Error Messages in Clientauth.log - anything to worry about?
I'm hoping someone may have some experience of this situation & can shed some light on it.
We have 2012 R2 site, primary site server with local DB, 3 MPs with Replicas (one for ICBM, not yet fully configured) the other 2 for intranet clients. The MPs each have a sql replica configured, based on guides found on this site. Replication Monitor looks happy. We have recently migrated around 3000 clients from SCCM 2007 R3 on to this 2012 site - the 2007 site is still up, but no longer discovering or pushing.
I have noticed that both of the Intranet MPs have a good number of these errors in the clientauth.log - these also appear in component monitor which cycles between warning state and green - guess it is on the threshold of warning counts;
Message from GUID:blah client failed signature validation 17/01/2014 10:09:47 5400 (0x1518)Skipping raising MPEvent_ClientAuth_SignatureFailure event because 4 such events were already raised in the past 60 minutes 17/01/2014 10:09:47 5400 (0x1518)Could not verify message signature for client GUID:blah . 17/01/2014 10:09:47 5400 (0x1518)Error verifying message from client GUID:blah (0x80090006). 17/01/2014 10:09:47 5400 (0x1518)
There have been roughly 18 of these on one MP in the last hour (which is roughly the hour when everyone is turning on & waking up PCs) the log file on the other MP looks very similar in counts of these errors.
Component Monitor looks like this - it logs 2 of these for each client.
MP has rejected a message from GUID:blah because the signature could not be validated. If this is a valid client, it will attempt to re-register automatically so its signature can be correctly validated.
I've traced these back to 3 clients so far & cant see anything not working - clientidmanagerstartup looks fine, ccmessaging seems normal - you can even see the times of messages sent that correspond with the errors - no errors on the client & you do not seem to see errors for every message the client sends, looks like just the first 2 messages.
Inventory also seems happy, they are downloading scep updates OK & there are no obvious errors in other supporting logs.
Happy to give more information & details, but just wanted to air this first & see if anyone else has come across it.