January 4 2013

SCCM 2012 signature verification failure and Schannel errors

I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.


I came across an interesting problem when working with a client on a SCCM 2012 implementation:


Clients in the secondary site boundary failed to request application installation in software center, and the locationservices.log shows errors about failure to verify signatures eg:

LocationServices::CCMVerifyServiceSignature: Signature verification of data failed after refreshing web service certificate.
LocationServices::VerifyDataSignature: Overall signature verification failed – 0x80004005; checking if status message should be sent.

Meanwhile, in the system event log on the secondary site servers we can find a lot of error events with ID 36888 and 36884, eg:

Event ID: 36884

Source: Schannel

Description: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is <Name of the SQL cluster instance>. The SSL connection request has failed. The attached data contains the server certificate.



  • SCCM 2012 RTM is running (no service packs or hotfixes)
  • The primary site database server is on an SQL cluster instance
  • Secondary sites are using SQL express as the database and was installed by push installation from primary site
  • As per http://support.microsoft.com/kb/2688247 the SQL server 2008 R2 SP1 CU4 was applied on the secondary site servers with SQL Express, but it did not resolve the problem


Further info

  • We found the SQL server native client version on primary site is SQL server 2008 (without R2), however on the secondary site server is SQL server 2008 R2.
  • There is a Microsoft known issue when the SQL native client version is 2008 R2 and the primary site database is on a cluster, the access will fail.
  • By default during SCCM installation on the primary site server it installs the SQL native client, it’s SQL 2008 (without R2), however on secondary site servers it installed SQL server 2008 Express, and SQL Express would install the SQL server 2008 R2 native client.



  • Uninstall SQL server 2008 R2 native client on secondary site server
  • Restart secondary site server
  • Install SQL server 2008 native client on secondary site server
  • Restart all SCCM services on secondary site servers


As mentioned above, this is a known issue with SCCM 2012 and expected to be fixed by Microsoft with the release of Service Pack 1 for SCCM 2012.


I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.


Tags: , , , , , ,

Posted January 4, 2013 by danovich in category "SMS / SCCM


  1. Pingback: NeWay Technologies – Weekly Newsletter #24 – January 3rd, 2013NeWay | NeWay

Leave a Reply