There are a few common issues with SCCM State Migration Points (SMPs) or Management Points (MPs) that either prevent the installation of the site system component, or causes them not to function correctly. This article covers some of the most common reasons why these components fail either to install, or to operate correctly once installed. They are sometimes the same failure reason for both SMPs and MPs, as both components rely heavily on IIS.
Log Files for troubleshooting:
Outside of SCCM component status messages (the first place to start for troubleshooting), the following is a list of the log files that are good for troubleshooting SMP/MP issues:
Management Point Installation:
MPSetup.log – Located in the SCCM Server log files folder. Does basic MP requirement checks and launches mp.msi to perform the MP installation.
mpMSI.log – Located in the SCCM Server log files folder. MSI Log file for the installation of the MP, this is also where more detailed MP requirement checks are performed
Management Point Operation
MPcontrol.log – Located in the SCCM Server log files folder. Status of regular verification of MP availability (every 5 minutes)
State Migration Point Installation
smpMSI.log - Located in the SCCM Server log files folder. MSI Log file for the installation of the SMP, this is also where more detailed SMP requirement checks are performed
State Migration Point Operation
Smpmgr.log – Located in the SCCM Server log files folder. Status of regular verification of SMP availability (every 5 minutes)
smpisapi.log – Located on the SCCM server in the client logs folder (even if no client is installed). This is the log file of the SMP IIS ISAPI application, you won’t see this log file if SMP tests (logged in SmpMgr.log) are having issues with authentication to IIS (401 errors).
Common Issues with MPs and SMPs
The following is a list of common MP and SMP issues, and suggested resolution of these issues. This is not to say that other issues will not be encountered, but these seem to be the most common.
SMP and MP are not responding, and you see Status Messages like: “SMP/MP is not responding to HTTP requests: The http status code and text is 401, Unauthorized”
Issue Cause A
: This is most likely happening on a Windows Server 2003 server and is being caused by the IIS IUSR_MachineName account being denied access to the SMP/MP virtual directory. This is generally because either a Group Policy or Security Template is applied to the server that sets the User Right ‘Deny access to this computer from the network’ to include the ‘Guests’ group. The ‘Guests’ local group on Windows Server 2003 contains the IUSR Account.
Issue Resolution A
: There are a few options here:
(1) Remove the IUSR account from the guests group
(2) Remove ‘guests’ from the ‘Deny access to this computer from the network’ in either the Group Policy or Local Policy
(3) Create a new local account to use as the IIS anonymous account, grant this account the appropriate rights (Log on as a batch job, allow log on locally, Access this computer from the network), and in the SMS virtual directories set the Directory Security such that it uses this account for anonymous authentication.
Issue Cause B
: Another reason this may be happening is because the IUSR and LOCAL SERVICE account do not have permissions on the SMPISAPI.DLL file in the SCCM Client directory on the server.
Issue Resolution B
: Reset the Permissions on the CCM directory (or SMP*.* files) such that the IUSR and LOCAL SERVICE have read and execute permissions.
: SMP is not working, and you see Status Messages like “SMP is not responding to HTTP requests. The http status code and text is 500, Internal Server Error.”
Issue Cause: This is usually caused by either incorrect permissions on the folder(s) specified in the State Migration Point component, or that the folder specified does not exist anymore.
: First verify whether the folder(s) specified in the State Migration Point exist, secondly, ensure that the local account “Local Service” has full control on that folder. The SCCM ISAPI application for the State Migration Point runs under the “Local Service” account (worth pointing out here it’s not “Local System”).
Management Point and/or State Migration Point are failing to install, and you see status messages like “SMS Site Component Manager failed to install the component on this system”
There are three common causes that I have come across, they are:
(a) WebDAV is not installed or not configured correctly
(b) The Default Web Site is not started or cannot start
(c) The Default Web Site has been renamed
After performing any of the resolutions below, stop and restart the SMS_SITE_COMPONENT_MANAGER
server to force a Site Component Manager update cycle.
Issue Resolution A:
WebDAV is not installed or not configured correctly
(a) Ensure WebDAV is installed and configured. On Windows Server 2003, ensure that WebDAV is enabled in “Web Service Extensions” in the IIS Management Console. On Windows Server 2008, follow the instructions on at http://technet.microsoft.com/en-us/library/cc431377(TechNet.10).aspx
to install and configure WebDAV. On Windows Server 2008 R2, follow the same instructions as the Technet Article, but WebDAV can be installed from Server Manager instead of having to download it from the web.
(b) If the Management Point role is still failing to install, it could be that on Windows Server 2008 or 2008 R2 system that WebDAV was configured at a server level instead of on the “Default Web Site”. SCCM only looks for the WebDAV settings explicitly in the <webdav> section of the “Default web site” in ApplicationHost.Config, thus the WebDAV settings can be set correctly (by setting at the IIS Server level first), but still not picked up as the right settings by SCCM. To work around this modify the IIS applicationHost.Config such that the WebDAV setting where not set at the IIS Server level, but instead set in the Default Web Site section. (Note: Removing and re-installing the WebDAV component doesn’t fix the issue)
Issue Resolution B:
The Default Web Site is not started or cannot start. Even though the WWW Service and IIS Admin service is started, the Default Web Site may not be started. If you cannot start the Default Web Site and get the error message “The process cannot access the file because it is being used by another process.”, then it is likely that another application is using port 80 or port 443 on the server. It one case for me it was UPS monitoring software that provides a Web Interface. See MS KB818844 (http://support.microsoft.com/kb/818844
) for more details on that particular error.
Issue Resolution C
: The Default Web Site has been renamed. During the MP/SMP install, it checks IIS Configuration and expects to find the “Default Web Site”, if it doesn’t find it, it fails the validation of IIS with a “0x80004005” error. The resolution is simply to rename the Default Web Site back to “Default Web Site”
Even though the SMP seems to be functioning correctly (i.e. no errors in the status messages), requesting a State Migration Point fails on the client.
: It’s more than likely that the client has the security update 974571 installed, and needs to run a hotfix to fix an issue with a ‘NULL’ in the Friendly Name property of the client’s SCCM certificate. For a better description of this issue and to download the client hotfix see Microsoft KB977203 (http://support.microsoft.com/?kbid=977203