Firewall GPO per site system

Similar Messages

• More than 1 SMP per site

  Can we have more than 1 SMP per site?suppose I have 1 primary site with 2 secondary site, is it possible to have more than 1 SMP for USMT per site?. One of customer have around 40 distribution points and they are expecting to have same DPs as SMP as well
  i.e. 40 SMPs....Any pointers will be appreciated. Thanks
  regards,

  To add-on to Jason, there has been a little change since R2 (at least according to the documentation):
  Prior to System Center 2012 R2 Configuration Manager, all site system roles at a secondary site must be located on the site server computer. The only exception is the distribution point. Secondary sites support installing distribution points on the site
  server computer and on remote computers.
  Beginning with System Center 2012 R2 Configuration Manager, the state migration point can also be installed on the site server computer or on a remote computer, and can be co-located with a distribution point.Reference:
  http://technet.microsoft.com/en-us/library/gg712282.aspx#Plan_Where_to_Install_Sites
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Package Distribution to a Site System DP taking forever

  I currently have the Distribution Point role running on the Site server (DP1) and on one other Site System (DP2). Both are configured exactly the same, running within the same Primary Site boundary and belong to the same Distribution Group. 
  When I distribute a package to both DP's using either the Distribution Group or individual DP's,  it takes just a few seconds for the package to distribute to DP1 (Site Server's DP) but is taking hours to distribute to DP2 (Site
  System's DP). The distmgr.log shows both distributions are completing very quickly (close to the same time) but the PkgXferMgr.log shows "sending content" for each file going to DP2 and is taking an hour or more before
  it completes. Can someone explain why the two DP's are distributing the same content so differently?    

  Hi,
  Please try to increase the number of Maximum threads per package (Administration->Overview->Site Configuration->Sites->A specific site->Configure Site Components->Software Distribution). This might help you to pick up speed for distributing
  package to remote DP.
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• [Forum FAQ] Reporting Service Point cannot be installed on a Site System Server running SQL Server 2012 SP1

  Symptom: When you install Reporting Service Point role on a Site System Server running SQL Server
  2012 SP1, you may encounter an issue that the Reporting Service Point role cannot be installed. The error log “srsrpMSI.log” and “srsrpsetup.log” may throw the error as shown in Figure 1 and Figure 2.
  03:32:03:764]:
  MainEngineThread is returning 1618
  Figure 1: Error -1
  <03/03/14 03:32:03>
  srsrp.msi exited with return code: 1618
  Figure 2: Error -2
  Reason: All the two logs indicate an error return code 1618. From the KB below you may know what
  the return code means.
  ERROR_INSTALL_ALREADY RUNNING 
  1618
  Another installation is already in progress. Complete that installation before proceeding with this install.
  KB link:
  http://support.microsoft.com/kb/290158 “it is related to an Office Suite KB, anyway, the MSI return code is the same meaning”
  You can look into Resource Manager and Event Viewer to find the other currently running MSI installation. You may get a warning in Event Log that means the MSI wants to install a SQL Server
  related Component (Figure 3). The Resource Manager confirms this (Figure 4).
  Event Log:
  Event ID: 1004
  Source: Msinstaller
  Level: Warning
  Detection of product '{A7037EB2-F953-4B12-B843-195F4D988DA1}',
  feature 'SQL_Tools_ANS', component '{0CECE655-2A0F-4593-AF4B-EFC31D622982}' failed.  The resource '' does not exist.
  Figure 3: Event Log
  Figure 4: Resource Manager
  Resolution: the error is exactly what the following KB describes.
  KB Link:
  http://support.microsoft.com/kb/2793634
  After we resolve the SQL Server 2012 issue, the Reporting Service Role is installed successfully.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  This implies that ODP.NET does NOT need to be installed on a client. However, I cannot find OraOPs9.dll on a machine with Client Release 9.2 installed. Should OraOps?.dll automatically come with a Client installation of 9.2 or higher?
  ODP.NET needs to be installed on the client. OraOps9.dll is part of ODP.NET, not the Oracle Client.
  Also, if an application is built with the 10g ODP.NET, can it be run from a machine with OraOps9.dll?
  If an application is built with 10g ODP.NET, it can be run with 9.2 ODP.NET as long as you do not use any 10g APIs. The new features in 10g ODP.NET are included in the doc and the ODP.NET FAQ for your reference.

• I can't get java to work on my Mac. It is installed and enabled. I can't activate java per site because I don't get "click here to activate" box.

