Summary
After a client becomes inactivated because has not communicated with the server for by default 21 days, when it comes back online it will try to re-register and get a new client ID. In recent builds a client token was introduced, and when the clients try to re-register they will do so with their old token. However, if the clients' previously used ID has been re-issued to another device, this causes registration failure with the new server.
This issue was corrected in our 8.1.935.4 client.
Identification
In the client ComponentLogs\ClientInfo.log you will find the following messages
ERROR - Client could not obtain client id from server
In the client ComponentLogs\SentRecvMsg.log the NewClientResponse messages will show Invalid Encryption Key
INFO - Sender ID: 0. Correlation ID = 1665947903069 . message :Name of the message: NewClientResponse, Sender ID: 0, Receiver ID: -2, Queue ID: 1, CORRELATION ID: 1665947903069, ORIGINAL CORRELATION ID: 0, ORIGINAL RECEIVER ID: 1, REPLY TO: 1, REPLY TO IP: /10.181.52.14, IS REPLY: false, PREF TRANSPORT: 0, RECV TRANSPORT: 2, Attribute count: 3Attribute names and their values: Name: Error ,Value: Invalid Encryption Key
In the server Adaptiva.log files the NewClientRequest activity will look like this.
INFO - Sender ID: 1. Correlation ID = 134017 . message :Name of the message: NewClientRequest
INFO - Using old client token:
ERROR - Error decrypting client handshake data
Error Message = encryption/decryption failed
NewClientResponse, Sender ID: 0, Receiver ID: 1, Queue ID: 1, CORRELATION ID: 0, ORIGINAL CORRELATION ID: 0, ORIGINAL RECEIVER ID: 1, REPLY TO: 1, REPLY TO IP: null, IS REPLY: false, PREF TRANSPORT: 0, RECV TRANSPORT: 2, Attribute count: 3Attribute names and their values: Name: Error ,Value: Invalid Encryption Key
When older clients receive the Invalid Encryption Key message from the server, they cannot process this and continue to try to register with their original token. Our 8.1.935.4 release has client logic added so the clients will delete their token before trying to register again.
Solution
Our recommendation is to upgrade Adaptiva server to at least 8.1.935.4 and then upgrade the clients. If this is not possible immediately then the registry Value Data needs to be removed from Setup.Token and the client needs to be restarted.
Because these clients are out of management, we cannot use an Adaptiva Workflow or the Auto Client Upgrade in this case. Further, an SCCM package or application deployment would not use the Adaptiva to download and may completely fallback to DPs if DPBypass or DPFallback is set.
For the upgrade option my recommendation is to use a Task Sequence to run a package (cannot be an application) program calling on the OneSiteDownloader to download the package. Be sure your package in SCCM is updated to at least the 8.1.935.4 source, and the InstallOrUpgrade program has all required command line parameters, including -CloudRelay and -ServerGUID if you are using OneSite Anywhere.
There are 2 TS steps required for the upgrade.
1) Set TS Variable SMSTSDownloadProgram with the value;
"%AdaptivaClient%\bin\%processor_architecture%\onesitedownloader.exe"
2) Install AdaptivaClient package using the InstallOrUpgrade program
To simply clear the existing token to allow clients to register with an older version, again this can be done with a TS, or any other remote tool you prefer for running 3 commands.
1) reg.exe add HKLM\Software\Wow6432Node\Adaptiva\Client /v Setup.Token /d "" /f
2) net stop AdaptivaClient
3) net start AdaptivaClient
To determine clients which may be in this state, a good place to start may be the following query for devices in SCCM but not found in the Adaptiva db. The CM_PR1 db name needs to be updated for your db name 3 times below.
declare @GMTOffset int = -8
declare @BaseDate datetime2 = '1970-01-01 00:00:00.0000000'
-- Computers in CM but not Adaptiva
select
sys.netbios_name0 as ComputerName
from CM_PR1.dbo.v_r_system sys
left outer join adaptiva.dbo.a_AdaptivaClientData a on a.MachineName = sys.Netbios_Name0
left outer join CM_PR1.dbo.v_GS_WORKSTATION_STATUS ws on ws.ResourceID = sys.ResourceID
left outer join CM_PR1.dbo.v_GS_NETWORK_ADAPTER_CONFIGURATION nac on nac.ResourceID = sys.ResourceID and nac.DefaultIPGateway0 is not null
left outer join adaptiva.dbo.CLIENT_LAST_MESSAGE_RECEIVED_TIME clt on clt.CLIENT_ID = a.AdaptivaClientId
left outer join i5 on i5.ClientCode = a.AdaptivaClientId
left outer join si5 on i5.cValue = si5.id
where
a.MachineName is null and
sys.Operating_System_Name_and0 not like '%server%' and
isnull(sys.Obsolete0, 0) <> 1 and isnull(sys.Decommissioned0, 0) <> 1 and sys.client0 = 1
Comments
0 comments
Please sign in to leave a comment.