Update point on Secondary Site
Hi i have SCCM Primary site and Secondary site each site has Update point installed now my question are the users that belong to secondary site has to see the secondary update point server on the Group policy (intranet Microsoft Update Service location)
or the primary Update point which is installed on the primary site.
Thanks,
Ahmed Ali
Hi,
You shouldn't configure the WSUS server using a GPO, the SCCM client will create a Local Policy for the SUP to use for scanning automatically for you.
Regards,
Jörgen
-- My System Center blog ccmexec.com -- Twitter
@ccmexec
Similar Messages
-
Uninstall and Reinstall Secondary Site Management Point Role
Dear Brothers,
I have an issue with one of my SCCM 2012 Sp1 with CU3 Secondary Site Server which the client failed to install on the actual server due to a client issue observed in the CCMSetup.log.
Observation Regarding the issue:
Issue Detail No1.
SCCM Client is not installing to my Secondary Site Server with site code (XYZ), after all the site server are also clients in SCCM hierarchy so it self needs SCCM Client as well.
CCMSetup.log:
"Error 25150. Setup was unable to register the CCM_Service_HostingConfiguration endpoint" when you try to install the client agent in Configuration Manager"
According to http://support.microsoft.com/kb/2905359
the solution is to :
1. Uninstall the management point role.
2. Reinstall the client agent on the management point computer.
3. Reinstall the management point role.
Issue Detail No 2.
When I am trying to uninstall the Management Point Role via SCCM Console as part of the solution posted on the above KB Article, unfortunately the delete or uninstall option is been greyed out.
Now a lot of discussion on the topic "Can not remove management point role is greyed out "under this thread
http://social.technet.microsoft.com/Forums/en-US/1a039893-4a65-4dc9-9feb-e6f09ea1fc0b/can-not-remove-management-point-remove-role-is-greyd-out?forum=configmanagerdeployment
However on the last comment of the above thread from"Trana010"
stated a tool or a command
C:\program files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /deinstall /siteserver:(sec server name) SMSMP
0
Which I never tried yet, and also cannot find a reliable KB supporting the command "rolesetup.exe".
Questions:
1. What is the best way to uninstall/Reinstall the management point on secondary site considering the above issue details?
2. Should I installed CU4 directly instead? Maybe it will resolved the issue even though it is not related to the current case
Regards,Well, it's by design that you can't remove a management point on a secondary site, so I can imagine that that's why there is nothing "official" written on that subject. I think there are three things you can do:
Try to run the command line (which is probably unsupported)
Submit a CSS call
Upgrade to CU4 and assume the problem is gone.
My Blog: http://www.petervanderwoude.nl/
Follow me on twitter: pvanderwoude
Dear Peter,
I end up shooting a case with CSS, he guided me and share that this issue is very common.
The reason is that it requires CU3 upgrade (Configmgr2012ac-sp1-kb2882125-x64.msp) to be installed with the SCCM Client installation (The same time) via command line in an elevated permission.
Follow the solution provided by Microsoft Support:
CCMSetup.exe /forceinstall SMSSITECODE=XYZ CCMENABLELOGGING=TRUE CCMLOGLEVEL=0 PATCH=C:\Configmgr2012ac-sp1-kb2882125-x64.msp
It seems the Client Push provided by SCCM 2012 Sp1 Infra, that includes your Hotfix under the "Hotfix" folder under the client source folder somehow doesn't work with this issue, that's why the work around is to help the ccmsetup to grab the Hotfix with
by providing the path for the hotfix instead of relying to take the hotfix for the hotfix folder.
Overall peter thanks for your suggestion. And also to Mr. Jason Sandys opening the option for an R2 upgrade, I will look into the KB for this to plan for implementation.
Regards, -
Secondary Sites / PXE Service Point
I would like to enable PXE booting from my secondary sites.
When and when don't you setup a PXE service point on secondary sites? I have the pxe service point setup on my main central site and this works fine.
Can I skip this step on the secondary site?
thank you.Depends upon where you want the systems PXE booting from. Generally, PXE booting across the WAN is not a good thing as it can take a long time. Also note the PXE process in ConfigMgr only delivers the boot image, all other content comes from a DP. There's
no reason you can;t spin up a PSP in a secondary site and this typically makes sense because the whole point of the secondary site is that you have clients at a remote location across a WAN link.
Jason | http://blog.configmgrftw.com -
How to remove the parent-child software update point in sccm 2012 sp1
I have a CAS , Primary site server(1) and secondary site servers (7). I have software update point installed on CAS, Primary server and Secondary site servers as well.
I have a situation to reinstall the software update point which is in primary site server.
So, How to reinstall the software update point in primary site server since this is located in the middle between CAS and secondary site servers.
So, please suggest me, do I have to do anything special apart from the normal steps to uninstall and reinstall the SUP point on primary site server?
I have referred few posts on how to remove SUP
https://social.technet.microsoft.com/Forums/en-US/c7258aad-d968-427b-8826-4829916c14c9/remove-and-re-add-software-update-point-sccm-2012?forum=configmanagersdk
and how to install SUP
http://www.windows-noob.com/forums/index.php?/topic/4467-using-sccm-2012-in-a-lab-part-6-deploying-software-updates/Hi,
>> please suggest me, do I have to do anything special apart from the normal steps to uninstall and reinstall the SUP point on primary site server?
I just tried to reinstall the SUP on the Primary site(only one SUP on Primary site and there is a SUP on Secondary site). The SUP upstream data source of the Secondary site showed empty and greyed out. But the upstream data source resumed after a while.
It seems nothing special needs to be done.
Best Regards,
Joyce
Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Subscriber Support, contact [email protected] -
SCCM 2012 R2 - Secondary site in other forest
Hello,
I've a question about secondary site deployment. Currently, we've a standard sccm infrastructure with only one primary site.
We want to integrate a distant site with low bandwith and in a other forest. This forest is administrate by someone on site. That people must have SCCM administration rights only for his forest.
Secondary Site is it the best method to isolate sccm rights administration ? (Maybe easier with only one Distribution Point ?)
Secondary Site must be in the new forest or must be in the primary site forest ?
Thank you !
JérémyA secondary site in another forest requires a trust.
"Secondary Site is it the best method to isolate sccm rights administration ?" --> not at all! Secondaries do not add an administrative boundary. Even primaries don't. Use RBA (role based access) instead. How many clients are in each forest? Define
"low bandwidth".
Torsten Meringer | http://www.mssccmfaq.de -
Hi,
We try to install sccm 2012 serondary site in server 2012. It always failed.
I used the rereqchek tools to check system enviroment locally. All passed.
The primary site installed in server 2012. Both server had granted the administrator permission.
Anyone can help to check the below Configmgrprereq.log
<01-16-2015 08:47:55> ********************************************
<01-16-2015 08:47:55> ******* Start Prerequisite checking. *******
<01-16-2015 08:47:55> ********************************************
<01-16-2015 08:47:55> Commandline :
"D:\Microsoft Configuration Manager\bin\x64\smsexec.exe"
<01-16-2015 08:47:55> Check Type: Secondary site
Site Server: DPServer.ms.com,
SQL Server: DPServer.ms.com,
SQL Named Instance: ,
Install Folder: d:\Program Files\Microsoft Configuration Manager\,
Setup Source Folder: D:\SCCM2012\Source
<01-16-2015 08:47:55> INFO: Executing prerequisite functions...
<01-16-2015 08:47:55> ===== INFO: Prerequisite Type & Server: SITE_SEC:DPServer.ms.com =====
<01-16-2015 08:47:55> <<<RuleCategory: Access Permissions>>>
<01-16-2015 08:47:55> <<<CategoryDesc: Checking access permissions...>>>
<01-16-2015 08:47:55> INFO: CheckLocalSys is Admin of <DPServer.ms.com>.
<01-16-2015 08:48:08> DPServer.ms.com; Site server computer account administrative rights; Error; Configuration Manager Setup requires that the site server computer has administrative rights on
the SQL Server and management point computers.
<01-16-2015 08:48:08> <<<RuleCategory: System Requirements>>>
<01-16-2015 08:48:08> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<01-16-2015 08:48:08> INFO: Check Lanman service: <DPServer.ms.com>.
<01-16-2015 08:48:22> DPServer.ms.com; Check Server Service is running; Passed
<01-16-2015 08:48:30> INFO: OS version:0, ServicePack:0.
<01-16-2015 08:48:30> DPServer.ms.com; Unsupported site server operating system version for Setup; Error; Configuration Manager site systems can only be installed on systems running Windows Server
2008 SP2 or later.
<01-16-2015 08:48:34> INFO: Failed to get Active Directory membership information for computer DPServer.ms.com with 0.
<01-16-2015 08:48:34> DPServer.ms.com; Domain membership; Error; Configuration Manager site server components must be installed on computers that are members of a Windows domain.
<01-16-2015 08:48:40> INFO: Free disk space on target \\DPServer.ms.com\d$\. = 510158 MB
<01-16-2015 08:48:40> DPServer.ms.com; Free disk space on site server; Passed
<01-16-2015 08:48:47> DPServer.ms.com; Pending system restart; Passed
<01-16-2015 08:48:50> INFO: The server DPServer.ms.com is not read-only domain controller.
<01-16-2015 08:48:50> DPServer.ms.com; Read-Only Domain Controller; Passed
<01-16-2015 08:48:50> INFO: Check FQDN Length for site server: <DPServer.ms.com>.
<01-16-2015 08:48:50> DPServer.ms.com; Site Server FQDN Length; Passed
<01-16-2015 08:48:50> <<<RuleCategory: Dependent Components>>>
<01-16-2015 08:48:50> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<01-16-2015 08:48:57> DPServer.ms.com; Microsoft XML Core Services 6.0 (MSXML60); Warning; MSXML 6.0 or later libraries are required for Configuration Manager console and Configuration Manager site
server installations. MSXML 6.0 is available for download at http://go.microsoft.com/fwlink/?LinkId=215744
<01-16-2015 08:49:03> DPServer.ms.com; Microsoft Remote Differential Compression (RDC) library registered; Error; Microsoft Remote Differential Compression (RDC) library must be registered for Configuration
Manager site server installation. Details at http://technet.microsoft.com/library/cc431377.aspx#RDC_for_Site_Servers.
<01-16-2015 08:49:03> INFO: Checking Windows Installer version on DPServer.ms.com.
<01-16-2015 08:49:13> INFO: Path of Windows Installer is <\\DPServer.ms.com\C$\Windows\System32\msi.dll>.
<01-16-2015 08:49:19> ERROR: Failed to determine Windows Installer version from path:<\\DPServer.ms.com\C$\Windows\System32\msi.dll> .
<01-16-2015 08:49:19> DPServer.ms.com; Microsoft Windows Installer; Error; Setup failed to verify the Windows Installer version, or the installed version of Windows Installer does not meet the minimum
requirement. Configuration Manager requires at least Windows Installer version 4.5.
<01-16-2015 08:49:19> INFO: Start Checking InstallSQLExpress on site server: DPServer.ms.com, SQL Server instance CONFIGMGRSEC
<01-16-2015 08:49:28> INFO: SQL Server Instance Names value was not found
<01-16-2015 08:49:28> INFO: IsPortUsedByAnySqlInstance port 1433.
<01-16-2015 08:49:39> INFO: TCP port 1433 is not in use by any other SQL Server instances.
<01-16-2015 08:49:49> INFO: Sql express: OS version:0, ServicePack:0.
<01-16-2015 08:49:49> ERROR: Cannot install sqlexpress 2012, not meet OS requirement: Windows server 2008 sp2, Windows server 2008 R2 sp1 or higher.
<01-16-2015 08:49:49> DPServer.ms.com; SQL Server Express on Secondary Site; Error; A SQL Server instance is already installed on the secondary site server using the instance name CONFIGMGRSEC,
or the specified TCP port is being used by another SQL Server instance, or OS version is not Windows Server 2008 sp2, Windows Server 2008 R2 sp1 or higher. Setup is unable to install SQL Server Express on the secondary site.
<01-16-2015 08:49:55> ERROR: Failed to connect to registry of DPServer.ms.com
<01-16-2015 08:49:55> DPServer.ms.com; Existing Configuration Manager server components on site server; Error; A site server or site system role is already installed on the computer selected for
site server installation. Remove the site or site system role from the computer, or select another computer for site server installation.
<01-16-2015 08:49:55> DPServer.ms.com; Firewall exception for SQL Server (stand-alone primary site); Passed
<01-16-2015 08:49:55> INFO: SQL Server computer <DPServer.ms.com>
<01-16-2015 08:49:55> INFO: SQL Server named instance <>
<01-16-2015 08:49:55> INFO: Install SQL Server Express on secondary site, skip checking.
<01-16-2015 08:49:55> DPServer.ms.com; SQL Server service running account; Passed
<01-16-2015 08:49:55> INFO: Install SQL Server Express on secondary site, skip checking.
<01-16-2015 08:49:55> DPServer.ms.com; Dedicated SQL Server instance; Passed
<01-16-2015 08:49:55> INFO: CheckSQLCollationSecondary
<01-16-2015 08:49:55> INFO: Installing SQL Server Express; skipping
<01-16-2015 08:49:55> DPServer.ms.com; Parent/child database collation; Passed
<01-16-2015 08:49:55> INFO: Checking .NET framework versions 3.5...
<01-16-2015 08:50:05> INFO: .NET is installed
<01-16-2015 08:50:05> DPServer.ms.com; Minimum .NET Framework version for Configuration Manager site server; Passed
<01-16-2015 08:50:05> INFO: Checking .NET version required for installing SQL Server Express for Secondary Site.
<01-16-2015 08:50:05> INFO: Checking .NET framework versions 4.0...
<01-16-2015 08:50:10> INFO: .NET is installed
<01-16-2015 08:50:11> DPServer.ms.com; Minimum .NET Framework version for SQL Server Express edition installation for Configuration Manager Secondary Site; Passed
<01-16-2015 08:50:11> INFO: CheckInstallSourceVersion <D:\SCCM2012\Source>
<01-16-2015 08:52:29> ERROR: Could not read install map from \\DPServer.ms.com\D$\\SCCM2012\Source\SMSSETUP\install.map (result 2)
<01-16-2015 08:52:29> DPServer.ms.com; Setup Source Version; Error; The product version in the source folder specified for secondary site installation does not match the version of the primary site.
<01-16-2015 08:52:29> INFO:CheckInstallSourcePath <DPServer.ms.com>
<01-16-2015 08:52:55> ERROR: Failed to call GetResultByRunningService
<01-16-2015 08:52:55> DPServer.ms.com; Setup Source Folder; Error; The computer account for the secondary site must have Read NTFS and share permissions to the Setup source folder and share. We
recommend that you do not use administrative shares (for example, C$ and D$) because they require the secondary site computer account to be an administrator on the remote computer.
<01-16-2015 08:52:55> INFO: Enter CheckSecSiteSqlOnSameMachine.
<01-16-2015 08:52:55> INFO: Installing SQL Server Express, skipping SQL Server check.
<01-16-2015 08:52:55> DPServer.ms.com; SQL Server on the Secondary Site Computer; Passed
<01-16-2015 08:52:55> INFO:CheckSupportedFQDNFormat <DPServer.ms.com>
<01-16-2015 08:53:04> INFO: NetBIOS <NZWHKVMAS020>
<01-16-2015 08:53:04> DPServer.ms.com; Primary FQDN; Passed
<01-16-2015 08:53:04> INFO:CheckMachineAccountHasADAccess <DPServer.ms.com>
<01-16-2015 08:53:30> ERROR: Failed to call GetResultByRunningService
<01-16-2015 08:53:30> DPServer.ms.com; Verify site server permissions to publish to Active Directory.; Warning; The site server might be unable to publish to Active Directory. The computer account
for the site server must have Full Control permissions to the System Management container in its Active Directory domain. You can ignore this warning if you have manually verified these permissions. For more information about your options to configure required
permissions, see http://go.microsoft.com/fwlink/p/?LinkId=233190.