  I can't get java to work with Firefox on my mac with OS 10.6.8. I did everything suggested and still no luck. Java is installed, enabled, and updated. I can't even activate java per site because I don't get the "click here to activate" box for some reason. Apple support said it's a firefox problem and they can't help me. I need to be able to use java!

  hello, please update firefox to the latest version & your OS to 10.6.8.
  [[Update Firefox to the latest version]]
  http://support.apple.com/kb/HT4561

• SMS Agent Host Service requirement for Site Server or Site Systems

  Is the SCCM Client a requirement on the SCCM 2012 Site Server or Site Systems or is it possible to disable SMS Agent Host Service or uninstall the client without affecting any of the Site roles? I have actually done that and everything
  is working as expected but I wanted to make sure that none of the site roles are dependent on the client agent.   

  Hi,
  Only need to install client when you want to manage the servers by Configuration Manager client.
  Best Regards,
  Joyce Li
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Reporting site system role fails to install

  When I try to install the site system reporting role it shows success but looking at the status is shows critical. The srsrpsetup.log shows the following..
  <01/27/15 10:53:10> ====================================================================
  <01/27/15 10:53:10> SMSSRSRP Setup Started....
  <01/27/15 10:53:10> Parameters: C:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /install /siteserver:LOUSYSCNTR01 SMSSRSRP 0
  <01/27/15 10:53:10> Installing Pre Reqs for SMSSRSRP
  <01/27/15 10:53:10>         ======== Installing Pre Reqs for Role SMSSRSRP ========
  <01/27/15 10:53:10> Found 1 Pre Reqs for Role SMSSRSRP
  <01/27/15 10:53:10> Pre Req SqlNativeClient found.
  <01/27/15 10:53:10> SqlNativeClient already installed (Product Code: {3965C9F9-9B9A-4391-AC4B-8388210D3AA0}). Would not install again.
  <01/27/15 10:53:10> Pre Req SqlNativeClient is already installed. Skipping it.
  <01/27/15 10:53:10>         ======== Completed Installation of Pre Reqs for Role SMSSRSRP ========
  <01/27/15 10:53:10> Installing the SMSSRSRP
  <01/27/15 10:53:10> Passed OS version check.
  <01/27/15 10:53:10> .NET Framework 4.0 Full profile is installed.
  <01/27/15 10:53:10> Clean up old files
  <01/27/15 10:53:10> Deleting \\?\C:\Program Files\SMS_SRSRP, FAILED, Win32 Error = 2
  <01/27/15 10:53:10> Cannot delete old installation directory C:\Program Files\SMS_SRSRP. Error Code=2. Installation will continue.
  <01/27/15 10:53:10> No versions of SMSSRSRP are installed.  Installing new SMSSRSRP.
  <01/27/15 10:53:10> Enabling MSI logging.  srsrp.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\srsrpMSI.log
  <01/27/15 10:53:10> Installing C:\Program Files\Microsoft Configuration Manager\bin\x64\srsrp.msi SRSRPINSTALLDIR="C:\Program Files\SMS_SRSRP" SRSRPLANGPACKFLAGS=0
  <01/27/15 10:53:12> srsrp.msi exited with return code: 0
  <01/27/15 10:53:12> Installation was successful.
  <01/27/15 10:53:12> Cannot register C:\Program Files\SMS_SRSRP\srsserver.dll, it doesn't exist
  <01/27/15 10:53:12> Cannot register C:\Program Files\SMS_SRSRP\srsserver.dll, it doesn't exist
  <01/27/15 10:53:12> Cannot register SRSRP interop DLL C:\Program Files\SMS_SRSRP\srsserver.dll. Installation cannot continue.
  <01/27/15 10:53:12> Fatal MSI Error - srsrp.msi could not be installed.
  <01/27/15 10:53:12> ~RoleSetup().

  Do the DLLs exist? Have you temporarily turn off AV and install the RP? what does srsrpMSI.log log say?
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• "Add Site System Role" is greyed out in the SCCM console

  SCCM 2012 R2 CU3
  Single Primary Site
  Issue where “Add Site System Role” is greyed out in the SCCM console. We can install roles through PowerShell, however in the console we cannot add roles, remove roles, or change the properties of the site server.
  The account we are using is full administrator in SCCM. It was used to install sccm infrastructure.
  Any suggestions
   

  Anything related to these?
  https://social.technet.microsoft.com/Forums/en-US/4226f698-1114-4a62-bc25-705788432955/add-site-system-roles-remove-roles-greyed-out?forum=configmanagergeneral
  https://social.technet.microsoft.com/Forums/en-US/76bb0064-9d5a-4b0e-b955-472fb5e9e833/the-add-site-system-role-is-grey-out-after-deleted-the-cloud-distribution-point?forum=configmanagerdeployment#5347193f-997b-41a6-8011-5320e3dd8a9e

