Ports Configuration - SCCM 2012

I am working in a server environment and we have SCCM 2012 setup recently. Looks like we have all the ports opened in one direction (SCCM clients - SCCM server), we do not have any ports opened in the opposite direction(SCCM server - SCCM clients). Because
of this I am unable to communicate any new updates (Example - a new Maintenance Window created for a collection), I have to create a Maintenance Window 3 days before the patching time so that clients pull the update from SCCM else I have to end up running
ACTIONS on each server manually in case of emergency.
I am unable to use the feature "Client Notification - Download User Policy and Download Machine Policy" as 10123 and 80 (fallback port) both are blocked.
I am asked to put in an ACL request by my manager on the ports I need to get opened from SCCM server to client servers. Do i just need 10123 and 80? Or am I missing anything? 
Your help is appreciated. Thanks!

If it works for you great but all existing computers within the collection that has the new MW, will see any new MW at their next poll cycle.
All new computers to that collection, will see that MW when the collection refreshes and they become “members” of that collection.
By the sound of it you are removing all computes from the collection and therefore they are losing the membership to that collection, then you adding them back to the collection
and therefore they will see that there are members at the next Collection refresh cycle and therefore see the MW shortly after that.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ

Similar Messages

  • How to configure SCCM 2012 discover user group only?

    Hi,
    I'm wondering if there is a way to discover user group only (ignore computer group) in SCCM 2012?
    Jason

    Hi,
    Also note that by default, only security groups are discovered. However, you can discover the membership of distribution
    groups when you select the checkbox for the option Discover the membership of distribution groups on
    the Option tab
    in the Active Directory Group Discovery Properties dialog box.
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • SQL Ports For SCCM 2012 (Stand alone Server)

    Is there any reason to open port 1433 and 4022 if the SCCM server is a stand alone? It keeps displaying the error in the monitoring tab if i don't open the ports. The SQL  and SCCM  are on the same server.

    I have seen this error even when the ports are open. 
    If you get that problem then there isn't a workaround and you have to put up with the error. There is a open call with at Microsoft Connect about this but I don't think there is any progress on it. 
    https://connect.microsoft.com/ConfigurationManagervnext/feedback/details/1045929/hierarchy-monitoring-detected-that-the-configmgr-sql-server-fqdn-ports-1433-4022-are-not-active-on-firewall-exception
    P.S. You need a connect account and be a member of the Configmgr program to be able to view this.
    Cheers
    Paul | sccmentor.wordpress.com

  • CONFIGURATION SCCM 2012

    Hello,
    From the article 
    http://technet.microsoft.com/en-us/library/hh846235.aspx
    Are the items cumulatives?
    e.g.:
    ----- do I need
    1 Secondary site Desk"Apple-tab-span" style="white-space:pre;"> 24 Cores / 64 GB RAM / 550 GB Space
    - Component Server
    - Device Management point
    - Distribution Point 
    - Management Point
    - Reporting Point 
    - Server Locator Point
    - Site Server
    - Site System
          --or
    ------------ if not cumulative 
    1 Secondary site Desknbsp; 8 Cores / 32 GB RAM / 300 GB Space will be enough?
    - Component Server
    - Device Management point
    - Distribution Point 
    - Management Point 
    - Reporting Point 
    - Server Locator Point
    - Site Server
    - Site System 
    Thanks,
    Dom
    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    Hello,
    One site might be "politically" incorrect in our environment as the support is done by different departments.
    Distribution points due to various physical locations, servers and desktops separated as handled by different departments.
    One database could be manageable as the SQL Support should be centralized but this suppose all desktops and servers are on one site ONLY... to be negotiated.
    in SCCM 2007 with 
    Primary: Quad 2 GHz & 32 GB RAM (external database - 8 Core 2.33 GHz & 4 GB) - Database 20 GB
    Servers: 8 Cores 1.86 GHz & 14 GB RAM (local Database) - Database 65 GB
    Desktops: 8 Core 3.00 GHz & 4 GB (external database - Quad 3.00 GHz & 20 GB) - Database 80 GB
    With this configuration we have a lot of issues of client not reporting to the site servers... over 15 %
    Thanks
    Dom
    System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

  • Using the pre-configured SCCM 2012 SP1 endpoint protection templates for Exchange 2010?

    I am looking to update the exclusions for SCCM Endpoint Protect clients performing server AV protection on Exchange 2010 nodes.
    Within SC there are a number of pre-defined templates, including ones for Exchange 2007 / 2010. However when I analyse these they do not appear to list all the exclusions that the Exchange product team define on TechNet -
    http://technet.microsoft.com/en-us/library/bb332342(v=exchg.141).aspx
    So do I;
    1 - Use the template as it has been verified by Microsoft for using with Exchange 2010 and it covers all I need to exclude?
    2 - Edit the template, adding in the additional exclusions as defined by the Exchange product team?
    Would whichever logic I use apply to other templates, such as SQL, SharePoint, etc as well?
    Thank you
    Alan

    As I cut and pasted the xml file I noticed the following comment that I had missed before..........
            <!-- Exchange -->
            <!-- Exchange Server 2010 exclusions are defined in TechNet bb332342 -->
            <!-- Although the exclusions defined in the article work, testing showed that they exceed what is necessary-->
    Still going with adding the full recommended list from TechNet though

  • SCCM 2012 - Adding Operating System Installer (The specified path does not contain a valid operating system ..)

    I have encountered the dreaded "The specified path does not contain a valid operating system or you do not have permission to access it.  Specify a valid path" message that seems to be popular in many forums .... BUT, so far none of the "solutions"
    have fixed the problem (of I don't understand the fix)
    Configuration
    SCCM 2012 SP1 5.0.7804.1000
    WADK 8.100.26629.0  < Suggested Fix
    Server 2008 R2
    SCCM Administrator with UserID = SCCMAdmin 
    Steps / Fixes I have followed
    I have configured a administrative share
    \\caleb\sources$ to hold directories (such as Apps, Drivers, and OS) with the following NTFS Permissions
    EVERYONE has Read and Execute, List folder, Read permissions<o:p></o:p>
    SYSTEM has Full Control 
    <Suggested Fix
    SCCMManagers (our group that has all SCCMManagers) has Full Control<o:p></o:p>
    SCCMAdmin (the SCCM Admin account that we are using to import image) has Full Control<o:p></o:p>
    Local Administrators (the local machine administrator) has Full Control 
    <Suggested Fix
    <o:p></o:p>
    Another Fix is to explicitly grant all permissions to the SCCM Administrator
    <Suggested Fix
    >Administrative Users ...
    Properties of the SCCM Administrator (for us that is SCCMAdmin) has all the boxes checked<o:p></o:p>
    Another suggestion I was able to glean was to Specify the Network Access Account
    so I configured SCCMAdmin as the Network Access Account.
    Another potential fix is that the image ISO file that has been downloaded is corrupt.   So, I downloaded the Win 7 (and Win 8.1) ISO's from MSDN and did a Checksum check.
    I then mounted the ISO (on 2008R2 I use VirtualClone Drive) and copied the contents of the image to
    E:\Sources\OS\en_windows_7_professional_with_sp1_vl_build_x86_dvd_u_677896 for Windows 7 with SP1
    To double check,
    I computed the Hash on the Install.WIM located in the Sources directory and compared with
    the computed Has Tag for the Install.WIM on the ISO Image  ... and the Hash tag of the WIM's matched (extracted vs what is contained within the ISO)<o:p></o:p>
    I tried to load the images into SCCM 2012 using the "Operating System Installers" option
    UNC to installer
    \\caleb\sources$\OS\en_windows_7_professional_with_sp1_vl_build_x86_dvd_u_677896
    Then I receive the lovely message <o:p></o:p>
    "The specified path does not contain a valid operating system or you do not have permission to access it.  Specify a valid path"<o:p></o:p>
    <o:p> </o:p>
    From
    C:\Program Files (x86)\Microsoft Configuration
    Manager\AdminConsole\AdminUILog\SmsAdminUI.log<o:p></o:p>
    <o:p> </o:p>
    \r\nSystem.Management.ManagementException\r\nGeneric failure \r\n  
    at System.Management.ManagementException.ThrowWithExtendedInfo(ManagementStatus
    errorCode)
       at System.Management.ManagementObject.InvokeMethod(String
    methodName, ManagementBaseObject inParameters, InvokeMethodOptions options)
       at
    Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.ExecuteMethod(String
    methodClass, String methodName, Dictionary`2 methodParameters, Boolean
    traceParameters)\r\nManagementException details:
    instance of SMS_ExtendedStatus
     Description = "Failed to get the image property from the source WIM
    file due to error 80070002";
     ErrorCode = 2147942402;
     File ="e:\\nts_sccm_release\\sms\\siteserver\\sdk_provider\\smsprov\\sspimagepackage.cpp";
     Line = 586;
     Operation = "ExecMethod";
     ParameterInfo = "SMS_OperatingSystemInstallPackage";
     ProviderName = "WinMgmt";
     StatusCode = 2147749889;
    \r\n<o:p></o:p>
    What am I missing ????  I assume something simple but, darn I'm stumped!!!

    Hi,
    Configuration Manager version
    Windows AIK or Windows ADK Version
    Windows PE versions for boot images customizable from the Configuration Manager console
    Supported Windows PE versions for boot images not customizable from the Configuration Manager console
    System Center 2012 Configuration Manager with no service pack
    Windows AIK for Windows 7
    Windows PE 3
    None
    System Center 2012 Configuration Manager with SP1
    Windows ADK for Windows 8
    Windows PE 4
    None
    System Center 2012 Configuration Manager with SP1 and cumulative update 2
    Windows ADK for Windows 8
    Windows PE 4
    Windows PE 3.11
    System Center 2012 Configuration Manager with SP1 and cumulative update 3
    Windows ADK for Windows 8
    Windows PE 4
    Windows PE 3.11 and Windows PE 5
    System Center 2012 R2 Configuration Manager
    Windows ADK for Windows 8.1
    Windows PE 5
    Windows PE 3.11
    Please try to install the Windows ADK for Windows 8.
    http://www.microsoft.com/en-us/download/details.aspx?id=30652
    For more information, please review the link below:
    http://technet.microsoft.com/en-us/library/gg682187.aspx
    We
    are trying to better understand customer views on social support experience, so your participation in this
    interview project would be greatly appreciated if you have time.
    Thanks for helping make community forums a great place.

  • Is there any way to block USB ports through SCCM console

    How to Block the client machine USB ports using SCCM 2012 R2 console
    we know that so many 3rd party tools are able to block the USB ports for client machines, how cant we add an additional option for SCCM 2012 for Block USB ports for client PC's, to make our network secure
    thanks & Regards,
    Teja

    That's not possible by default, but you can create your own custom script and add it as a right-click action to a device.
    My Blog: http://www.petervanderwoude.nl/
    Follow me on twitter: pvanderwoude

  • Create a prompt using MDT 2012 in SCCM 2012 OSD task sequence

    Hi Experts,
    I need some help with SCCM 2012 Task sequence using MDT 2012.
    Here is the scenario:I want to build a task sequence  where it will propmt whether the technican want to build a new build or refresh. Based on the technicians choice the task sequence will perform specific actions.
    We can create the prompt using HTA or VBScript or some otherways.
    But the requiremnt for us is to Use ONLY MDT 2012, not any other ways.
    Is it possible to do like the above with UDI?
    Please can someone shed some light how to do will be great.
    Thanks in advance,

    Hi,
    UDI may achieve what you want. Take a look at the blogs below.
    http://blogs.technet.com/b/anilm/archive/2012/06/01/integrating-mdt-2012-rtm-with-configuration-manager-2012-rtm-part-3-creating-and-deploying-a-udi-task-sequence.aspx
    http://heinrichandsccm.blogspot.com/2013/04/how-to-setup-and-configure-sccm-2012.html
    Important Note: Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
    Juke Chou
    TechNet Community Support

  • SCCM 2012 Win Updates - send only Metadata to Clients?

