Managing Clients in DMZ

Similar Messages

• Management point location for workgroup clients in DMZ

  Hi All,
  I am trying to install the SCCM 2012 client to some servers that are located in a workgroup and in a DMZ at our organization.
  I have read up about the config for this and I think that we have everything in place but the clients themselves are not locating a management point which I think is due to the setup of the IIS on the management points.
  Firstly, I ammended the local hosts file on the system to ensure that the server could resolve the SCCM site server and 2 management points by using NetBIOS and FQDN. I also checked that the ports are opened from the client to the
  management point.
  I then ran ccmsetup using the following switches /noservice /mp=smsmp SMSSITECODE=XXX SMSSLP=SMSMP FSP=SMSSITESERVER CCMHTTPPORT=24555 CCMHTTPSPORT=24556 RESETKEYINFORMATION=TRUE which appers to have sucessfully installed the client
  but is now failing to communicate with the MP specified. I am seeing on the client the following repeated in the locationservices.log
  <![LOG[Raising event:
  instance of CCM_CcmHttp_Status
              DateTime = "20141127153834.775000+000";
              HostName = "SMSMP";
              HRESULT = "0x87d0027e";
              ProcessID = 4004;
              StatusCode = 401;
              ThreadID = 5184;
  ]LOG]!><time="15:38:34.775+00" date="11-27-2014" component="LocationServices" context="" type="1" thread="5184" file="event.cpp:715">
  <![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="15:38:34.962+00" date="11-27-2014" component="LocationServices" context="" type="1" thread="5184"
  file="ccmhttperror.cpp:396">
  <![LOG[Error sending HEAD request. HTTP code 401, status 'Unauthorized']LOG]!><time="15:38:34.962+00" date="11-27-2014" component="LocationServices" context="" type="3"
  thread="5184" file="util.cpp:2568">
  <![LOG[Workgroup client is in Unknown location]LOG]!><time="15:38:34.962+00" date="11-27-2014" component="LocationServices" context="" type="1" thread="5184"
  file="lsad.cpp:1078">
  <![LOG[[CCMHTTP] ERROR: URL=http://SMSMP, Port=24555, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="15:38:34.993+00" date="11-27-2014"
  component="LocationServices" context="" type="1" thread="5184" file="ccmhttperror.cpp:297">
  And on the management point I am seeing the following repeated in the IIS logs
  x.x.x.x HEAD / - 24555 - x.x.x.x SMS+CCM+5.0 - 401 2 5 216 0
  I understand that this points to the IIS authentication issue so I have tried browsing to http://smsmp.domainname.com/sms_mp/.sms_aut?mplist and
  I do get a list of management points returned so I'm a little confused now. The other thing that confuses me is that we also have another domain we manage clients
  in and these systems have all registered with the MP fine even though there is no trust relationship in place between the 2 domains.
  I have checked anonymous authentication has been enabled on the SMS_MP virtual directory but I can see that it is set to use a user account of IUSR, but this is not a local user on the MP nor an AD user from what I can see.
  Is anybody able to point me in the correct direction of either what I am doing wrong or which settings I should be checking?
  Thanks in advance for any help
  Andrew

  You mention in your ccmsetup install properties: CCMHTTPPORT=24555 CCMHTTPSPORT=24556
  While the MPList test you provided shows:
  http://smsmp.domainname.com/sms_mp/.sms_aut?mplist
  This is on port 80
  Where is your MP? Port 80 or 24555 ?

• Manage SCCM 2012 clients in DMZ (OS Deploy, Windows updates) via DP/MP

  Hi,
  We ’d like to manage (=OS Deploy, Packages,Windows updates) Windows clients (Windows 2008/2012 R2 servers for now, about 20 of them) in a DMZ (= different domain).
  There is this article
  https://nikifoster.wordpress.com/2011/01/31/installing-configmgr-clients-on-servers-in-a-dmz/ which explains what to do … in 2011. Since then lots of things are changed I guess
  Before I dive in, I’d need to have an overview + do some administrative tasks (like asking for firewall accesses).
  Current setup DMZ:
  Our SCCM 2012 R2 server is on a Windows 2008 R2 OS
  Client communication is done via HTTP (not HTTPS)
  An extra physical Distribution point is setup (only DP, nothing more) in our current domain
  A new Windows 2012 server is setup in the DMZ which should host the DP and probably management point (since it should manage the clients over there)
  There are clients in DMZ that are currenlty managed by SCCM 2007 but 
  this server will be phased out, these client have:
  Correct sccm functionality
  Correct DNS resolution
  My steps/questions, please comment:
  Add the DMZ ip range to SCCM 2012 boundary as “DMZ”
  Add the network access account to be able to deploy as well clients as distribution point in DMZ
  In the DMZ accesses on firewall for server VLAN have to be asked
  When we have a distribution point and communication is “HTTP only” then http (port 80) from DMZ to sccm server should suffice, correct? Or are
   extra firewall openings needed for management point access/packages and windows updates sync?
  Now the sccm clients will be deployed to the servers in DMZ: deploy SCCM clients to hosts in DMZ, how this should be done: we connect a console to the SCCM-server in the DMZ then deploy the discovered clients?
  OS Deploy should be made available, but no dhcp is available in DMZ and it is not an option either, therefore we would boot from an ISO then enter an ip (or pre-enter it so there is already filled in an ip?). So tasksequences/deployments
  for servers in DMZ, where are they configured/deployed then? Via console access on DMZ management point or can we deploy on our domain SCCM management point (not in DMZ) and it will be synced to the DMZ management point? Not clear
  Selective sync of software to this distribution point (howto? not sure), we don’t need any Windows 8 software/drivers to be synced.
  Thanks for your input!
  J.
  Jan Hoedt

  No comment;
  I think you mean the client push installation account and the site system installation account;
  More ports are required, see site server > distribution point and distribution point > management point from the provided link;
  The console will always be connected to your primary site server. The client will be pushed from the primary site server and it will provide the initial files. The other files will be downloaded from the local distribution point;
  The task sequence deployment will be just like a normal taks sequence deployment. The only difference is the location of the server;
  Only the content that's distributed to the distribution point in the DMZ will be available on that distribution point.
  My Blog: http://www.petervanderwoude.nl/
  Follow me on twitter: pvanderwoude

• Manage servers in DMZ and IBCM with the same MP/SUP/DP in DMZ

  Hi all, 
  I already asked a similar question on this forum about a month ago. I got some amswers but couldn't make it work and I still need some extra help.
  I use SCCM 2012 R2 with CU3, I only have one Primary site installed in my internal domain and a management point in my DMZ domain (different forests, no trust) that serves internet clients.
  I also want this DMZ MP to manage the intranet clients in DMZ (Web servers...) and I can't make it work. 
  I thought I could take advantage of the registry AllowedMPs offered by the CU3 because my DMZ clients are not allowed to communicate with the internal primary site on 80/443.
  I would like to avoid using the CCMALWAYSINF switch during the SCCM Client installation and to not treat my servers as internet clients. It works but I don't want the DMZ clients to use windows update to download the updates.
  Thanks again for your help.

  Hello, 
  Peter, thanks for your quick answer.
  1. I have a client certificate and it works because i was able to connect my DMZ server to the MP as an Internet client.
  2. I created the certificated with both names (Internet and Intranet), I used the alernative names filed.
  3. The MP and DP allow Intranet and Internet connnection.
  Here is the other thread I created a while ago, so you can have all the information
  https://social.technet.microsoft.com/Forums/en-US/ce18386b-8306-48d3-a27f-59fa2ee3a4fa/wrong-mp-assignement-for-clients-in-dmz?forum=configmanagergeneral#09a5ca7d-e626-4cbf-9f00-e8ef2ab745c9

• SCCM 2012 R2 Configuration Manager Client Package - stuck "In Progress"

  Hi Team; I’m having 2 issues with SCCM 2012 R2:
  Issue 1: I'm having a strange issue with the default XXX00002 package - "Configuration Manager Client Package",
  it will not deploy to the Secondary Site DP. The console is saying "In Progress" - below is the output from the
  distmgr.log file.
  ~Package BDC00002 does not have a preferred sender. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.443+240><thread=6032 (0x1790)>
  ~CDistributionSrcSQL::UpdateAvailableVersion PackageID=BDC00002, Version=1, Status=2301 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.444+240><thread=6032 (0x1790)>
  ~StoredPkgVersion (1) of package BDC00002. StoredPkgVersion in database is 1. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.462+240><thread=6032 (0x1790)>
  ~SourceVersion (1) of package BDC00002. SourceVersion in database is 1. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.462+240><thread=6032 (0x1790)>
  ~Package BDC00003 does not have a preferred sender. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.443+240><thread=6092 (0x17CC)>
  ~CDistributionSrcSQL::UpdateAvailableVersion PackageID=BDC00003, Version=1, Status=2301 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.464+240><thread=6092 (0x17CC)>
  STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBK-SCCM-PRI.bbk2310.com SITE=PRI PID=2768 TID=6032 GMTDATE=Mon Mar 17 20:00:23.476 2014
  ISTR0="Configuration Manager Client Package" ISTR1="BDC00002" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="BDC00002" 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.477+240><thread=6032 (0x1790)>
  StateTable::CState::Handle - (2301:1 2014-03-17 20:00:23.476+00:00) >> (0:0 2014-02-28 16:33:45.383+00:00) 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.484+240><thread=6032 (0x1790)>
  CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='8ACCAE01-5079-4FCD-A988-C1CD3004B698' SID=2301 MUF=0 PCNT=2, P1='PRI' P2='2014-03-17 20:00:23.476+00:00' P3='' P4=''
  P5=''  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.495+240><thread=6032 (0x1790)>
  ~StoredPkgVersion (1) of package BDC00003. StoredPkgVersion in database is 1. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.496+240><thread=6092 (0x17CC)>
  ~SourceVersion (1) of package BDC00003. SourceVersion in database is 1. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.497+240><thread=6092 (0x17CC)>
  STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBK-SCCM-PRI.bbk2310.com SITE=PRI PID=2768 TID=6092 GMTDATE=Mon Mar 17 20:00:23.510 2014
  ISTR0="Configuration Manager Client Upgrade Package" ISTR1="BDC00003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400
  AVAL0="BDC00003"  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.510+240><thread=6092 (0x17CC)>
  StateTable::CState::Handle - (2301:1 2014-03-17 20:00:23.510+00:00) >> (0:0 2014-02-28 16:33:45.383+00:00)
   $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.515+240><thread=6092 (0x17CC)>
  CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='8ACCAE01-5079-4FCD-A988-C1CD3004B698' SID=2301 MUF=0 PCNT=2, P1='PRI' P2='2014-03-17 20:00:23.510+00:00' P3='' P4=''
  P5=''  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.526+240><thread=6092 (0x17CC)>
  CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\1sfb1dbj.SMX  
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.571+240><thread=6032 (0x1790)>
  Successfully send state change notification 8ACCAE01-5079-4FCD-A988-C1CD3004B698 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.572+240><thread=6032 (0x1790)>
  ~Exiting package processing thread. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.574+240><thread=6032 (0x1790)>
  CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\abaibh8y.SMX  
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.637+240><thread=6092 (0x17CC)>
  Successfully send state change notification 8ACCAE01-5079-4FCD-A988-C1CD3004B698 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.683+240><thread=6092 (0x17CC)>
  ~Exiting package processing thread. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.685+240><thread=6092 (0x17CC)>
  Sleep 30 minutes... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:26.886+240><thread=2936 (0xB78)>
  ~Used 0 out of 3 allowed processing threads. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:27.948+240><thread=4900 (0x1324)>
  ~Sleep 3600 seconds... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:27.950+240><thread=4900 (0x1324)>
  Sleep 30 minutes... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:31.934+240><thread=2936 (0xB78)>
  ~Used 0 out of 3 allowed processing threads. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:33.021+240><thread=4900 (0x1324)>
  ~Sleep 3600 seconds... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:33.023+240><thread=4900 (0x1324)>
  ~Used 0 out of 3 allowed processing threads. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:38.108+240><thread=4900 (0x1324)>
