SCCM error 5443: MP has rejected a message from client X because it was signed with a public key that does not match …

In SCCM 2007, the following error may occur when the public key on the client and the key published in the database on the SCCM server are not the same (screenshot at end of this post).

Date: 30-08-2010
Time: 11:18:08:667
Site code: %xyz%
System: %sccm server name%
Source: SMS Server
Type: Milestone
Severity: Warning
Message ID: 5443
Process ID: 2952
Thread ID: 10464
Description: MP has rejected a message from client GUID:773CDAE8-3447-4861-9FAF-1B1AD9FEB502 because it was signed with a public key that does not match the key published in the database. Possible causes: The client is incorrectly identifying itself, or the client’s signing certificate was re-created, resulting in a new public key.

This message appears in the Component Status SMS_MP_CONTROL_MANAGER. To view this error, go in your SCCM Console / ConfigMgr Console to Site Database (site code, servername) –> System Status –> Site Status –> Sitecode – Organization –> Component Status –> right click SMS_MP_CONTROL_MANAGER and click Show Messages – All messages

To solve this problem, I did the following:

  1. Delete the GUID from the database by executing the following query in the Microsoft SQL Server Management Studio:
  2. DELETE FROM ClientKeyData WHERE SMSID = ‘GUID:773CDAE8-3447-4861-9FAF-1B1AD9FEB502’
    (err, YES!-> replace the GUID with the GUID of your OWN error. ;-) )

  3. Uninstall the SCCM client by running the command ccmsetup.exe /uninstall on the client
  4. In the ConfigMgr console, add the RESETKEYINFORMATION=TRUE parameter to the push installation methods. Therefore, go to Site Settings –> Client Installation Methods –> Client Push Installation. Then go to the tab “Client” and add RESETKEYINFORMATION=TRUE to the installation properties.
  5. Go to Collections, right-click the system that experienced problems and choose Install Client


Leave a Reply

Your email address will not be published.