7072 (0x1BA0) |
The cause was expalined as :
Following the deployment of the image to an existing machine the client starts a number of DTS jobs to download updated policy. The policy begins to download and at some point a change is detected to the CCM_PolicyAgent_Configuration
At this point there is a possibility that some DTS jobs have completed but not yet processed. When the PolicyAgent_PostStartup task executes and attempts to check the progress of the DTS jobs for the pending policy downloads. The client fails to find the DTS job because it has already completed and concludes that the policy download should be invalidated.