MP Internal Server Error 500

Abdul Jalil Abou Alzahab
Abdul Jalil Abou Alzahab used Ask the Experts™
on
Hello,
I'm receiving the following error message on Site status - MP every one hours:

MP Control Manager detected management point is not responding to HTTP requests.  The HTTP status code and text is 500, Internal Server Error.
I remove MP with IIS, BITS and SCCM agent on SCCM primary site - Restart - Reinstall IIS, BITS, MP and SCCM agent without any luck

I reset the site system with no configuration change without any luck.

Some clients agent installed successfully but not showing component tab and it showing in actions tab only:
- Machine Policy Retrieval & Evaluation cycle
- User Policy Retrieval & Evaluation cycle

I have stand-alone site system 1902 with SQL server on the same server, in additions I have SUP role installed on another server.

any other suggestions or recommendations?
Thanks
Comment
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Rowan HawkinsSystem Integrator

Commented:
Is there any software on the endpoint computer that may be hijacking port 80 or a device on your network causing a problem on those systems?

As a test, in your patch room swap a working and non-working systems patch cables at the panel.
  Provided you are not restricting access at the port by mac address. If the problem stays on the machine its an endpoint issue, and if is moves then its a networking issue.

You can also check the Application/System/Security logs on the Endpoint to see if there is an error when the SCCM pops the 500.

This is a list of all the ports used:
https://docs.microsoft.com/en-us/sccm/core/plan-design/hierarchy/ports

I notice that this link uses SMB and there have been issues (yet again) with SMB or SMB over IP
 Site server < -- > Endpoint Protection point
Description       UDP       TCP
Server Message Block (SMB)       --       445
RPC Endpoint Mapper       135       135
RPC       --       DYNAMIC Note 6

So I would lean even more heavily on the end point IPSec rules maybe blocking the connection so checking the client logs, but the cable swap would still tell you which half you needed to troubleshoot first unless your are in a fully remote environment.

Author

Commented:
we are not using endpoint protection anymore, we are using other solution
Rowan HawkinsSystem Integrator

Commented:
then it is back to ports 80 or 443.
Issue solved by the following:

Grant Read permission to the IIS_IUSRS group for the ApplicationHost.config file or for the Web.config file (E:\Program Files\SMS_SiteCode\SMS_MP).

Thanks for all

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial