MEMCM 2002 Clients Not Downloading User Policy


We recently upgraded to MEMCM 2002.  Right after the upgrade, everything was working as it should.  It has been a month now, and we have run into an issue.

Any application that is deployed to a user based collection is not being installed on the machines (Windows 10 1909).  The don’t even show up in Software Center or the logs. All device collection based deployments still work as expected.

We have tried updating information within the properties of the applications to create a new version to try and force the application to install, but that didn’t work.

We have tried copying the applications and deploying them to the same user collection, but that didn’t work

The issue occurs on newly imaged systems as well as existing machines.  If we uninstall a user based application from an existing system, after running the SCCM actions, the machine never sese the application as being needed and it never tries to install it.

Has anyone else run into this issue before?

We have an open case with MS Premier support, but so far no solution.  The engineer did say that our systems are not getting the user policies.

We are seeing errors like the one below in our DTS logs.

DTS job {976DEE85-3B33-4C39-9C9E-F7F1962B831D} BITS job {1EA593CA-0138-4E26-94A8-44844BDB5583} failed to download source file https://PrimarySite:443/SMS_MP/.sms_dcm?Id&DocumentId=ScopeId_AFAC600D-0DF9-4D76-BA45-FD94BFFE5A4A/DeploymentType_99aa66d7-9a5c-4d7c-9c69-0c58a3f2ceb5/2/PROPERTIES&Hash=9B10254D820EA90D563808F3DD8DC3C60AA734963A48094C56E73720D2A57C11&Compression=zlib to destination C:WINDOWSCCMCIDownloaderStaging{CFCFA44E-A125-4D4C-8D4C-34D8B37A7CF5} with error 0x80190194

Answers ( 3 )


    Thank you for your response. We have been working with Microsoft for over a week. They are stumped. User deployments do not install if we set them to required. That’s about as far as we have narrowed it down to.

    The BITS log says “A certificate is required to complete client authentication.” Then it failed to download from the Primary site.

    The MS engineer ran a BITS ETL and we are seeing “Getting the Client Authentication Certificate. Decrypt failed 0x80090010.

    We have verified the machine, user and the certs are good on the Primary Site.

    I’d say that we have stumped the engineer. We have been working this case all day, every day for over a week. 🙁


    This is just for your information from the description you have mentioned seems like I ran into same issue on 1910 version .
    I have opened a case with MS and they told that it’s a big and advised to upgrade sccm to 2002 version.
    But I have seen in other forums as well that issue still persist on 2002 as well.
    Can you ask MS engineer to check if it is known bug.( They will run a diagnostic tool and collect the logs from machine)
    Also you can do one thing on problematic machine which is not receiving policy try to restart Smsagenthost service from backend and see does it receives it.

Leave an answer

Sorry, you do not have permission to answer to this question .