ConfigMgr Remote Tools problems

If you are experiencing some issues trying to use the remote tools feature of System Center Configuration Manager 2007 on some machines and also deploying to some machines, check All Status messages in ConfigMgr.

If you see the errors…

“The ConfigMgr Advanced Client received policy that could not be verified. For more information see PolicyAgent.log on the client machine.”

and

“The ConfigMgr Advanced Client rejected the site server signing certificate due to a trust related failure (0x800b0109).”


Try this…

On the computer in question you need to edit the registry. To do this remotely you must ensure the ‘Remote Registry’ service is running on the machine, this is started by default in Windows XP.

Open regedit on your machine, click File, Connect Network registry…

Browse the registry (of the remote machine) to the following location…

For an x64 machine – HKLM\Software\WOW6432Node\Microsoft\CCM\Security

For an x86 machine – HKLM\Software\Microsoft\CCM\Security

You will need to compare the values in the AllowedRootCAHashCode an the SigningCertificate key with a known working machine. You can then simply copy the values from the known working machine into the keys on the faulty one.

Once you have done this you will need to re-install the client ConfigMgr as normal (right click the system in All Systems collection, Install Client, Next, tick Always Install, Next Finish).

Once this is is complete you should now find your remote tools works. If the client is Vista/Windows 7 then don’t forget to stop the remote registry service again.