SCCM 2012 R2 Content Validation Error 0x80092002

After uplifting our current 2012 R2 environment to new hardware I started noticing errors in the smsdpmon.log file on distribution points.

Failed to create certificate store from encoded certificate..
An error occurred during encode or decode operation. (Error: 80092002; Source: Windows)
Failed to initialize DP monitoring object. Error code: 0x80092002

I started researching this and wasn’t able to find any solutions other than reinstalling the DP’s.  Easier said than done…  I set out to find a solution.  I checked for a component in the registry SMS_Distribution_Point_Monitoring, no such component.  I then noticed the registry key HKLM\Software\Microsoft\SMS\DP\Identity\IdentityCert which appears to be the string representation of the DP’s certificate.  This got me poking around the SCCM console.  Unless you are using PKI, every distribution point under Administration\Distribution Points has a self-signed certificate.

If you change the properties for the self-signed certificate SCCM will immediately block the old certificate, issue a new certificate and place it in the DP’s SMS certificate store.  Once that’s done the certificate error goes away and content validation processes normally.

I suspect that you can probably view the current certificate via the SCCM console, export it to a file and then import it into the DP’s SMS certificate store but haven’t been able to test that yet as it’s a lot easier just issuing a new certificate.

SCCM 2012 – Creating maintenance windows via PowerShell

After years of manually creating maintenance windows for our server patching and being too lazy to create a script for it, I ran across a good article by Jeroen Erkelens on creating maintenance windows via a PowerShell script.  You can read Jeroen’s post here.  Jeroen’s script is great but relies on hard-coded dates in a CSV file.  I wanted something that would set the maintenance windows based on a static number of days after Patch Tuesday.

I then found another great piece of PowerShell code by Wilson Souza on TechNet which gives an example of how to retrieve the date for the second Tuesday of the month.  You can see Wilson’s post here.

I mashed these two scripts together along with some of my own code to create this script.  It takes a CSV file as an input, here’s an example:

Collection – The collection ID that you want to set the maintenance window on.
DaysPastPatchTuesday – The number of days past Patch Tuesday for the MW.
MWStart – The start time of the MW.
MWEnd – The end time of the MW.
OtherData – Anything…  I personally use this for the collection name so I know which collection I’m looking at.



SCCM 2012 R2 View Problem

I recently discovered the database view on our SCCM 2012 R2 view v_UsersPrimaryMachines contained no data.  All of the data is present on all primary site servers.  After tracing through all views which the data is based on I narrowed the problem down to the vLocalSystemIDXRef view.  vLocalSystemIDXRef uses two functions, dbo.fnGetSiteRangeStart and dbo.fnGetSiteRangeEnd.  Here is the original SQL for the view:

After examining other views which used these two functions in the WHERE clause it became clear that all of the other views also included an OR statement in the WHERE which called a function dbo.fnIsCasOrStandalonePrimary to always return the data on CAS’s and stand-alone primary site servers.

I opened a case with MS to make them aware of the defect so it could be documented and corrected in a future release.  After several rounds of troubleshooting and explaining my findings they finally admitted a problem (in a round-about way) and we’ve started the process of opening a product change request.  Why a defect requires a product change is beyond me but that’s beside the point…

If you want to correct the v_UsersPrimaryMachines view you must modify the SQL for vLocalSystemIDXRef to the following:

I’ll try to update this post if/when a final resolution is provided by MS.  Knowing MS it’ll take some time though.  I’ve reported other SCCM 2012 R2 bugs which have yet to be resolved after 9+ months…


Jason Galbreath