SCCM 2007 – Troubleshooting SCCM State Migration Points and Management Points

Updated on :   24/02/2010
Relevant to:   SCCM 2007


 

One of my employees/mates – Jon Lambert, has written the below article, and kindly given me permission to post on my blog….

Introduction

There are a few common issues with SCCM State Migration Points (SMPs) or Management Points (MPs) that either prevent the installation of the site system component, or causes them not to function correctly.  This article covers some of the most common reasons why these components fail either to install, or to operate correctly once installed.  They are sometimes the same failure reason for both SMPs and MPs, as both components rely heavily on IIS.

 


 

Log Files for troubleshooting:

Outside of SCCM component status messages (the first place to start for troubleshooting), the following is a list of the log files that are good for troubleshooting SMP/MP issues:

Management Point Installation:

  • MPSetup.log – Located in the SCCM Server log files folder.  Does basic MP requirement checks and launches mp.msi to perform the MP installation.
  • mpMSI.log – Located in the SCCM Server log files folder.  MSI Log file for the installation of the MP, this is also where more detailed MP requirement checks are performed

Management Point Operation

  • MPcontrol.log – Located in the SCCM Server log files folder. Status of regular verification of MP availability (every  5 minutes)

State Migration Point Installation

  • smpMSI.log  – Located in the SCCM Server log files folder.   MSI Log file for the installation of the SMP, this is also where more detailed SMP requirement checks are performed
  • Smpmgr.log  – Located in the SCCM Server log files folder.  Status of regular verification of SMP availability (every  5 minutes)
  • smpisapi.log – Located on the SCCM server in the client logs folder (even if no client is installed).  This is the log file of the SMP IIS ISAPI application, you won’t see this log file if SMP tests  (logged in SmpMgr.log) are having issues with authentication to IIS (401 errors).

State Migration Point Operation

  • Smpmgr.log – Located in the SCCM Server log files folder. Status of regular verification of SMP availability (every 5 minutes)
  • smpisapi.log – Located on the SCCM server in the client logs folder (even if no client is installed). This is the log file of the SMP IIS ISAPI application, you won’t see this log file if SMP tests (logged in SmpMgr.log) are having issues with authentication to IIS (401 errors).

 


 

Common Issues with MPs and SMPs

The following is a list of common MP and SMP issues, and suggested resolution of these issues.  This is not to say that other issues will not be encountered, but these seem to be the most common.

Issue 1:  SMP and MP are not responding, and you see Status Messages like:  “SMP/MP is not responding to HTTP requests:  The http status code and text is 401, Unauthorized”

Issue Cause A:  This is most likely happening on a Windows Server 2003 server and is being caused by the IIS IUSR_MachineName account being denied access to the SMP/MP virtual directory.  This is generally because either a Group Policy or Security Template is applied to the server that sets the User Right ‘Deny access to this computer from the network’ to include the ‘Guests’ group.  The ‘Guests’ local group on Windows Server 2003 contains the IUSR Account.

Issue Resolution A: There are a few options here:

(1)    Remove the IUSR account from the guests group

(2)    Remove ‘guests’ from the ‘Deny access to this computer from the network’ in either the Group Policy or Local Policy

(3)    Create a new local account to use as the IIS anonymous account, grant this account the appropriate rights (Log on as a batch job, allow log on locally, Access this computer from the network), and in the SMS virtual directories set the Directory Security such that it uses this account for anonymous authentication.

Issue Cause B:  Another reason this may be happening is because the IUSR and LOCAL SERVICE account do not have permissions on the SMPISAPI.DLL file in the SCCM Client directory on the server.

Issue Resolution B:  Reset the Permissions on the CCM directory (or SMP*.* files) such that the IUSR and LOCAL SERVICE have read and execute permissions.

 


 

Issue 2:   SMP is not working, and you see Status Messages like “SMP is not responding to HTTP requests.  The http status code and text is 500, Internal Server Error.”

Issue Cause: This is usually caused by either incorrect permissions on the folder(s) specified in the State Migration Point component, or that the folder specified does not exist anymore.

