<

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x

Troubleshooting SCCM State Migration Points and Management Points

Published on
22,596 Points
16,296 Views
3 Endorsements
Last Modified:
Approved

Introduction

There are a few common issues with SCCM State Migration Points (SMPs) or Management Points (MPs) that either prevent the installation of the site system component, or causes them not to function correctly.  This article covers some of the most common reasons why these components fail either to install, or to operate correctly once installed.  They are sometimes the same failure reason for both SMPs and MPs, as both components rely heavily on IIS.

Log Files for troubleshooting:
Outside of SCCM component status messages (the first place to start for troubleshooting), the following is a list of the log files that are good for troubleshooting SMP/MP issues:

Management Point Installation:
MPSetup.log – Located in the SCCM Server log files folder.  Does basic MP requirement checks and launches mp.msi to perform the MP installation.
mpMSI.log – Located in the SCCM Server log files folder.  MSI Log file for the installation of the MP, this is also where more detailed MP requirement checks are performed
Management Point Operation
MPcontrol.log – Located in the SCCM Server log files folder. Status of regular verification of MP availability (every  5 minutes)
State Migration Point Installation
smpMSI.log  - Located in the SCCM Server log files folder.   MSI Log file for the installation of the SMP, this is also where more detailed SMP requirement checks are performed
State Migration Point Operation
Smpmgr.log  – Located in the SCCM Server log files folder.  Status of regular verification of SMP availability (every  5 minutes)
smpisapi.log – Located on the SCCM server in the client logs folder (even if no client is installed).  This is the log file of the SMP IIS ISAPI application, you won’t see this log file if SMP tests  (logged in SmpMgr.log) are having issues with authentication to IIS (401 errors).

Common Issues with MPs and SMPs


The following is a list of common MP and SMP issues, and suggested resolution of these issues.  This is not to say that other issues will not be encountered, but these seem to be the most common.  

Issue 1:  SMP and MP are not responding, and you see Status Messages like:  “SMP/MP is not responding to HTTP requests:  The http status code and text is 401, Unauthorized”

Issue Cause A:  This is most likely happening on a Windows Server 2003 server and is being caused by the IIS IUSR_MachineName account being denied access to the SMP/MP virtual directory.  This is generally because either a Group Policy or Security Template is applied to the server that sets the User Right ‘Deny access to this computer from the network’ to include the ‘Guests’ group.  The ‘Guests’ local group on Windows Server 2003 contains the IUSR Account.

Issue Resolution A: There are a few options here:
(1)      Remove the IUSR account from the guests group
(2)      Remove ‘guests’ from the ‘Deny access to this computer from the network’ in either the Group Policy or Local Policy
(3)      Create a new local account to use as the IIS anonymous account, grant this account the appropriate rights (Log on as a batch job, allow log on locally, Access this computer from the network), and in the SMS virtual directories set the Directory Security such that it uses this account for anonymous authentication.

Issue Cause B:  Another reason this may be happening is because the IUSR and LOCAL SERVICE account do not have permissions on the SMPISAPI.DLL file in the SCCM Client directory on the server.
 
Issue Resolution B:  Reset the Permissions on the CCM directory (or SMP*.* files) such that the IUSR and LOCAL SERVICE have read and execute permissions.

Issue 2:   SMP is not working, and you see Status Messages like “SMP is not responding to HTTP requests.  The http status code and text is 500, Internal Server Error.”
Issue Cause: This is usually caused by either incorrect permissions on the folder(s) specified in the State Migration Point component, or that the folder specified does not exist anymore.

Issue Resolution:   First verify whether the folder(s) specified in the State Migration Point exist, secondly, ensure that the local account “Local Service” has full control on that folder.  The SCCM ISAPI application for the State Migration Point runs under the “Local Service” account (worth pointing out here it’s not “Local System”).

Issue 3:  Management Point and/or State Migration Point are failing to install, and you see status messages like “SMS Site Component Manager failed to install the component on this system”

Issue Cause:  There are three common causes that I have come across, they are:
(a)      WebDAV is not installed or not configured correctly
(b)      The Default Web Site is not started or cannot start
(c)      The Default Web Site has been renamed
After performing any of the resolutions below, stop and restart the SMS_SITE_COMPONENT_MANAGER server to force a Site Component Manager update cycle.

Issue Resolution A: WebDAV is not installed or not configured correctly
(a)      Ensure WebDAV is installed and configured.  On Windows Server 2003, ensure that WebDAV is enabled in “Web Service Extensions” in the IIS Management Console.  On Windows Server 2008, follow the instructions on at http://technet.microsoft.com/en-us/library/cc431377(TechNet.10).aspx to install and configure WebDAV.  On Windows Server 2008 R2, follow the same instructions as the Technet Article, but WebDAV can be installed from Server Manager instead of having to download it from the web.
(b)      If the Management Point role is still failing to install, it could be that on Windows Server 2008 or 2008 R2 system that WebDAV was configured at a server level instead of on the “Default Web Site”.   SCCM  only looks for the WebDAV settings explicitly in the <webdav> section of the “Default web site” in ApplicationHost.Config, thus the WebDAV settings can be set correctly (by setting at the IIS Server level first), but still not picked up as the right settings by SCCM.  To work around this modify the IIS applicationHost.Config such that the WebDAV setting where not set at the IIS Server level, but instead set in the Default Web Site section.  (Note: Removing and re-installing the WebDAV component doesn’t fix the issue)

Issue Resolution B: The Default Web Site is not started or cannot start.  Even though the WWW Service and IIS Admin service is started, the Default Web Site may not be started.  If you cannot start the Default Web Site and get the error message “The process cannot access the file because it is being used by another process.”,  then it is likely that another application is using port 80 or port 443 on the server.  It one case for me it was UPS monitoring software that provides a Web Interface.  See MS KB818844 (http://support.microsoft.com/kb/818844) for more details on that particular error.

Issue Resolution C: The Default Web Site has been renamed.  During the MP/SMP install, it checks IIS Configuration and expects to find the “Default Web Site”, if it doesn’t find it, it fails the validation of IIS with a “0x80004005” error.  The resolution is simply to rename the Default Web Site back to “Default Web Site”

Issue 4:        Even though the SMP seems to be functioning correctly (i.e. no errors in the status messages), requesting a State Migration Point fails on the client.

Issue Resolution:  It’s more than likely that the client has the security update 974571 installed, and needs to run a hotfix to fix an issue with a ‘NULL’  in the Friendly Name property of the client’s SCCM certificate.  For a better description of this issue and to download the client hotfix see Microsoft KB977203 (http://support.microsoft.com/?kbid=977203).
3
Author:JonLambert
2 Comments

Expert Comment

by:BzowK
Good Morning Jon -

I am actually receiving Issue #2 you discussed above.  I tried adding Local Service with full rights, but no-go.  Any more suggestions?  Thanks!
0
LVL 10

Author Comment

by:JonLambert
Is the SMP on a remote machine?  If so, ensure that the Primary Site's computer account is a member of the local admins on the remote machine, also ensure that you have the appropriate IIS compoments installed.
0

Featured Post

IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

If you, like me, have a dislike for using Online Subscription anti-spam services, then this video series is for you. I have an inherent dislike of leaving decisions such as what is and what isn't spamming to other people or services for me and insis…
Watch this simple and effective video tutorial to extract attachments from Outlook 2007 and try this easy method by yourself. No need to go anywhere, just watch the video and export attachments from Outlook in few simple steps. To know more, click h…

Keep in touch with Experts Exchange

Tech news and trends delivered to your inbox every month