DscpTech
asked on
SCCM Management Point outbox backlog after hardening site server
My SCCM management point has a growing backlog in the outboxes folder. The problem started when I applied a GPO to my SCCM 2007 site server to harden it per my government agency’s security guidelines. I removed the GPO and rebooted the site server, but the outboxes backlog on my MP is still growing. Both servers are running Windows Server 2008 non-R2 x64 and SCCM 2007 R3 with SP2. Our local AD domain is at Windows Server 2008 level.
When I pull up "All Status Messages for a Specific System" for the MP, I see no new real messages after the hardening GPO was applied to the site server and I rebooted it. I see that the d:\sms\logs\outboxmon.log on the MP is reporting that all the outboxes are getting backlogged there. The mpfdm.log on the MP shows this error every 30 secs:
Cannot connect to the inbox source
This is still happening even after I removed the GPO and rebooted the site server and for good measure disabled McAfee HIPS on all SCCM servers. The status message files are supposed to automatically copy files from the MP "d:\SMS\MP\OUTBOXES\statem
Other than the backlog, SCCM is partially operational. I can image a machine using OSD, I can access Reports, I can uninstall a critical update from a workstation and then SUP reinstalls it. From the site server SQL console I see active SQL connections from the MP. If I grant db_owner privileges to the sms_xxx database for the MP computer account there is no difference.
I thought maybe the MP computer account can't get into the share \\site_server\SMS_xxx as part of its status message processing cycle. To confirm that it can, I did a remote desktop to the MP , opened up a command prompt running as the System account by using "psexec -i -s cmd.exe", from there I was able to copy a file to \\site_server\SMS_xxx\inbo
Can someone tell me how to further troubleshoot this outbox backlog?
When I pull up "All Status Messages for a Specific System" for the MP, I see no new real messages after the hardening GPO was applied to the site server and I rebooted it. I see that the d:\sms\logs\outboxmon.log on the MP is reporting that all the outboxes are getting backlogged there. The mpfdm.log on the MP shows this error every 30 secs:
Cannot connect to the inbox source
This is still happening even after I removed the GPO and rebooted the site server and for good measure disabled McAfee HIPS on all SCCM servers. The status message files are supposed to automatically copy files from the MP "d:\SMS\MP\OUTBOXES\statem
Other than the backlog, SCCM is partially operational. I can image a machine using OSD, I can access Reports, I can uninstall a critical update from a workstation and then SUP reinstalls it. From the site server SQL console I see active SQL connections from the MP. If I grant db_owner privileges to the sms_xxx database for the MP computer account there is no difference.
I thought maybe the MP computer account can't get into the share \\site_server\SMS_xxx as part of its status message processing cycle. To confirm that it can, I did a remote desktop to the MP , opened up a command prompt running as the System account by using "psexec -i -s cmd.exe", from there I was able to copy a file to \\site_server\SMS_xxx\inbo
Can someone tell me how to further troubleshoot this outbox backlog?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER