Thursday, 4 December 2014

MPControl.log detected MP is not responding to HTTP Requests. Error code 12030

The day to day work was going on and as per the schedule i configured the patching activity for the month of November 2014 and went for the tea break. When I came back and though to check the status for my deployment I was shock to see that sccm reporting was not working. I was not able to digest this truth because in next 2 hours my patching was about to start and I was totally depended on the sccm reporting to check the status for the deployment.

When I starting digging the logs I found that MPcontroller.log was throwing error “Http test request failed with error code 12030” and will missing my code 200 L .



So my next step was to see what went wrong and I started checking IIS log and found that my IIS was “Refused the connections request” that was more confusing because I was not having any error to do googling.


Now I was totally dependent on Microsoft detective known as “Event Viewer” and that as expected it gave me the hint that 3GB switch is enabled in the Boot.ini file on the server at the same time when my sccm MP went down. I was quiet lucky that was having knowledge about this as I have read article on same in the past.

This issue occurs if less than 20 megabytes (MB) of nonpaged pool memory is available on the server. When less than 20 megabytes (MB) of nonpaged pool memory is available, the Http.sys kernel mode driver stops accepting new connections.

This issue may occur in situations in which the /3GB switch is enabled in the Boot.ini file on the server

Solution to Fix this is given below :

To work around this issue, add the EnableAggressiveMemoryUsage registry entry to the following registry subkey:.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters
Then, set the EnableAggressiveMemoryUsage registry entry to 1. 

NOTE: Please take back up of the registry to be on the safe side

To do this, follow these steps:

1.       Click Start, click Run, type regedit in the Open box, and then click OK.

2.       Click the following registry subkey:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\HTTP\Parameters

3.       On the Edit menu, point to New, and then click DWORD Value.

4.       Type EnableAggressiveMemoryUsage, and then press ENTER.

5.       On the Edit menu, click Modify.

6.       In the Value data box, type 1, and then click OK.

7.       On the File menu, click Exit to exit Registry Editor. 



8.       Restart the HTTP service. To do this, follow these steps:

a.       Click Start, click Run, type cmd in the Open box, and then click OK.

b.       At the command prompt, type net stop http /y, and then press ENTER.

c.        At the command prompt, type iisreset /restart, and then press ENTER 




And my sccm was back and i completed my activity successfully.

Hope This Was Helpful!!!
Amarpal Singh Sandhu

Tuesday, 12 August 2014

MP Has Rejected GUID : "XXXXX" Message!!!!

Some of warning can be ignored but not for the long time... because if that is not fixed it will change to Error and that is thing that  we never want to see In sccm.  I will check the sccm health and found that SMS_MP_CONTROL_MANAGER was flooding with the warning “MP has rejected client registration”

Let’s take look at the error:

Message ID:  5447

Description:  MP has rejected a message from GUID:”XXXXX” because the signature could not be validated. If this is a valid client, it will attempt to re-register automatically so its signature can be correctly validated.

When looking at the CM database, specifically at the view, v_R_System, one would notice that there are two columns which have names explicitly containing the label “GUID” – Object_GUID0 and SMBIOS_GUID0, neither of which match up to the GUID referred to in the error message shown above.  Looking at the properties of these two columns, we find that Object_GUID0 is related to the Active Directory object of the resource and SMBIOS_GUID0 is the BIOS GUID of the resource.

After reading the logs it was cleared that issue was with the client registration   but which Client? Because in error message it was redirecting to GUID which was linked to client. So now we have to find out the client name that was getting rejected by MP. But HOW??  The answer was in the v_R_System column named SMS_Unique_Indentifier0 – intuitive.

We can get the client information using 3 methods?


1.    SQL Method:  (Query against the CM database) You should have access to DB
SELECT
Name0,
SMS_Unique_Identifier0
FROM
v_R_System
WHERE
SMS_Unique_Identifier0 = ‘GUID: G89L6053-19F7-414C-AAF6-L426F84DAG70′


2.    PowerShell Method: This is my favorite.
Note : Enter your data where the [] are, but omit the brackets.

$params = @{Namespace=”ROOT\SMS\site_[YOURSITECODE]“;
Class=”SMS_R_System”;
ComputerName=”[YOURSITESERVER]“;
Filter=’SMSUniqueIdentifier = “GUID:F36C6053-12D7-404C-AAF6-E406F84DAF50″‘}
Get-WmiObject @params | ForEach-Object {
$Name = $_.Name
$Name = ” Computer Name:  $Name”
$ResourceID = $_.ResourceID
$ResourceID = “   Resource ID:  $ResourceID”
$ClientVersion = $_.ClientVersion
$ClientVersion = “Client Version:  $ClientVersion”
Return $Name, $ResourceID, $ClientVersion
}
3.    Adding the GUID Colum  to All system Query :
Just add the column to the existing all system query and put the GUID in Search bar u will get the Client name.

Hope This Will Help!!
Amarpal Singh Sandhu

Friday, 27 June 2014

Failed to get Web DAV settings on the machine (0x80070003) Error in MPController.log

Hi Floks ,

I was working on my lab environment one day and though to upgrade my sccm 2007 to R2. I was running sccm on windows 2008 OS. I start my upgrade task and everything went as per the plan. I was very happy to test some stuff on R2 , but when i opened my console i was shocked to see that MY MP was floating with all red errors.. :( . To check what was wrong with my MP i opened the MPController.log.

Below lines gave the answer.... and the issue was "WEBDEV Settings" :(:( 

Installing the SMSMP
Passed OS version check.
IIS Service is installed.
 checking WebDAV configuraitons
Failed to get WebDAV settings on the machine (0x80070003)

I was quite confused, i was sure i configured correctly and even it was right. But the issue was "WebDAV Authoring Rules" that i missed to enable it.

You will get this error only in stages.

1.  If WebDav is not installed or it is not configured correctly.
2.  RDC feature is not installed or got corrupted.
====================================================================
 
Resolution

1. To support management point and BITS-enabled distribution point site system computers we must install and configure WebDAV for IIS 7.0 properly.

  1. Depending on your server operating system platform, download either the x86 or x64 version of WebDAV    
  2. Downlaod link :  http://go.microsoft.com/fwlink/?LinkId=108052.
  3. Depending on which version was downloaded, run either thewebdav_x86_rtw.msi or the webdav_x64_rtw.msi file to install WebDAV IIS 7.0 extensions.
  4. Enable WebDAV and create an Authoring Rule, as follows:
    1. Navigate to Start / All Programs / Administrative Tools /Internet Information Services (IIS) Manager to start Internet Information Services 7 Application Server Manager. In Server Manager, select the Features node, and click Add Features to start the Add Features Wizard.
    2. In the Connections pane, expand the Sites node in the navigation tree, and then click Default Web Site if you are using the default Web site for the site system or SMSWEB if you are using a custom Web site for the site system.
    3. In the Features View, double-click WebDAV Authoring Rules
    4. When the WebDAV Authoring Rules page is displayed, in theActions pane, click Enable WebDAV.
    5. After WebDAV has been enabled, in the Actions pane, click Add Authoring Rule.
    6. In the Add Authoring Rule dialog box, under Allow access to, click All content. 
    7. Under Allow access to this content to, click All users
    8. Under Permissions, click Read, and then click OK
  5. Change the property behavior as follows:
    1. In the WebDAV Authoring Rules page, in the Actions pane, click WebDAV Settings
    2. In the WebDAV Settings page, under Property Behavior, setAllow anonymous property queries to True
    3. Set Allow Custom Properties to False
    4. Set Allow property queries with infinite depth to True
    5. If this is a BITS-enabled distribution point, under WebDAV Behavior, set Allow hidden files to be listed to True.
    6. In the Action pane, click Apply
  6. Close Internet Information Services (IIS) Manager.

2. Make sure that Remote Differential Compression feature for site server and branch distribution point computers should be added!!!!!

In Server Manager, on the Features node, click Add Features to start the Add Features Wizard.
  1. On the Select Features page, select Remote Differential Compression, and then click Next.
  2. Complete the rest of the wizard.
  3. Close Server Manager

Finally The last step that fixed everything.


As i was not ready to wait for default 60 min time to auto configure MP component. so i restarted the se SMS_SITE_COMPONENT_MANAGER service on sccm server and the log shows: "SMS Site Component Manager successfully installed MP component on this site system."

