Avatar of DscpTech

asked on 

SCCM Management Point outbox backlog after hardening site server

My SCCM management point has a growing backlog in the outboxes folder. The problem started when I applied a GPO to my SCCM 2007 site server to harden it per my government agency’s security guidelines. I removed the GPO and rebooted the site server, but the outboxes backlog on my MP is still growing. Both servers are running Windows Server 2008 non-R2 x64 and SCCM 2007 R3 with SP2. Our local AD domain is at Windows Server 2008 level.

When I pull up "All Status Messages for a Specific System" for the MP, I see no new real messages after the hardening GPO was applied to the site server and I rebooted it. I see that the d:\sms\logs\outboxmon.log on the MP is reporting that all the outboxes are getting backlogged there. The mpfdm.log on the MP shows this error every 30 secs:

Cannot connect to the inbox source

This is still happening even after I removed the GPO and rebooted the site server and for good measure disabled McAfee HIPS on all SCCM servers. The status message files are supposed to automatically copy files from the MP "d:\SMS\MP\OUTBOXES\statemsg.box\" folder to \\site server \SMS_xxx\inboxes\auth\statesys.box\incoming\". The permissions on the folders and shares look fine, and the MP is in the local admin and SMS_SiteServerToSiteSystemConnection_xxx local groups on the site server. Also, the site server computer account is still in the MP's local admin group.

Other than the backlog, SCCM is partially operational. I can image a machine using OSD, I can access Reports, I can uninstall a critical update from a workstation and then SUP reinstalls it.  From the site server SQL console I see active SQL connections from the MP. If I grant db_owner privileges to the sms_xxx database for the MP computer account there is no difference.

I thought maybe the MP computer account can't get into the share \\site_server\SMS_xxx as part of its status message processing cycle. To confirm that it can, I did a remote desktop to the MP , opened up a command prompt running as the System account by using "psexec -i -s cmd.exe", from there I was able to copy a file to \\site_server\SMS_xxx\inboxes\auth\statesys.box\incoming folder. I can't figure out where the blockage may be. On the MP all automatic services and all SCCM components (subthreads) are running, nothing is stopped as far as I can see.

Can someone tell me how to further troubleshoot this outbox backlog?
Microsoft Server Apps

Avatar of undefined
Last Comment
Avatar of DscpTech


The senior tech lead on our team came up with the resolution. The MP must access the site server HKLM\software\wow6432node\microsoft\sms to gather all the site settings of many things. This includes the "inbox source" which holds all the locations for the status files, instruction files, etc which is how site systems all communicate back to the site server. When you install SCCM this registry path gets added automatically. Our GPO removed it, and it did not get re-added back when we unlinked the GPO. We manually added it. So we will add the registry key to the GPO and try hardening the site server again.
Avatar of EE_AutoDeleter

Blurred text
View this solution by signing up for a free trial.
Members can start a 7-Day free trial and enjoy unlimited access to the platform.
See Pricing Options
Start Free Trial
Microsoft Server Apps
Microsoft Server Apps

Microsoft server applications are those applications developed specifically, but not necessarily exclusively, on the Windows Server platform. In addition to well-known products like SQL Server, Exchange, Internet Information Services (IIS), Microsoft Dynamics, Forefront, Lync and Sharepoint, they include applications like Skype, BizTalk, Hyper-V, Groove and Commerce Server. Server applications are managed with the Microsoft System Center.

Top Experts
Get a personalized solution from industry experts
Ask the experts
Read over 600 more reviews


IBM logoIntel logoMicrosoft logoUbisoft logoSAP logo
Qualcomm logoCitrix Systems logoWorkday logoErnst & Young logo
High performer badgeUsers love us badge
LinkedIn logoFacebook logoX logoInstagram logoTikTok logoYouTube logo