    Hi Community!
    Is it possible to configure SCCM 2012, so that Clients (Branch Offices) will receive only Metadata from our Server and will download the content directly from the Internet? And if, yes....can you tell us how?
    We had this configuration before (without SCCM) with 2 WSUS Servers (one with Database and one with only Metadata) and both centrally Managed.
    This was a perfect Solution for us. Now Management want to do this with only 1 SCCM Server (WSUS installed on SCCM Server).
    Best Regards
    Marcus

    This can be done with ConfigMgr 2012 SP1 (not RTM).  I'm not sure why you would want a LAN client to download content from Microsoft Update rather than their local Distribution Point, but you can do it per software update Deployment with the Download
    Settings option:
    "If software updates are not available on preferred distribution point or remote distribution point, download content from Microsoft Update"
    When you make your deployment, don't distribute the content for the Deployment Package to any DP's, and then your clients should download it from the internet.
    I hope that helps,
    Nash 
    Nash Pherson, Senior Systems Consultant
    Now Micro -
    My Blog Posts
    <-- If this post was helpful, please click "Vote as Helpful".

  • How to convert Unmanaged SCEP clients to Managed in SCCM 2012 SP1

    We recently started installing SCEP clients from the .exe and a preconfigured .xml file to client machines in a domain setting.  This was done from a USB drive, going from machine to machine, with a  .bat file.
    This was a stop-gap until we were able to install and configure SCCM 2012 SP1.
    PCs that already had the SCEP client (prior to SCCM coming into production) are showing up as unmanaged.  PCs that have had SCCM install SCEP all are listed as managed.
    I've searched, but have yet to find a definitive answer as to how get the manually installed SCEP clients to register as managed in SCCM.
    AD Domain with WIN 2008 R2 DC, SQL 2012 Standard, SCCM 2012 SP1

    Also, make sure the Endpoint Protection Point is installed properly on SCCM and the Client Setting for SCEP is enabled.
    Juke Chou
    TechNet Community Support

  • SCCM 2012: PXE deploy: import boot images?

    Hi,
    We fully configured sccm 2012 and did osd via bootable media. Now we want to configure PXE.
    We enabled it (http://prajwaldesai.com/deploying-sccm-2012-part-14-build-and-capture-windows-7-64-bit/).
    My questions:
    *Is that all that needs to be done?
    *It seems to me we need to import boot images in WDS?
    *If we do, which to import then (both x86 and x64 probably) + there is a winpe and a winpe.....wim made by sccm, which one to import then?
    *on DHCP we change the boot server hostname but what about the bootfile name, what is the path of that? \boot\x64\wdsnbp.com?
    Please advise.
    J.
    Jan Hoedt

    I keep on getting TFTP open timeout
    I find in smspxe.log that it reaches to the SCCM-server but then something goes wrong. Not sure what.
    How can I troubleshoot find more info, please advise?
    00:51:55:2A:5C:C5, 0A190A42-FFDe6-5e69-9e41-70e481B852E3: device is not in the database.    SMSPXE    21/03/2014 16:10:08    2720 (0x0AA0)
    Getting boot action for unknown machine: item key: 2046820352    SMSPXE    21/03/2014 16:10:08    2720 (0x0AA0)
    CLibSMSMessageWinHttpTransport::Send: URL: oursccmserver.prod.ourcompany.be:80  GET /SMS_MP/.sms_aut?MPKEYINFORMATIONEX    SMSPXE    21/03/2014 16:10:08    2720 (0x0AA0)
    CLibSMSMessageWinHttpTransport::Send: URL: oursccmserver.prod.ourcompany.be:80  CCM_POST /ccm_system/request    SMSPXE    21/03/2014 16:10:08    2720 (0x0AA0)
    Jan Hoedt
    Note: what I also can see:
     Client IP Address: 000.000.000.000
     Your IP Address: 000.000.000.000
     Server IP Address: 000.000.000.000
     Relay Agent IP Address: 000.000.000.000

  • SCCM 2012 What Ports Do I need to open so DMZ servers can communicate with my SCCM Server?

    Hi,
    What ports do I need to open in the firewall so my DMZ servers can talk to my SCCM server on the network?
    Here are my steps before to make my DMZ servers talk to my SCCM server:
    1.  On my SCCM 2012 SP1 CU2 I have bounderies installed --> I install SCCM Client on my DMZ server with the appropriate switches --> I go back to my SCCM server to approve the server --> Works
    But now my DMZ servers stops getting definition updates from my SCCM server and I was suggested that it is much easier to open ports in DMZ.
    Now, could you please tell me what ports should we open to ensure two way communication among servers?
    Thanks!

    Yes and no. It's a bit muddy at times.
    For Internet based clients, putting an Internet-enabled MP in the DMZ is perfectly acceptable because Internet clients will only choose MPs enabled for Internet communication.
    For systems in the DMZ, that's where it really gets muddy. There's no perfect way to accomplish this. IMO, DMZ clients should be allowed to go back to the MP/DP in the Intranet with a targeted opening in the DMZ firewall rules that allows them to only go
    to the internal MP. That's a security policy question though for your organization.
    Another option is to treat the clients in the DMZ as Internet only clients. This way, they will only go to the Internet MP in the DMZ. You do lose some functionality though like Remote Control.
    A final way is to actually put an MP/DP in the DMZ and deal with the timeout's that happen when clients try to talk to the MP in the Intranet. Clients will try 5 times to contact that MP before giving up. They try to find a new MP at the following times
    (which are not configurable):
    - Every 25 hours
    - WHen the client detects a network change
    - When the client agent starts
    Jason | http://blog.configmgrftw.com

  • Sccm 2012 R2 - Windows 7 not listening on Port 80

    Hello,
    In looking through smsts.log and IIS logs I saw a lot of error communicating on Port 80.  When  tried to telnet from a pc to our sccm 2012 server using port 80, it goes through fine. But when I tried it the other way around, it fails.  When
    I ran netstat -an |find /i  "listening" on my pc and others around me, I discover port 80 isn't listening. The firewall is off on both the pcs and sccm primary server.  Port 80 isn't blocked on the network.
      TCP     0.0.0.0:135            0.0.0.0:0              LISTENING
      TCP     0.0.0.0:445            0.0.0.0:0              LISTENING
      TCP     0.0.0.0:1025           0.0.0.0:0              LISTENING
      TCP     0.0.0.0:1026           0.0.0.0:0              LISTENING
      TCP     0.0.0.0:1027           0.0.0.0:0              LISTENING
      TCP     0.0.0.0:1028           0.0.0.0:0              LISTENING
      TCP     0.0.0.0:1036           0.0.0.0:0              LISTENING
      TCP     0.0.0.0:1041           0.0.0.0:0              LISTENING
      TCP     0.0.0.0:1057           0.0.0.0:0              LISTENING
      TCP     0.0.0.0:3389           0.0.0.0:0              LISTENING
      TCP     0.0.0.0:5357           0.0.0.0:0              LISTENING
      TCP    127.0.0.1:5020          0.0.0.0:0              LISTENING
      TCP     127.0.0.1:5354         0.0.0.0:0              LISTENING
      TCP     127.0.0.1:27015        0.0.0.0:0              LISTENING
      TCP     127.0.0.1:62522        0.0.0.0:0              LISTENING
      TCP     172.24.94.131:139      0.0.0.0:0              LISTENING
      TCP     172.24.102.23:139      0.0.0.0:0              LISTENING
      TCP     [::]:135               [::]:0                
    LISTENING
      TCP     [::]:445               [::]:0                
    LISTENING
      TCP     [::]:1025              [::]:0                
    LISTENING
      TCP     [::]:1026              [::]:0                
    LISTENING
      TCP     [::]:1027              [::]:0                
    LISTENING
      TCP     [::]:1028              [::]:0                
    LISTENING
      TCP     [::]:1036              [::]:0                
    LISTENING
      TCP     [::]:1042              [::]:0                
    LISTENING
      TCP     [::]:1057              [::]:0                
    LISTENING
      TCP     [::]:3389              [::]:0                 LISTENING
      TCP     [::]:5357              [::]:0                
    LISTENING
    I was told something has to initiate port 80 being open on win7.  Is this true? If so, any idea why sccm isn't doing this? I could switch to port 8530 (have to do this for wsus too), but would think networking would have to open this port and then again,
    would the pc listen for it?
    PS, The sccm position before this one,  dealt with Servers, that must have had port 80 listening.

    After installing SCCM client via Task Sequence, and rebooting, the Self-signed certificate never comes down so the other Action items in Cinfiguration Manager Properties never come down.  The only way I can get the Certificate to come down (seen in
    MMC) is to give full permission (No one had rights initially) to rsa keys folder, delete smscfg.ini file and restart the sms host service.  But if you go into configuration manager properties the client certificate is still shown as None. The locationServices.log
    shows :failed to send management point list location request message to Primary Server/MP. If try
    http://PrimaryServer it fails to connect from a pc. But if I try it from the primary server sccm01 it works fine. Port 80 is open on the network. 
    smsts shows:
     Sending with winhttp Failed; 80072ee2  and also socket connect failed; 8007274c
    Is there any other logs I can send you to help resolve this?
    Again, Thanks so much for all of your help!!!
    Mark

  • IBCM SCCM 2012 r2 DO WE HAVE TO OPEN PORT 8531 IN EXTERNAL firewall

    Hi All
    IBCM SCCM 2012 r2 DO WE HAVE TO OPEN PORT 8531 IN EXTERNAL firewall for our site syatem in DMZ with role MP,sup &DP

    I agree, for IBCM you need SSL.
    But as far as i know your Update Point isn't forced to run on SSL (8531) unless you tick your Update point with "Require SSL" within your update point configuration - which ofcourse is the idael configuration.
    And if that's the case it's running 8530.
    That's true, but for IBCM, as Peter pointed out HTTPS is required. Thus, if you don't configure your WSUS instance to run using SSL, I doubt that it will work simply because the client agent will be "smart" enough to see that you don't have an SSL
    capable WSUS instance and thus won't configure the WUA to use the non-SSL WSUS instance. I can't say I've tested this though, so it's possible that it works, but I doubt it.
    Jason | http://blog.configmgrftw.com | @jasonsandys

  • SCCM 2012 R2 Configuration Manager Client Package - stuck "In Progress"

    Hi Team; I’m having 2 issues with SCCM 2012 R2:
    Issue 1: I'm having a strange issue with the default XXX00002 package - "Configuration Manager Client Package",
    it will not deploy to the Secondary Site DP. The console is saying "In Progress" - below is the output from the
    distmgr.log file.
    ~Package BDC00002 does not have a preferred sender. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.443+240><thread=6032 (0x1790)>
    ~CDistributionSrcSQL::UpdateAvailableVersion PackageID=BDC00002, Version=1, Status=2301 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.444+240><thread=6032 (0x1790)>
    ~StoredPkgVersion (1) of package BDC00002. StoredPkgVersion in database is 1. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.462+240><thread=6032 (0x1790)>
    ~SourceVersion (1) of package BDC00002. SourceVersion in database is 1. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.462+240><thread=6032 (0x1790)>
    ~Package BDC00003 does not have a preferred sender. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.443+240><thread=6092 (0x17CC)>
    ~CDistributionSrcSQL::UpdateAvailableVersion PackageID=BDC00003, Version=1, Status=2301 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.464+240><thread=6092 (0x17CC)>
    STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBK-SCCM-PRI.bbk2310.com SITE=PRI PID=2768 TID=6032 GMTDATE=Mon Mar 17 20:00:23.476 2014
    ISTR0="Configuration Manager Client Package" ISTR1="BDC00002" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400 AVAL0="BDC00002" 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.477+240><thread=6032 (0x1790)>
    StateTable::CState::Handle - (2301:1 2014-03-17 20:00:23.476+00:00) >> (0:0 2014-02-28 16:33:45.383+00:00) 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.484+240><thread=6032 (0x1790)>
    CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='8ACCAE01-5079-4FCD-A988-C1CD3004B698' SID=2301 MUF=0 PCNT=2, P1='PRI' P2='2014-03-17 20:00:23.476+00:00' P3='' P4=''
    P5=''  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.495+240><thread=6032 (0x1790)>
    ~StoredPkgVersion (1) of package BDC00003. StoredPkgVersion in database is 1. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.496+240><thread=6092 (0x17CC)>
    ~SourceVersion (1) of package BDC00003. SourceVersion in database is 1. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.497+240><thread=6092 (0x17CC)>
    STATMSG: ID=2301 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_DISTRIBUTION_MANAGER" SYS=BBK-SCCM-PRI.bbk2310.com SITE=PRI PID=2768 TID=6092 GMTDATE=Mon Mar 17 20:00:23.510 2014
    ISTR0="Configuration Manager Client Upgrade Package" ISTR1="BDC00003" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=1 AID0=400
    AVAL0="BDC00003"  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.510+240><thread=6092 (0x17CC)>
    StateTable::CState::Handle - (2301:1 2014-03-17 20:00:23.510+00:00) >> (0:0 2014-02-28 16:33:45.383+00:00)
     $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.515+240><thread=6092 (0x17CC)>
    CStateMsgReporter::DeliverMessages - Queued message: TT=1401 TIDT=0 TID='8ACCAE01-5079-4FCD-A988-C1CD3004B698' SID=2301 MUF=0 PCNT=2, P1='PRI' P2='2014-03-17 20:00:23.510+00:00' P3='' P4=''
    P5=''  $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.526+240><thread=6092 (0x17CC)>
    CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\1sfb1dbj.SMX  
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.571+240><thread=6032 (0x1790)>
    Successfully send state change notification 8ACCAE01-5079-4FCD-A988-C1CD3004B698 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.572+240><thread=6032 (0x1790)>
    ~Exiting package processing thread. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.574+240><thread=6032 (0x1790)>
    CStateMsgReporter::DeliverMessages - Created state message file: D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming\abaibh8y.SMX  
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.637+240><thread=6092 (0x17CC)>
    Successfully send state change notification 8ACCAE01-5079-4FCD-A988-C1CD3004B698 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.683+240><thread=6092 (0x17CC)>
    ~Exiting package processing thread. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:23.685+240><thread=6092 (0x17CC)>
    Sleep 30 minutes... 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:26.886+240><thread=2936 (0xB78)>
    ~Used 0 out of 3 allowed processing threads. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:27.948+240><thread=4900 (0x1324)>
    ~Sleep 3600 seconds... 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:27.950+240><thread=4900 (0x1324)>
    Sleep 30 minutes... 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:31.934+240><thread=2936 (0xB78)>
    ~Used 0 out of 3 allowed processing threads. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:33.021+240><thread=4900 (0x1324)>
    ~Sleep 3600 seconds... 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:33.023+240><thread=4900 (0x1324)>
    ~Used 0 out of 3 allowed processing threads. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:38.108+240><thread=4900 (0x1324)>
    ~Sleep 3600 seconds... 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:00:38.111+240><thread=4900 (0x1324)>