  ~Sleep 3600 seconds... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:38.111+240><thread=4900 (0x1324)>
  Sleeping for 60 minutes before content cleanup task starts.~ 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:06:28.094+240><thread=4968 (0x1368)>
  Sleep 30 minutes... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:30:52.271+240><thread=2936 (0xB78)>
  Sleep 30 minutes... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.002+240><thread=2936 (0xB78)>
  ~Used 0 out of 3 allowed processing threads. 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.977+240><thread=4900 (0x1324)>
  ~Sleep 3600 seconds... 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.979+240><thread=4900 (0x1324)>
  Sleeping for 60 minutes before content cleanup task starts.~ 
  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:06:55.337+240><thread=4968 (0x1368)>
  Issue 2: I'm trying to deploy a couple of Packages/Applications using SCCM 2012 R2 running on Win2K8 R2 with no luck, knowing that I could install the packages
  on a test VM “in the DataCenter site”, but when trying to deploy the packages to production PC “in the Office Site”,
   the status is packages deployment compliance stuck at 0%
  Infrastructure:
  3 SCCM servers: CAS, PRI & SEC. Both CAS and PRI are in the DataCenter site, and SEC is in the Office site. The office site has several IP subnets.
  Boundaries are configured through Forest Discovery “IP Ranges and AD Sites” since that the AD site should contain all the IP subnets that the AD site contains, Boundaries groups are also configured and a site reference
  server is configured for each group respectively.
  A OU based Collection has been configured that contains 13 PC "the collection contains the PCs that the packages should be installed.
  Packages/Applications are configured correctly since that I could successfully deploy the packages to the test VM which is on the same subnet as the CAS and the PRI servers "the DataCenter subnet". The issue
  is that I can't deploy the packages to production PCs in the Office subnet!
  Firewall rules are configured and applied via GP, and I even turned Windows Firewall off, and still nothing! I tried to manually initiate Computer Policy download via the SCCM GUI and via a script, still no luck!
  I tried configuring IP Subnet Boundaries, still no luck!!
  Here are the last 2 lines in the LocationServices.log of a client PC at the Office Site:
  <![LOG[MPLIST requests are throttled for 00:00:44]LOG]!><time="14:47:00.766+240" date="03-17-2014" component="LocationServices" context="" type="2" thread="5776"
  file="lssecurity.cpp:4528"> <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="14:47:00.777+240" date="03-17-2014" component="LocationServices" context="" type="1"
  thread="4884" file="lsad.cpp:770">
  And here are the last 4 lines in the ClientLocation.log
  <![LOG[Rotating assigned management point, new management point [1] is: BBK-SCCM-PRI.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState"
  Value="0"/></Capabilities>]LOG]!><time="14:49:04.880+240" date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6311">
  <![LOG[Assigned MP changed from <BBK-SCCM-PRI.bbk2310.com> to <BBK-SCCM-PRI.bbk2310.com>.]LOG]!><time="14:49:04.891+240" date="03-17-2014" component="ClientLocation" context="" type="1"
  thread="3600" file="lsad.cpp:1532"> <![LOG[Rotating proxy management point, new management point [1] is: BBK-SCCM-SEC.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState"
  Value="0"/></Capabilities>]LOG]!><time="14:49:05.345+240" date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6374">
  <![LOG[Rotating local management point, new management point [1] is: BBK-SCCM-SEC.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>]LOG]!><time="14:49:05.786+240"
  date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6436">
  It looks like clients in the Office Site can’t connect to the DP/MP of the Secondary Site server which is also a DP.
  While on the PC that the application was installed on I see the folowing in the LocationService.log:
  <![LOG[Distribution Point='http://BBK-SCCM-PRI.bbk2310.com/SMS_DP_SMSPKG$/Content_69547d2a-339f-4ac4-9523-238c79ff8a52.1', Locality='LOCAL', DPType='SERVER', Version='7958', Capabilities='<Capabilities SchemaVersion="1.0"><Property
  Name="SSLState" Value="0"/></Capabilities>', Signature='http://BBK-SCCM-PRI.bbk2310.com/SMS_DP_SMSSIG$/Content_69547d2a-339f-4ac4-9523-238c79ff8a52.1.tar', ForestTrust='TRUE',]LOG]!><time="14:42:59.506+240"
  date="03-17-2014" component="LocationServices" context="" type="1" thread="224" file="lsutils.cpp:415"> <![LOG[Calling back with locations for location request {144620BC-4BF0-4878-9554-F67D305ECCF8}]LOG]!><time="14:42:59.522+240"
  date="03-17-2014" component="LocationServices" context="" type="1" thread="224" file="replylocationsendpoint.cpp:220">
  Is there something wrong with the Distribution point on the Secondary Site server?
  Please help…
  Thanks..