Hope This Will Help!!!!
Amarpal Singh

Thursday, 15 May 2014

PXE Boot Problems Because of Support for unknown devices Option

I was having problems getting PXE to work I have read all the different things and tried them a few times but still no joy. DHCP is on a separate server to the management server the PXE role is installed images uploaded WDS is running but was configured through the config console. When I try and PXE it see's the MP server gets a dhcp address but then I get the bcd error 0xc000000f, below is from the smspxelog. 
Below was the error in Smspxelog :
Policy Provider settings flushed due to registry change
 smspxe 28/04/2014 14:32:42 165640 (0x28708)
Reloading PXE Provider Settings. cached=0 smspxe 28/04/2014 14:32:42 165640 (0x28708)
Loaded PXE settings from reg key HKLM\Software\Microsoft\SMS\Identification:
SMS Site Settings:
 Server: RWSCCM2A
 SiteCode: SCN
 Parent SiteCode: <empty>
 smspxe 28/04/2014 14:32:42 165640 (0x28708)
Cannot read the registry value of MACIgnoreListFile (80070002) smspxe 28/04/2014 14:32:42 165640 (0x28708)
Loaded PXE settings from reg key HKLM\Software\Microsoft\SMS\PXE:
PXE Settings:
    IsActive: Yes
    SupportUnknownMachines: No
    MACIgnoreListFile: <empty>
    ResponseDelay: 0
    CacheExpire: 3600
    HTTP Port: 80
    HTTPS Port: 443
    IISSSLState: 0x0
    BindPolicy: Exclude <empty>
    TRK: <non empty>
    SiteSignCert: <empty>
    Root CA Certs: <empty>
    PXE GUID: e216fc6e-139d-487c-8d5f-553bcb890462
    PXEPassword: <non empty>
 smspxe 28/04/2014 14:32:42 165640 (0x28708)
Loaded TFTP settings from reg key HKLM\System\CurrentControlSet\Services\WDSSERVER\Providers\WDSTFTP:
TFTP Settings:
 Directory: E:\RemoteInstall
 smspxe 28/04/2014 14:32:42 165640 (0x28708)
MAC Ignore List Filename in registry is empty smspxe 28/04/2014 14:32:42 165640 (0x28708)
Loaded Database settings from reg key HKLM\Software\Microsoft\SMS\PXE:
Database Settings:
 Server: RWSCCM2B
 Database: SMS_SCN
 User: xrwh\amitl
 Password: <hidden>
 Use Integrated Security: Yes
 Impersonation Required: Yes
 smspxe 28/04/2014 14:32:42 165640 (0x28708)
PXE Provider Settings Changed smspxe 28/04/2014 14:32:42 165640 (0x28708)
Querying Database for Cert with GUID: e216fc6e-139d-487c-8d5f-553bcb890462 smspxe 28/04/2014 14:32:42 165640 (0x28708)
inside GetPxeCert SmsPXE 28/04/2014 14:32:42 165640 (0x28708)
Executing PxeGetCert(e216fc6e-139d-487c-8d5f-553bcb890462) SmsPXE 28/04/2014 14:32:42 165640 (0x28708)
CDatabaseProxy :: GetPxeCert succeeded: e216fc6e-139d-487c-8d5f-553bcb890462 <swervername> <non empty> SmsPXE 28/04/2014 14:32:42 165640 (0x28708)
Loaded PXE settings from DB: PXE Cert: <non empty>
 smspxe 28/04/2014 14:32:42 165640 (0x28708)
Site Code: , Parent Site Code:  smspxe 28/04/2014 14:32:42 165640 (0x28708)
Executing PXE_GetSiteTypeAndDefaultMP(SCN) smspxe 28/04/2014 14:32:42 165640 (0x28708)
GetSiteTypeAndDefaultMP: SiteType=2 DefaultMP=RWSCCM2A.XRWH.NHS.UK  smspxe 28/04/2014 14:32:42 165640 (0x28708)
Site Type: 2 smspxe 28/04/2014 14:32:42 165640 (0x28708)
GetUnknownMachineResource (SCN,x86): smspxe 28/04/2014 14:32:42 165640 (0x28708)
GetUnknownMachineResource: 90f3d7dd-d2de-4b6e-adfd-9c5ca96e422b, 2 smspxe 28/04/2014 14:32:42 165640 (0x28708)
GetUnknownMachineResource (SCN,x64): smspxe 28/04/2014 14:32:42 165640 (0x28708)
GetUnknownMachineResource: 57a39306-8e24-45ee-85e0-697027fff964, 3 smspxe 28/04/2014 14:32:42 165640 (0x28708)
Loaded PXE settings from DB: Unknown machine GUIDs: (x86) 90f3d7dd-d2de-4b6e-adfd-9c5ca96e422b, (x64) 57a39306-8e24-45ee-85e0-697027fff964 smspxe 28/04/2014 14:32:42 165640 (0x28708)
No need to check cert smspxe 28/04/2014 14:32:42 165640 (0x28708)
[010.227.002.101:4011] Recv From:[010.227.002.101:9000] Len:274 172feb0 smspxe 28/04/2014 14:34:12 15036 (0x3ABC)
[010.227.002.101:4011] Recv From:[010.227.005.105:68] Len:1024 19a2c30 smspxe 28/04/2014 14:38:14 1988 (0x07C4)


Finally After long hunting below msg gave me the answer : 

