Microsoft Endpoint Configuration Manager MECM SCCM Failed to Decode Message Hook Authenticate Error 0x87d00309 InvokeDecodingHooks failed 0x87d00309 HandleRemoteSyncSend Failed Cforwarder_Sync:Send failed

After upgrading to MECM current version 2111, deployments were not progressing, imaging was failing, devices all showing offline in Assets and Compliance - Devices. 

 Upon reviewing CcmMessaging.log (C:\Windows\CCM\logs) on a client machine, the following error messages were noted: 
Failed to decode message. 
Hook authenticate. Error 0x87d00309 
InvokeDecodingHooks failed (0x87d00309). 
HandleRemoteSyncSend failed (0x87d00309). 
CForwarder_Sync::Send failed (0x87d00309). 
CForwarder_Base::Send failed (0x87d00309). 

After coming through server logs, discovered an issue with Active Directory Publishing 
In Endpoint Configuration Manager console: Administration - Hierarchy Configuration - Active Directory Forests 
Publishing Status was blank Right Clicked domain for domain properties 

When domain properties displayed, clicked Publishing tab Site was not checked under "Select the site that will be published" 
checked the checkbox by the sitename 
clicked OK 
Publishing status updated to display "Insufficient Access Rights" 

MECM AD Forest publishing requires that the Management Points computer accounts have full access to the System Management OU in AD 

Launched Active Directory User and Computers 
Clicked View and select Advanced 
expanded domain expanded System 
right clicked System Management
clicked properties 
clicked Security tab 

Noted only one MP listed with full access, but permissions were "This Object Only"
Changed permissions to "This object and all descendant objects" (as per

Added computer account for second MP, granted full access and set permissions to "This object and all descendant objects" 
Clicked OK 
Closed AD Users and Computers 
 Refreshed screen in MECM console for Administration - Overview - Hierarchy Configuration - Active Directory Forests 
After a few minutes, publishing displayed "Succeeded" 
 After 30 minutes, devices began to show online in Assets and Compliance - Devices 
After an hour, deployments began to show progress. 
Tested imaging a workstation and it completed successfully.