SCCM client 1906 failure with error 0x80096005

by | SCCM, Troubleshooting

In this post, I will be discussing the issue related to SCCM client installation on Windows 7 with SCCM 1906 in use.
Everything was working fine with Windows 7 Task Sequence through SCCM 1902. Once I upgraded to SCCM 1906, Windows 7 task sequence was failing on setup “Setup Windows and Configuration Manager” while downloading the binaries.

SCCM client was not getting installed even if it tried manually, this wasn’t the issue with Windows 10 builds.

Once I verified the logs (ccmsetup.log), I found following error:

Couldn't verify 'C:\WINDOWS\ccmsetup\ccmsetup.cab' authenticode signature. Return code 0x80096005    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 Sending state '316'…    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 Updating MDM_ConfigSetting.ClientDeploymentErrorCode with value 2147500037    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 OS is not Win10RS3+, ENDOK.    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 Failed to get client version for sending state messages. Error 0x8004100e    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 [] Params to send '5.0.8853.1000 Deployment Error 0x80004005. Pre-req file name: C:\WINDOWS\ccmsetup\ccmsetup.cab'    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 A Fallback Status Point has not been specified and no client was installed.  Message with STATEID='316' will not be sent.    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 Failed to send status 316. Error (87D00215)    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 Failed to extract manifest cab file with error 0x80004005. Try next location.    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
 Enumerated all 1 DP locations but none of them is good. Fallback to MP.    ccmsetup    11/29/2019 9:41:30 PM   1516 (0x05EC)
clienterror 02

Problem

This issue is caused due to requirement changes for SCCM version 1906 which requires clients with SHA-2 code signing support as per the link What’s new in version 1906

Version 1906 client requires SHA-2 code signing support

Because of weaknesses in the SHA-1 algorithm and to align to industry standards, Microsoft now only signs Configuration Manager binaries using the more secure SHA-2 algorithm. The following Windows OS versions require an update for SHA-2 code signing support:

  • Windows 7 SP1
  • Windows Server 2008 R2 SP1
  • Windows Server 2008 SP2

Solution

To offer SHA-2 support, microsoft released Stand Alone security updates KB4474419 and KB4490628 released to introduce SHA-2 code sign support on March 12, 2019.

There are multiple ways to implement the solution:

  1. Through offline servicing of Windows 7 image by injecting KB4474419 in the image. However, this will update the massive wim on DP’s. I don’t prefer this method
  2. Another way is to download the KB4474419 patch from catalog.update.microsoft.com in msu format and create SCCM package to include it in task sequence while applying image.

Steps to add KB4474419 in Task Sequence

  1. Download KB4474419 patch and create SCCM package with source. Screenshot for your reference:
clienterror 03

2. Edit the Task Sequence, and add the step “Run Command Line” right after “Apply Operating System” step. Provide following command line:
dism.exe /image:%OSDTargetSystemDrive%\ /ScratchDir:%OSDTargetSystemDrive%\Windows\Temp /Add-Package /PackagePath:.\AMD64-all-windows6.1-kb4474419-v3-x64.msu /quiet
Make sure KB4474419 package is selected.

clienterror 04

3. As this step is applied before “Setup Windows and Configuration Manager” step, Image will be applied along with msu file.

Once made the changes, Task Sequence did not fail as Windows 7 client met the requirement for SHA-2 and completed the build with SCCM client installation and other application installation.

Discover more from SCCM | Intune | Device Management| Enterprise Mobility & Security

Subscribe to get the latest posts sent to your email.

10 Comments

  1. Akhilesh E T
    Akhilesh E T on November 23, 2021 at 12:31 am

    HI Manish,
    I have tried installing the above patches and it says they are not applicable to the Win 7 PCs.
    Can you please let me know what else can we check?

    Thanks & Regards
    Akhilesh.E.T

    Reply
  2. Akhilesh E T
    Akhilesh E T on November 22, 2021 at 10:59 pm

    Hi Manish
    I am getting the exact same errors as discussed above. However, When I try to install the mentioned updates, seems that they are not applicable. It says the “update is not Applicable to your Computer.”
    Can you please let me know if anything else can be done.

    Reply
  3. Rahul Jindal
    Rahul Jindal on November 17, 2020 at 4:12 am

    This was helpful Manish. Good one.

    Reply
  4. KISHORE
    KISHORE on May 22, 2020 at 12:58 pm

    Hello Manish,
    Thank you very much for recording this issue. I spent more than 3 hrs in call with Microsoft Support and it didn’t help. After installing the 2 patches client installed. It worked like a charm.

    Thanks again, Manish.
    Keeping rocking.

    Reply
    • manishbangia
      manishbangia on May 22, 2020 at 2:05 pm

      Thanks Kishore for your wonderful comments, these sort of comments can motivate anyone, much appreciated.

      Reply
  5. Khan
    Khan on May 14, 2020 at 9:56 pm

    Hi Manish thanks for sharing the post very helpful but failing to install the patch after install Operating system system

    Getting error 267

    Failed to access temporary directory

    please advise

    Reply
    • manishbangia
      manishbangia on May 14, 2020 at 10:43 pm

      Could you please share the logs. You must make sure the correct msu file exist and with appropriate command line.

      Reply
  6. kasun
    kasun on February 13, 2020 at 4:44 pm

    Thanks
    Its working after apply this patch.

    Reply
    • manishbangia
      manishbangia on February 13, 2020 at 4:55 pm

      Hi Kasun, thats great to know that this resolved the issue.

      Reply

Leave a Reply