Have I enabled support for unknown devices???? :)
Executing LookupDevice(46746E94-D140-497A-8C46-5463A8F006FD, FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF) smspxe 28/04/2014 14:54:13 11244 (0x2BEC)
CDatabaseProxy :: LookupDevice succeeded: 0 0 0 0 smspxe 28/04/2014 14:54:13 11244 (0x2BEC)
MAC=FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF:FF SMBIOS GUID=46746E94-D140-497A-8C46-5463A8F006FD > Device not found in the database. smspxe 28/04/2014 14:54:13 11244 (0x2BEC)
Loaded PXE settings from reg key HKLM\Software\Microsoft\SMS\PXE:
PXE Settings:
    IsActive: Yes
    SupportUnknownMachines: No
    MACIgnoreListFile: <empty>
    
Seems like i was trying PXE boot on unknown device as per the settings i have specified.
Enable unknown computer support also make sure that i  have the required boot images available on the DP.

Hope This Will Work!!!!!

Friday, 7 June 2013

SCCM 2007 Native Mode Client failed to pull down the computer certificate

Sccm Native mode machine not pull down computer certificate!!!


To request client certificate you go to run>MMC.exe and add Certificates to the console then you can right click on personal certificates and request a cert and it give you below error.

The certificate request failed because of one of the following conditions :-The request required an exchange certificate from a Certification Authority (CA) that is not started OR You do not have the permissions to request certificates from the available CAs.

if so then you might need to add the EnableDCOM entry to the machine with a value of Y

The EnableDCOM registry entry is located in the following registry subkey:
HKEY_LOCAL_MACHINE\Software\Microsoft\Ole

After this restart the machine and wait for GPO to pull down the cert. You will see certificate now :)

http://support.microsoft.com/kb/929494
 Hope this will help you :)
Amarpal Singh Sandhu

SCCM 2007 Client Certificate Missing/Corrupted

Some time we have a client that refuses to finish the install of the SCCM client because the certificate doesn't have a private key or it throw the error in isntallation log. 

We can try below 2 different solutions .


1.  The easiest is to check the cert store under personnal and see if there are any invalid certs. Delete and restart.

2. The other is a more dangerous solution but will correct the problem

It is only recommend when you see all of the following problems:


CCM Setup Log:
Automatic certificate enrollment for local system failed to enroll for one Computer
certificate (0x80090016). Keyset does not exist


Client sucessfully installed but still u see  below error in logs &Applicationn Event Log:

ClientIDManagerStartup:
Certificate issued to 'computer.domain.com' doesn't have private key.
RegTask: Failed to get certificate. Error: 0x80040280
RegTask: Failed to get certificate. Error: 0x80040281
Error initializing client registration (0x80040222).


Solution:
Stop the Crypto Service
Rename the folders under the Crypto Folder
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto

Restart the machine and watch the ClientIDManagerStartup log

Hope this will help you  :)
Amarpal Singh Sandhu

Tuesday, 26 February 2013

How to Copy Multiple old Packages to One Distribution Point SCCM 2007

Copy Packages Wizard in SCCM 2007 console

If you need to distribute huge set of packages to DP2 that you know are already distributed to DP1 then there’s no need to browse through all packages and add new distribution point to each. Also there’s no need to go looking for scripts or tools to do this. Just open SCCM console…
Right-click on one of following possible nodes depending on package type you want to distribute:
  • “Software Distribution” > “Packages”
  • “Software Updates” > “Deployment Packages”
  • “Operating System Deployment” > “Boot Images”
  • “Operating System Deployment” > “Operating System Images”
  • “Operating System Deployment” > “Operating System Install Packages”
  • “Operating System Deployment” > “Driver Packages” Unfortunately the wizard uses filter, so each type of package must be handled separately. Anyway, in the right-click menu select “Copy Packages” option:
image

This will open “Copy Packages Wizard”:

image

When you click “Next” on Welcome screen you must first specify a destination distribution point:

image

Now on “Select Packages” page there is a nice interface to manage the distribution:

image

Notice that you need to have distribute rights on all the packages you select. You can either manually select each and every package you want to distribute to destination DP or you can click on “Source…” button in lower right and select the source distribution point(s). This will automatically select all packages that are currently distributed to source DPs. Of course the selection can be modified later by unchecking/checking the items.

image

Once the needed packages have been selected, click “Next” to review the details on “Summary” page. The progress will start after clicking “Next” on “Summary” page. The destination distribution point will be added to every selected package:

image

Once the progress is complete, you’re done. All selected packages will be pending distribution to destination DP.

More about Copy Packages Wizard:


Hope this will help you  :)
Amarpal Singh Sandhu