  Update:
  I fixed the issue with the default XXX00002 package - "Configuration Manager Client Package", it will not deploy to the Secondary Site DP. I did that through "Update Distribution Points" option, and after a while the status was 100%.
  However; the second issue is still unsolved...
  Please help..

• Managed Client running under root

  Hi
  Can any one of you here tell me what is Managed Client???
  I saw that one in the Activity Monitor and it is running under root account.
  Is this one of the Apple Remote Desktop?
  Or other Application is running.

  Try a google search for *managed client site:apple.com* and peruse the hits.

• Unable to generate Bean Managed Client project

  Hello,
  I am using JDeveloper 9.0.3 Production (build 1035).
  For each of our Business Components projects, we create a deployment profile - BC EJB Session Bean, Session Facade (BMT).
  Because of the way our application is organized, the default folder proposed for the BMC (Bean Managed Client) project is not suitable.
  As it is not possible to modify the BMC project folder or name once generated (maybe here is a slight problem?), we decided to find a different modus operandi to get the same final result.
  But, it seems that the only way to create the BMC project is from the very beginning, when the deployment profile is created, and with the default names generated by JDeveloper.
  Maybe I am missing something.
  Here are the steps I perform:
  1. Specify an Application Server Connection (Standalone OC4J) to our development OC4J server.
  2. For the BC project, create a Deployment Profile / Business Components EJB Session Bean.
  3. For this deployment profile, choose to deploy to Oracle 9iAS EJB Container, using the previously created connection.
  4. In the AppModules section of the profile, carefully reset the option "Create AppModule Configurations" after having selected the one AppModule defined in the BC project.
  5. In the properties of our AppModule, in the Remote section, I activate now the option "Remotable Application Module" and I select Session Facade (BMT) configuration.
  6. In the Target Platform section, I update the Client Project entry to fit our project's organization and press OK.
  7. I return to the deployment profile settings and set the option "Create AppModule Configurations".
  For my surprise, at this moment the BMC project is not created. Nor if I compile the BC project, or modify again the AppModule, or the configurations, or the deployment profile...
  I even tried to quit JDeveloper, re-enter and re-do the same attempts, but useless...
  Is there a way to create the BMC project for a BMT Session Facade configuration after having created the deployment profile?
  TIA,
  Adrian

  Sorry, I think I over-reacted. In fact, the only real problem I have is that I cannot move the BMC project from the default project to another.
  I already have some projects for my application (which I tested until now in local config) and I want now to make them remotable. The problem with the project that did not want to create the BMC-pair was that it had nothing to remote - no exposed method, nor for AM, nor for VO's ;o)
  For a project that already has some remotable methods, the steps to perform are very strict when you want to make it remotable. You are right, if I first make my AM remotable and properly define there the path and name for the client project, I get the good results.
  But, even in this case, I did not see any integrated way of moving this project (completely generated by JDev) to another folder. What I do is modify the project in the configuration properties, quit JDev and move the folder manually.
  Thank you,
  Adrian

• Unable to copy hidden package "Configuration Manager Client Package" to local DP

  Content status lists it as successfully distributed to all DPs (including the local site server)
  However, component status for SMS_DISTRIBUTION_MANAGER continually logs these events:
  Distribution Manager failed to process package "Configuration Manager Client Package" (package ID = CDW00001).
  Possible cause: Distribution manager does not have access to either the package source directory or the distribution point.
  Solution: Verify that distribution manager can access the package source directory/distribution point.
  Possible cause: The package source directory contains files with long file names and the total length of the path exceeds the maximum length supported by the operating system.
  Solution: Reduce the number of folders defined for the package, shorten the filename, or consider bundling the files using a compression utility.
  Possible cause: There is not enough disk space available on the site server computer or the distribution point.
  Solution: Verify that there is enough free disk space available on the site server computer and on the distribution point.
  Possible cause: The package source directory contains files that might be in use by an active process.
  Solution: Close any processes that maybe using files in the source directory. If this failure persists, create an alternate copy of the source directory and update the package source to point to it.
  NOTE: It appears to not be any of these causes.
  If I look at the smsdpmon.log on the server in question, the following is logged every half hour:
  Intializing DP Monitoring Manager...    SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Getting monitoring thread priority SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Getting content library root path SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Getting site code SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Getting algorithm ID SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Failed to find algorighm ID from registry. Use default algorithm. SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Getting DP Cert Type SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Failed to find DP cert type from registry. Use default type. SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Getting this DP NALPath SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Failed to create certificate store from encoded certificate..
  An error occurred during encode or decode operation. (Error: 80092002; Source: Windows) SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  Failed to initialize DP monitoring object. Error code: 0x80092002 SMS_Distribution_Point_Monitoring 1/2/2013 1:29:45 PM 2840 (0x0B18)
  distmgr.log shows the following:
  STATMSG: ID=2304 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BRICK-CONFIGMGR.corp.COMPANY.com SITE=CDW PID=2212 TID=2124 GMTDATE=Wed Jan 02 19:29:45.109 2013 ISTR0="CDW00001" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="CDW00001"    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  Retrying package CDW00001    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  No action specified for the package CDW00001.    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  Start validating package CDW00001 on server ["Display=\\BRICK-CONFIGMGR.corp.COMPANY.com\"]MSWNET:["SMS_SITE=CDW"]\\BRICK-CONFIGMGR.corp.COMPANYNAME.com\...    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  Failed to start DP health monitoring task for package 'CDW00001'. Error code: -1    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  Updating package info for package CDW00001    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  Only retrying local DP update for package CDW00001, no need to replicate package definition to child sites or DP info to parent site.    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  StoredPkgVersion (2) of package CDW00001. StoredPkgVersion in database is 2.    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  SourceVersion (2) of package CDW00001. SourceVersion in database is 2.    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  STATMSG: ID=2302 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BRICK-CONFIGMGR.corp.COMPANYNAME.com SITE=CDW PID=2212 TID=2124 GMTDATE=Wed Jan 02 19:29:45.213 2013 ISTR0="Configuration Manager Client Package" ISTR1="CDW00001" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="CDW00001"    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  Failed to process package CDW00001 after 41 retries, will retry 59 more times    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  Exiting package processing thread.    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:45 PM    2124 (0x084C)
  Used 0 out of 3 allowed processing threads.    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:50 PM    3784 (0x0EC8)
  Sleep 1825 seconds...    SMS_DISTRIBUTION_MANAGER    1/2/2013 1:29:50 PM    3784 (0x0EC8)

  Both errors are certificate related. Is there anything special about your configuration such as special ACLs on the certificate store or FIPS compliance mode (see
  http://support.microsoft.com/kb/811833) being enabled?
  Nothing special with certificates; I've used the basic stuff for intranet management of clients.
  The only related thing I can think of that may have affected this, is that I discovered earlier today that my MP installation got hosed (error 500) due to a broken client install on the site server itself. I uninstalled the client manually and the server
  (as indicated by the component status views) appears to have repaired the MP install. Perhaps it didn't repair it completely? Would a site reset do me any good?

• How do you set up your Configuration Manager client when Imaging?

  OK everyone we got an issue that we need to take care of sorry if this seems like a dumb question but we cant seem to make this work.  How do you set your configuration manager client when you deploy your image(s)?  I created package and pointed
  it right to the config manager install directory just like the recommended one for USMT but it does not seem to work.  I also tried to leave it blank but it appears to be mandatory.. So my question how do YOU get it to work for your areas?
  Thanks

  that might be the problem I dont see a "Microsoft Configuration Manager Client 5.0 All" anywhere. We threw something together that points to:
  \\Server.Domain.com\SCCM_Install\SMSSETUP\CLIENT
  What is happening is this.
  Have a task to deploy Windows natively to the workstation
  Drop applications to the workstation
  do updates
  capture back to server
  All it does is 
  Drop the OS down
  copy the Agent files
  join to the domain
  reboot
  sit
  sit 
  and sit

