SCCM MECM Configuration Manager Client not downloading content from distribution point Error: CTM encountered error processing reply from DTS. Code 0x80096004

Configuration Manager Client not downloading content from distribution point. Verified a distribution point was properly assigned to the applicable boundary group and that the distribution point had the content in question.

Reviewing the CCMCACHE folder on the client machines, found folders created for the content in question but no actual content. Began reviewing log files in C:\Windows\CCM\Logs 


In CAS.LOG: Error CTM encountered error processing reply from DTS. Code 0x80096004

​Error Code: 0x80096004 (2148098052) 

 Error Name: TRUST_E_CERT_SIGNATURE 

 Error Source: Windows 

 Error Message: The signature of the certificate cannot be verified. 

 The client was registered using the self-signed certificate issued to 'SMS' Client is configured to use HTTPS when available 

 In the CAS.log 


 both http and https locations are being returned for content locations 

When the issue occurs, the following events occur leading to the 0x80096004 error: ​

​CTM job {A18CC6C5-2A7B-4D84-B4C2-3EB1EC1F22EF} switched to location 'xxx/SMS_DP_SMSPKG$/ACC00A5E'


CTM job {B64D5D76-3846-4415-84F4-503722AF09C8} switched to location 'http://xxx/SMS_DP_SMSPKG$/ACC00A70'


CTM job {A0E7A3F6-76C6-449A-BB13-2C5D5439FE03} switched to location 'http://xxx/SMS_DP_SMSPKG$/Content_81f1d394-c68c-4d8e-8fdd-33756a934992.1'


CTM encountered error processing reply from DTS. Code 0x80096004


CTM job {620B0A00-D1D8-4115-A7D1-962E268AFCCF} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD


CTM encountered error processing reply from DTS. Code 0x80096004


CTM job {A0E7A3F6-76C6-449A-BB13-2C5D5439FE03} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD


CTM job {A18CC6C5-2A7B-4D84-B4C2-3EB1EC1F22EF} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD


CTM encountered error processing reply from DTS. Code 0x80096004


CTM job {B64D5D76-3846-4415-84F4-503722AF09C8} entered phase CCM_DOWNLOADSTATUS_PREPARING_DOWNLOAD


CTM encountered error processing reply from DTS. Code 0x80096004




In the DataTransferService.log:


​Completed validation of Certificate [Thumbprint F49997EE2BB8A7ABC5A7B9FE929B08B969DD7981] issued to 'xxx' 

Failed to verify if the cert is sccm issued. Error 0x80096004 

Completed validation of Certificate [Thumbprint F49997EE2BB8A7ABC5A7B9FE929B08B969DD7981] issued to 'xxx' 

Begin validation of Certificate [Thumbprint F49997EE2BB8A7ABC5A7B9FE929B08B969DD7981] issued to 'xxx' 

DTS job: '{F3496177-0337-4DDA-9672-473BEFB7BEFD}' AddTransportSecurityOptionsToBITSJob failed: (0x80096004) 

Completed validation of Certificate [Thumbprint F49997EE2BB8A7ABC5A7B9FE929B08B969DD7981] issued to 'xxx' 

Failed to verify if the cert is sccm issued. Error 0x80096004 

DTS job: '{FCAA0817-C92F-46E4-AD39-C1E23B25BCAA}' AddTransportSecurityOptionsToBITSJob failed: (0x80096004) 


 Resolution: 

  1. Connect to the Primary Site Server's Configuration Manager Admin Console and reviewed the properties for the applicable Distribution Point.

    On the Communications Tab, found the self-signed certificate's expiration date had passed.

    Updated the self-signed certificate's expiration date.

  2. On the distribution server, opened CertLM.MSC from and administrator command prompt and reviewed.


    Found SMS Issuing certificate was not in the Personal Store nor the Trusted Root. Exported SMS Issuing Certificate from the site server and imported into Personal Store and the Trusted Root on the problematic Distribution Server.

  3. Reviewed IIS Manager on the Distribution Server:
    Default Website
    SMS_DP_PKG$
    Authentication

    Found Windows Authentication missing

    Opened Server Manager
    In Server Manager, click the Manage menu, and then click Add Roles and Features.
    In the Add Roles and Features wizard, click Next. Select the installation type and click Next. Select the destination server and click Next.
    On the Server Roles page, expand Web Server (IIS), expand Web Server, expand Security, and then select Windows Authentication. Click Next.
    On the Select features page, click Next.
    On the Confirm installation selections page, click Install.
    On the Results page, click Close.

    Restarted Distribution Server

  4. Reviewed DataTransferService.log and found successfully completed downloads