    Sleeping for 60 minutes before content cleanup task starts.~ 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:06:28.094+240><thread=4968 (0x1368)>
    Sleep 30 minutes... 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 16:30:52.271+240><thread=2936 (0xB78)>
    Sleep 30 minutes... 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.002+240><thread=2936 (0xB78)>
    ~Used 0 out of 3 allowed processing threads. 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.977+240><thread=4900 (0x1324)>
    ~Sleep 3600 seconds... 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:01:10.979+240><thread=4900 (0x1324)>
    Sleeping for 60 minutes before content cleanup task starts.~ 
    $$<SMS_DISTRIBUTION_MANAGER><03-17-2014 17:06:55.337+240><thread=4968 (0x1368)>
    Issue 2: I'm trying to deploy a couple of Packages/Applications using SCCM 2012 R2 running on Win2K8 R2 with no luck, knowing that I could install the packages
    on a test VM “in the DataCenter site”, but when trying to deploy the packages to production PC “in the Office Site”,
     the status is packages deployment compliance stuck at 0%
    Infrastructure:
    3 SCCM servers: CAS, PRI & SEC. Both CAS and PRI are in the DataCenter site, and SEC is in the Office site. The office site has several IP subnets.
    Boundaries are configured through Forest Discovery “IP Ranges and AD Sites” since that the AD site should contain all the IP subnets that the AD site contains, Boundaries groups are also configured and a site reference
    server is configured for each group respectively.
    A OU based Collection has been configured that contains 13 PC "the collection contains the PCs that the packages should be installed.
    Packages/Applications are configured correctly since that I could successfully deploy the packages to the test VM which is on the same subnet as the CAS and the PRI servers "the DataCenter subnet". The issue
    is that I can't deploy the packages to production PCs in the Office subnet!
    Firewall rules are configured and applied via GP, and I even turned Windows Firewall off, and still nothing! I tried to manually initiate Computer Policy download via the SCCM GUI and via a script, still no luck!
    I tried configuring IP Subnet Boundaries, still no luck!!
    Here are the last 2 lines in the LocationServices.log of a client PC at the Office Site:
    <![LOG[MPLIST requests are throttled for 00:00:44]LOG]!><time="14:47:00.766+240" date="03-17-2014" component="LocationServices" context="" type="2" thread="5776"
    file="lssecurity.cpp:4528"> <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="14:47:00.777+240" date="03-17-2014" component="LocationServices" context="" type="1"
    thread="4884" file="lsad.cpp:770">
    And here are the last 4 lines in the ClientLocation.log
    <![LOG[Rotating assigned management point, new management point [1] is: BBK-SCCM-PRI.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState"
    Value="0"/></Capabilities>]LOG]!><time="14:49:04.880+240" date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6311">
    <![LOG[Assigned MP changed from <BBK-SCCM-PRI.bbk2310.com> to <BBK-SCCM-PRI.bbk2310.com>.]LOG]!><time="14:49:04.891+240" date="03-17-2014" component="ClientLocation" context="" type="1"
    thread="3600" file="lsad.cpp:1532"> <![LOG[Rotating proxy management point, new management point [1] is: BBK-SCCM-SEC.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState"
    Value="0"/></Capabilities>]LOG]!><time="14:49:05.345+240" date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6374">
    <![LOG[Rotating local management point, new management point [1] is: BBK-SCCM-SEC.bbk2310.com (7958) with capabilities: <Capabilities SchemaVersion="1.0"><Property Name="SSLState" Value="0"/></Capabilities>]LOG]!><time="14:49:05.786+240"
    date="03-17-2014" component="ClientLocation" context="" type="1" thread="3600" file="lsad.cpp:6436">
    It looks like clients in the Office Site can’t connect to the DP/MP of the Secondary Site server which is also a DP.
    While on the PC that the application was installed on I see the folowing in the LocationService.log:
    <![LOG[Distribution Point='http://BBK-SCCM-PRI.bbk2310.com/SMS_DP_SMSPKG$/Content_69547d2a-339f-4ac4-9523-238c79ff8a52.1', Locality='LOCAL', DPType='SERVER', Version='7958', Capabilities='<Capabilities SchemaVersion="1.0"><Property
    Name="SSLState" Value="0"/></Capabilities>', Signature='http://BBK-SCCM-PRI.bbk2310.com/SMS_DP_SMSSIG$/Content_69547d2a-339f-4ac4-9523-238c79ff8a52.1.tar', ForestTrust='TRUE',]LOG]!><time="14:42:59.506+240"
    date="03-17-2014" component="LocationServices" context="" type="1" thread="224" file="lsutils.cpp:415"> <![LOG[Calling back with locations for location request {144620BC-4BF0-4878-9554-F67D305ECCF8}]LOG]!><time="14:42:59.522+240"
    date="03-17-2014" component="LocationServices" context="" type="1" thread="224" file="replylocationsendpoint.cpp:220">
    Is there something wrong with the Distribution point on the Secondary Site server?
    Please help…
    Thanks..

    Update:
    I fixed the issue with the default XXX00002 package - "Configuration Manager Client Package", it will not deploy to the Secondary Site DP. I did that through "Update Distribution Points" option, and after a while the status was 100%.
    However; the second issue is still unsolved...
    Please help..

Maybe you are looking for