|
| 1 | +--- |
| 2 | +title: Client registration fails after updating to Configuration Manager current branch, version 2203 |
| 3 | +titleSuffix: Configuration Manager |
| 4 | +description: Client registration fails in Configuration Manager 2203 |
| 5 | +ms.date: 05/23/2022 |
| 6 | +ms.prod: configuration-manager |
| 7 | +ms.technology: configmgr-core |
| 8 | +ms.topic: reference |
| 9 | +ms.assetid: 18919f4e-e479-484a-902f-6d49c58c1448 |
| 10 | +author: bhuney |
| 11 | +ms.author: brianhun |
| 12 | +manager: dougeby |
| 13 | +--- |
| 14 | +# Registration fails for PKI clients after updating to Configuration Manager current branch, version 2203 |
| 15 | + |
| 16 | +*Applies to: Configuration Manager (current branch, version 2203)* |
| 17 | + |
| 18 | +## Summary of KB14480034 |
| 19 | +After updating to Configuration Manager current branch, version 2203, the registration process fails for clients using public key infrastructure (PKI) for client authentication if they are unable to authenticate against the domain. This affects the following scenarios: |
| 20 | + |
| 21 | + - Newly installed workgroup clients using PKI. |
| 22 | + - Clients that are joining an AD or Azure AD domain for the first time, generating a new device identity. |
| 23 | + - Existing clients that are trying to renew their client authentication certificate. |
| 24 | + |
| 25 | +When this issue happens, the following error is logged in the DDM.log file on the site server for each affected client. |
| 26 | + ```textgit s |
| 27 | + ClientIdentity is not a hex string |
| 28 | + The registration record is not valid. Bad RDR |
| 29 | + ``` |
| 30 | +The .RDR file(s) will be moved to *..\auth\ddm.box\regreq\bad_ddrs* on the site server. |
| 31 | + |
| 32 | +## Update information for Microsoft Endpoint Configuration Manager, version 2203 |
| 33 | +An update to resolve this issue is available in the **Updates and Servicing** node of the Configuration Manager console for environments that installed version 2203. |
| 34 | +Customers using the early update ring version must first install the following update: |
| 35 | +- KB [13953025](../../hotfix/2203/13953025.md): Update for Microsoft Endpoint Configuration Manager version 2203, early update ring |
| 36 | + |
| 37 | +Members of the Technology Adoption Program (TAP) must first apply the private TAP rollup. |
| 38 | + |
| 39 | +#### Update replacement information |
| 40 | +This update does not replace any previously released updates. |
| 41 | + |
| 42 | +#### Restart information |
| 43 | +This update does not require a computer restart or a [site reset](../../core/servers/manage/modify-your-infrastructure.md#bkmk_reset) after installation. |
| 44 | + |
| 45 | +### Additional installation information |
| 46 | +After you install this update on a primary site, pre-existing secondary sites must be manually updated. To update a secondary site in the Configuration Manager console, select **Administration** > **Site Configuration** > **Sites** > **Recover Secondary Site**, and then select the secondary site. The primary site then reinstalls that secondary site by using the updated files. Configurations and settings for the secondary site are not affected by this reinstallation. The new, upgraded, and reinstalled secondary sites under that primary site automatically receive this update. |
| 47 | + |
| 48 | +Run the following SQL Server command on the site database to check whether the update version of a secondary site matches that of its parent primary site: |
| 49 | + ```sql |
| 50 | + select dbo.fnGetSecondarySiteCMUpdateStatus ('SiteCode_of_secondary_site') |
| 51 | + ``` |
| 52 | +If the value 1 is returned, the site is up to date, with all the hotfixes applied on its parent primary site. |
| 53 | + |
| 54 | +If the value 0 is returned, the site has not installed all the fixes that are applied to the primary site, and you should use the **Recover Secondary Site** option to update the secondary site. |
| 55 | + |
| 56 | +## Version information |
| 57 | +No major components are updated with this release. |
| 58 | + |
| 59 | +## File information |
| 60 | +File information is available in the downloadable [KB14480034_FileList.txt](https://aka.ms/KB14480034_FileList) text file. |
| 61 | + |
| 62 | +## Release history |
| 63 | +- May 23, 2022: Initial hotfix release |
| 64 | + |
| 65 | +## References |
| 66 | +[Updates and servicing for Configuration Manager](../../core/servers/manage/updates.md) |
0 commit comments