• Cannot download master page using managed client object model SharePoint 2010

  string siteUrl = "http://server:port/sites/demo";
  string fileServerRelativeUrl = @"/sites/demo/_catalogs/masterpage/v4.master";
  using (ClientContext context = new ClientContext(siteUrl)){ FileInformation fileInfo = Microsoft.SharePoint.Client.File.OpenBinaryDirect(context, fileServerRelativeUrl);}
  File.OpenBinaryDirect() throws "The remote server returned an error: (404) Not Found" error. while Microsoft.SharePoint.Client.File f1 = web.GetFileByServerRelativeUrl(fileUrl);
                  context.Load(f1);
                  context.ExecuteQuery();this gives the file object.File.OpenBinaryDirect() works if I pass "/sites/demo/_catalogs/masterpage/TabViewPageLayout.aspx" as fileServerRelativeUrl.Both the files are present in Master Page Gallery.File.OpenBinaryDirect() doesn't work if I pass any of ".master" file in the master page galleryPlease let me know whether downloading the master pages is supported using managed Client object model. 

  Hi,
  If don't change the default config, We are unble to download master page.
  It's better to create your own (perhaps based on the default.master) and use that master page.
  also,make sure there's no a permission issue on the website.
  Thanks
  Guangchao chen
  TechNet Community Support

• SCEP definition updates for clients in DMZ via UNC is not working.

  Hello,
  I have configured SCEP definition updates via UNC method for my Win 8.1 clients in DMZ and its not working.
  Script is properly associated with task scheduler and downloading definition to shared folder properly.
  Even running the mpcmdrun.exe -SignatureUpdate, gives the below error:
  C:\Program Files\Microsoft Security Client>mpcmdrun.exe -SignatureUpdate
  Signature update started . . .
  ERROR: Signature Update failed with hr=80070002
  CmdTool: Failed with hr = 0x80070002. 
  MpCmdRun: Command Line: mpcmdrun.exe  -SignatureUpdate
   Start Time: ‎Sun ‎Jul ‎06 ‎2014 11:05:09
  Start: MpSignatureUpdate()
  Update started 
  Search Started (UNC share) (Path: \\sccm\SCEP_UNC_DEFS\Updates\x64)...
  Search Completed 
  Download Started...
  Download Completed 
  Installation Started...
  Installation Completed 
  Update completed with hr: 0x80070002
  ERROR: Signature Update failed with hr=80070002
  MpCmdRun: End Time: ‎Sun ‎Jul ‎06 ‎2014 11:05:17

  Hi,
  Please check logs on the client to see whether there are any helpful information.(ScanAgent.log, Windowsupdate.log and UpdatesHandler.log)
  Best Regards,
  Joyce
  We
  are trying to better understand customer views on social support experience, so your participation in this
  interview project would be greatly appreciated if you have time.
  Thanks for helping make community forums a great place.

• Configuration Manager client upgrade package failing to download to DPs

  Hello,
  I am receiving the following error in distmgr.log "Failed to get RDC signature path for for package SF100004 version 1. Error = 2"
  "SF100004" is the "Configuration Manager client upgrade package"
  Is there a way to rebuild/repair this package? 

  Yes, I did find out how to fix the problem. I had to use a power shell script to call WMI on the site server to manually force a refresh of the package having problems.
  $SiteCode = "SF1"
  $PackageID = "SF100004"
  $distpoints = Get-WmiObject -Namespace "root\SMS\Site_$($SiteCode)" -Query "Select * From SMS_DistributionPoint WHERE PackageID='$PackageID'"
  foreach ($dp in $distpoints)
  $dp.RefreshNow = $true
  $dp.Put()

• EMC Replication Manager Client on Solaris 10 Zone?

  Hello,
  Hoping I could find out if anyone out there has had success running EMC's Replication Manager (client) on a Solaris zone where an Oracle database is running, and how it was installed. Normally we install 3rd party software on the Global host /opt, and then call the libs, etc, from the zone (the global host's /opt is made readable to the zone). An obvious solution would be to install the client directly within the zone, but should we need to add another zone for redundancy purposes (two hosts running one database each, should one host go down, we'd migrate it's zone w/ the other database over to the other host), we would have to install the EMC client (again), rather than being able to just call the same deployment from the Global host from within the new zone.
  Any info or links to info would be appreciated. I tried searching around but didn't find anything.
  Vlad

  Hi,
  Thanks once again for reply!!
  If you already installed Oracle Virtual Directory Manager on Sun SPARC, can you brief us pre-requisite setting and installation steps, so that we can follow the same.
  Because, we are getting error in the initialization of installation process itself. So, I think there must be some configuration settings to be made.
  We already raised SR (Service Request) with Oracle, bu there is no reply from their side till now.
  I am waiting for your reply ASAP
  Regards

• How to configure SNMP on all managed client using SCCM 2012 SP1

  hi ,
  do you know  How to configure SNMP on all managed client using SCCM 2012 SP1?