• SCCM 2012 - Change Distribution Point's Site System Properties Site Code

  Hello All,
  I'm hoping someone can help me out. Here's what I have and here's what I'm trying to do.
  SCCM 2012 R1 
  Each of our offices has a Windows 7 SP1 Ent PC that is a distribution point for that office's 10-20 machines. A number of these offices and their DPs were setup prior to me setting up a number of Secondary Site Servers. So right now, these DPs' site codes
  are the primary site server's. I'd like to change these to one of the Secondary Site Servers.
  When I go to the Site System properties of one of these Win7 distribution points, the Site Code is grayed out.
  So, the question is, how can I change one of these DPs' site codes?
  Thanks in advance to whomever helps!!
  Bill

  That's a strange reason for using Secondary Sites. How many clients are you managing? Have you good WAN links?
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Log location for the DP having only "Distribution point" and "site system" installed

  Hi
  I have one SCCM DP 2012 server. that have only "Distribution point" and "site system"  role installed.
  Is the log will be generated on primary server?  I am not able to find the log on this server.
  Please help me in this.
  Regards, Shishir Kushawaha "If this thread answered your question, please click on "Mark as Answer"

  HI,
  You will have it in a folder called \SMS_DP\sms\logs, you can also see information about package transfers in the primary site server in the distmgr.log and pkgxfermgr.log files .
  Regards,
  Jörgen
  -- My System Center blog ccmexec.com -- Twitter
  @ccmexec

• Move SUP role from Server 2008 R2 to new Site System running Server 2012 R2

  Is it possible to move the primary SUP role which is currently running on a separate site system under Server 2008 R2 (WSUS 3.0 SP2) and move it to a new site system running Server 2012 R2 using the same SUSDB? I've moved the SUP role
  around before by setting up a secondary SUP (using the same DB) then removing the primary SUP role which causes the secondary SUP to become the Primary but that was using the same version of OS and WSUS. With the version of WSUS being different
  on Server 2012 R2, I was thinking this may not be possible since the documentation says the WSUS versions must be the same when creating multiple SUP roles.  

  Hi,
  >>I was thinking this may not be possible since the documentation says the WSUS versions must be the same when creating multiple SUP roles.  
  As the document indicated, "When you have multiple software update points at a site, ensure that they are all running the same version of WSUS." So the scenario you decribed should be not supported.
  Reference:Prerequisites for Software Updates in Configuration Manager
  Best Regards,
  Joyce
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected]

• Site System Roles - Best Practices

  Hi all -
  I was wondering if there wwere any best practice recommendations for how to configure Site System Roles? We had a vendor come onsite and setup our environment and without going into a lot of detail on why, I wasn't able to work with the vendor. I am trying
  to understand why they did certain things after the fact.
  For scoping purposes we have about 12,000 clients, and this how our environment was setup:
  SERVERA - Site Server, Management Point
  SERVERB - Management Point, Software Update Point
  SERVERC - Asset Intelligence Synchronization Point, Application Catalog Web Service Point, Application Catalog Website Point, Fallback Status Point, Software Update Point
  SERVERD - Distribution Point (we will add more DPs later)
  SERVERE - Distribution Point (we will add more DPs later)
  SERVERF - Reporting Services Point
  The rest is dedicated to our SQL cluster.
  I was wondering if this seems like a good setup, and had a few specific questions:
  Our Site Server is also a Management Point. We have a second Management Point as well, but I was curious if that was best practice?
  Should our Fallback Status Point be a Distribution Point?
  I really appreciate any help on this.

  The FSP role has nothing to do with the 'Allow
  fallback source location for content' on the DP.
  http://technet.microsoft.com/en-us/library/gg681976.aspx
  http://blogs.technet.com/b/cmpfekevin/archive/2013/03/05/what-is-fallback-and-what-does-it-mean.aspx
  Benoit Lecours | Blog: System Center Dudes

• "Site System Status Summarizer still cannot access storage object" after DB Move