Issue Resolution:   First verify whether the folder(s) specified in the State Migration Point exist, secondly, ensure that the local account “Local Service” has full control on that folder.  The SCCM ISAPI application for the State Migration Point runs under the “Local Service” account (worth pointing out here it’s not “Local System”).

 


 

Issue 3:  Management Point and/or State Migration Point are failing to install, and you see status messages like “SMS Site Component Manager failed to install the component on this system”

Issue Cause:  There are three common causes that I have come across, they are:

(a)    WebDAV is not installed or not configured correctly

(b)   The Default Web Site is not started or cannot start

(c)    The Default Web Site has been renamed

After performing any of the resolutions below, stop and restart the SMS_SITE_COMPONENT_MANAGER server to force a Site Component Manager update cycle.

Issue Resolution A: WebDAV is not installed or not configured correctly

(a)    Ensure WebDAV is installed and configured.  On Windows Server 2003, ensure that WebDAV is enabled in “Web Service Extensions” in the IIS Management Console.  On Windows Server 2008, follow the instructions on at http://technet.microsoft.com/en-us/library/cc431377(TechNet.10).aspx to install and configure WebDAV.  On Windows Server 2008 R2, follow the same instructions as the Technet Article, but WebDAV can be installed from Server Manager instead of having to download it from the web.

(b)   If the Management Point role is still failing to install, it could be that on Windows Server 2008 or 2008 R2 system that WebDAV was configured at a server level instead of on the “Default Web Site”.   SCCM  only looks for the WebDAV settings explicitly in the <webdav> section of the “Default web site” in ApplicationHost.Config, thus the WebDAV settings can be set correctly (by setting at the IIS Server level first), but still not picked up as the right settings by SCCM.  To work around this modify the IIS applicationHost.Config such that the WebDAV setting where not set at the IIS Server level, but instead set in the Default Web Site section.  (Note: Removing and re-installing the WebDAV component doesn’t fix the issue)

Issue Resolution B: The Default Web Site is not started or cannot start.  Even though the WWW Service and IIS Admin service is started, the Default Web Site may not be started.  If you cannot start the Default Web Site and get the error message “The process cannot access the file because it is being used by another process.”,  then it is likely that another application is using port 80 or port 443 on the server.  It one case for me it was UPS monitoring software that provides a Web Interface.  See MS KB818844 (http://support.microsoft.com/kb/818844) for more details on that particular error.

Issue Resolution C: The Default Web Site has been renamed.  During the MP/SMP install, it checks IIS Configuration and expects to find the “Default Web Site”, if it doesn’t find it, it fails the validation of IIS with a “0x80004005” error.  The resolution is simply to rename the Default Web Site back to “Default Web Site”

 


 

Issue 4:   Even though the SMP seems to be functioning correctly (i.e. no errors in the status messages), requesting a State Migration Point fails on the client.

Issue Resolution:  It’s more than likely that the client has the security update 974571 installed, and needs to run a hotfix to fix an issue with a ‘NULL’  in the Friendly Name property of the client’s SCCM certificate.  For a better description of this issue and to download the client hotfix see Microsoft KB977203 (http://support.microsoft.com/?kbid=977203).

 


 

6 thoughts on “SCCM 2007 – Troubleshooting SCCM State Migration Points and Management Points

  1. You are a golden god. If you at any point need any help with anything system center related, and I have the ability to deliver, you’ve got it. That Server 500 error was driving me absolutely bugshit, I was digging through AD and IIS and logs, and it turns out to be a simple fucking permissions fix. Without blogs like yours, I would have thrown SCCM out the highest window I could find long long ago.

    1. 🙂 i prefer to think of myself as a ranga, pudgey god….. golden god drums up images of C3PO in return of the jedi with those bloody ewoks.
      No worries mate – glad it helped.

  2. WOW! Thank you SOOOOOO MUCH for this blog!!!! I spent the better part of an afternoon trying to figure this out. Thank you!

Leave a Reply