  As a side note, I made an interesting discovery last week: the SNMP Service is deprecated in Windows Server 2012. Why would you want to use SNMP on an actual Windows OS though? There are far better ways available to monitor Windows. I'm sure that lines
  up with why they deprecated it.
  Jason | http://blog.configmgrftw.com

• Build and Capture TS fails in "Prepare Configuration Manager Client" task

  I have a ConfigMgr 2012 R2 + CU1 I use for Windows 7 deployment.
  I have made a "build and Capture" TS in ConfigMgr that I use to build my reference image.
  When I run the TS it fails at the "Prepare Configuration Manager Client" step where I get the following error:
  The task sequence execution engine failed executing the action (Prepare Configuration Manager Client) in the group (Capture the Reference Machine) with the error code 2147749938
  Action output: ... 1 instance(s) of 'SMS_MaintenanceTaskRequests' successful
  Successfully reset Registration status flag to "not registered"
  Successfully disabled provisioning mode.
  Start to cleanup TS policy
  getPointer()->ExecQuery( BString(L"WQL"), BString(pszQuery), lFlags, pContext, ppEnum ), HRESULT=80041032 (e:\nts_sccm_release\sms\framework\core\ccmcore\wminamespace.cpp,463)
  ns.Query(sQuery, &spEnum), HRESULT=80041032 (e:\qfe\nts\sms\framework\tscore\utils.cpp,3666)
  End TS policy cleanup
  TS::Utility::CleanupPolicyEx(false), HRESULT=80041032 (e:\nts_sccm_release\sms\client\osdeployment\preparesmsclient\preparesmsclient.cpp,564)
  pCmd->Execute(), HRESULT=80041032 (e:\nts_sccm_release\sms\client\osdeployment\preparesmsclient\main.cpp,136)
  Wmi query 'select *from CCM_Policy where PolicySource = 'CcmTaskSequence'' failed, hr=0x80041032
  Failed to delete policies compiled by TaskSequence (0x80041032)
  Failed to prepare SMS Client for capture, hr=80041032
  Failed to prepare SMS Client for capture, hr=80041032. The operating system reported error 2147942402: The system cannot find the file specified.
  If I disable the "Install Software Updates" part of my TS it will run without probems. It installs 154 updates during the build.
  I have seen another reference to this problem on this forum but why should the large number of the updates be the reason why the task sequcens cannot prepare the SCCM client for capture.
  Sounds to me that it's a BUG :-(
  Thomas Forsmark Soerensen

  I'm glad I'm not the only one running into this.  I've been racking my brain for the past few days trying to figure out where I went wrong. 
  SCCM 2012 R2 CU1
  Installation properties in TS: SMSMP=mp.f.q.d.n FSP=mp.f.q.d.n DNSSUFFIX=f.q.d.n PATCH="%_SMSTSMDataPath%\Packages\AP200003\hotfix\KB2882125\Client\x64\configmgr2012ac-sp1-kb2882125-x64.msp;%_SMSTSMDataPath%\Packages\AP200003\hotfix\KB2905002\Client\x64\configmgr2012ac-r2-kb2905002-x64.msp;%_SMSTSMDataPath%\Packages\AP200003\hotfix\KB2938441\Client\x64\configmgr2012ac-r2-kb2938441-x64.msp"
  Drop Windows 7 WIM that has all the updates Schedule Updates (offline servicing) installed (169 of 277)
  Apply several updates offline (the dual-reboot Windows 7 updates among others)
  Run Windows Updates more than once to be sure I get everything
  Breaks at the preparing client for capture step
  Is this:
  a bug?
  a known issue
  something that's just frowned upon for no technical reason?
  I'd love to hear from an SCCM guru [at Microsoft] on what the heck is going on here.