  After our SCCM server was up and running, the DBAs moved the SQL Site Database to a new drive which is a supported SQL Operation according to this Support document:
  https://support.microsoft.com/en-us/kb/2709082
  Using the methods described by the above document we were able to restore functionality to SCCM but I am still seeing Informational messages in the SMS_SITE_SYSTEM_STATUS_SUMMARIZER component.
  Site System Status Summarizer still cannot access storage object "\\<SQLServer>\S$\SMS_<SQLServer>" on site system "\\<SQLServer>". The operating system reported error 67: The network name cannot be found.
  Possible cause: The site system is turned off, not connected to the network, or not functioning properly.
  Solution: Verify that the site system is turned on, connected to the network, and functioning properly.
  Possible cause: Site System Status Summarizer does not have sufficient access rights to connect to the site system and access the storage object.
  Solution: Verify that the accounts are properly configured to allow the site to connect to the site system and access the storage object.
  Possible cause: Network problems are preventing Site System Status Summarizer from connecting to the site system.
  Solution: Investigate and correct any problems on your network.
  Possible cause: You took the site system out of service and do not intend on using it as a site system any more.
  Solution: Remove the site system from the list of site systems used by this site; this list appears under Site Systems in the Configuration Manager Console.
  Possible cause: You accidentally deleted the storage object or took the storage object out of service.
  Solution: The components will eventually detect that the storage object no longer exists on the site system and will either recreate it or choose a new storage object. Monitor the status messages reported by other site components to verify that this
  occurs properly.
  The storage object has been inaccessible since "14/03/2015 1:23:20 AM". When you correct the problem and Site System Status Summarizer successfully accesses the storage object, Site System Status Summarizer will set the storage object's status
  to OK, providing that the storage object has sufficient free space.
  I have run a site reset to try and fix this but the site server still seems to be trying to access files on the old drive. Is there a method to get SCCM to start looking for these files on the NEW DB drive (H$) in my case?

  Was a site reset performed at all yet? This has to be done. 
  Torsten Meringer | http://www.mssccmfaq.de
  Yes, I tried a site reset prior to making this post. I was sure I had read that this should resolve the issue but unfortunately it seems a site reset did not resolve the issue.
  Since we are running a virtualized environment, is it possible the old drive has to still exist prior to running the site reset? If we add a small "S" drive back to the server and run the site reset again, might that help?

• Invoke-IpamGpoProvisioning : Failed to import GPO. The system cannot find the file specified. (Exception from HRESULT: 0x80070002)

  Hello Im trying to configure IPAM but im getting this error.
  PS C:\Users\Administrator.IPADE.MX> Invoke-IpamGpoProvisioning –Domain actdir.ipade.mx –GpoPrefixName IPAM –IpamServerFq
  dn minte.actdir.ipade.mx –DelegatedGpoUser Administrator -DomainController discovery.actdir.ipade.mx
  Invoke-IpamGpoProvisioning : Failed to import GPO. The system cannot find the file specified. (Exception from HRESULT:
  0x80070002)
  At line:1 char:1
  + Invoke-IpamGpoProvisioning –Domain actdir.ipade.mx –GpoPrefixName IPAM –IpamServ ...
  + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
      + CategoryInfo          : InvalidOperation: (:) [Invoke-IpamGpoProvisioning], Exception
      + FullyQualifiedErrorId : InvalidOperation,Invoke-IpamGpoProvisioning
  In the event viewer  I founf this but I don't know what to do.
  Import of backup failed. Error [The system cannot find the file specified.
  Details -
       Backup
           Directory: The system cannot find the file specified.
           Instance : C:\Users\Administrator.IPADE.MX\AppData\Local\Temp\1\ipamprov
           Comment  : {09673450-4573-42E8-85D0-104144DF0BA3}
           Source GPO:
               DisplayName: IPAMGPO_DNS
               ID: IPAMGPO_DNS
               Domain: {7F345996-1D92-4194-85BF-72BFB5298EDA}
       Destination GPO:
               DisplayName: ipamtestsetup.com
               ID: IPAM_DNS
               Domain: {447E8380-91AF-4C2D-8DAA-2C090A6400E8}

  Hi,
  Before going further, what was name specified in the IPAM provisioning wizard while selecting Group Policy based provisioning method? The GPO prefix name specified in the
  PowerShell command must be same as the one specified in the IPAM provisioning wizard while selecting Group Policy based provisioning method.
  Regarding Invoke-IpamGpoProvisioning, the following article can be referred to as reference.
  Invoke-IpamGpoProvisioning
  http://technet.microsoft.com/en-us/library/jj553805.aspx
  Best regards,
  Frank Shen

• SCCM and ForeFront Endpoint Protection point site system role

  Thanks for looking at this......I am working with SCCM 2012, and ForeFront Endpoint Protection has been set up as an Endpoint Protection point site system role.  Up to now we just haven't had to mess with it much, it just has worked.  I
  have been busy packaging applications for the eager public. I have one pc that has had the Endpoint client self destruct.  Had to remove it via the control panel.  I next did a machine policy retrieval and evaluation cycle (among others) and sccm
  shows that it is aware that this particular machine needs FEP. It lists it as "To Be Installed".  How long will this take?  I have things set for "as soon as possible".   Am I at the mercy of Sccm?  Also, is there
  a way to force the install?  Thanks for any light you can shed on this!

  This will depend on your SCCM client policy settings to allow SCEP installation outside of maintenance windows (if you have any).
  It will also depend if you are using 2 hour deployment "randomizer" option in your SCCM client policy.
  Lastly, you can install it with BITS that have already been downloaded with SCCM client install.
  c:\windows\ccmsetup\scepintall.exe