<01-16-2015 08:53:30> INFO:CheckRemoteWMIConnection <DPServer.ms.com>
<01-16-2015 08:53:44> DPServer.ms.com; Remote Connection to WMI on Secondary Site; Passed
<01-16-2015 08:53:44> INFO: Check required collation of Sql Server.
<01-16-2015 08:53:44> INFO: LangID <409>
<01-16-2015 08:53:44> INFO: NOT primary site or CAS install, skipping check for reqired collation of SQL Server.
<01-16-2015 08:53:44> DPServer.ms.com; Required SQL Server Collation; Passed
<01-16-2015 08:53:44> ===== INFO: Prerequisite Type & Server: SQL:DPServer.ms.com =====
<01-16-2015 08:53:44> <<<RuleCategory: Access Permissions>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking access permissions...>>>
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping check for sysadmin role on SQL Server.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server sysadmin rights; Passed
<01-16-2015 08:53:44> INFO: Skip testing, no expand primary site specified.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server sysadmin rights for reference site; Passed
<01-16-2015 08:53:44> INFO: The rule 'Site server computer account administrative rights' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping Windows integrated security check.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server security mode; Passed
<01-16-2015 08:53:44> <<<RuleCategory: System Requirements>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<01-16-2015 08:53:44> INFO: The rule 'Unsupported site server operating system version for Setup' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> INFO: The rule 'Domain membership' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> INFO: The rule 'Pending system restart' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> <<<RuleCategory: Dependent Components>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping SQL Server version check.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server version; Passed
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server Edition; Passed
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server Tcp Port; Passed
<01-16-2015 08:53:44> INFO: Checking if SQL Server memory is limited.
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping SQL Server memory check.
<01-16-2015 08:53:44> DPServer.ms.com; Configuration for SQL Server memory usage; Passed
<01-16-2015 08:53:44> INFO: Checking if SQL Server memory is configured to reserve minimum memory.
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping SQL Server memory allocation check.
<01-16-2015 08:53:44> DPServer.ms.com; SQL Server process memory allocation; Passed
<01-16-2015 08:53:44> INFO: Installing SQL Server Express, skipping SQL Server case insensitive validation.
<01-16-2015 08:53:44> DPServer.ms.com; Case-insensitive collation on SQL Server; Passed
<01-16-2015 08:53:44> INFO: Check Machine FQDN: <DPServer.ms.com>.
<01-16-2015 08:53:44> INFO: getaddrinfo returned success.
<01-16-2015 08:53:44> DPServer.ms.com; Validate FQDN of SQL Server Computer; Passed
<01-16-2015 08:53:44> INFO: The rule 'Primary FQDN' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:44> ===== INFO: Prerequisite Type & Server: MP:DPServer.ms.com =====
<01-16-2015 08:53:44> <<<RuleCategory: Access Permissions>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking access permissions...>>>
<01-16-2015 08:53:44> DPServer.ms.com; Administrative share (Site system); Passed
<01-16-2015 08:53:44> INFO:CheckSiteSystemtoSQLConnectivity <DPServer.ms.com>
<01-16-2015 08:53:44> INFO: Installing secondary site, skipping SQL Server connectivity check.
<01-16-2015 08:53:44> DPServer.ms.com; Site System to SQL Server Communication; Passed
<01-16-2015 08:53:44> <<<RuleCategory: System Requirements>>>
<01-16-2015 08:53:44> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<01-16-2015 08:53:44> INFO: The rule 'Check Server Service is running' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:53:52> INFO: OS version:0, ServicePack:0.
<01-16-2015 08:53:52> DPServer.ms.com; Unsupported management point operating system version for Setup; Warning; Configuration Manager site systems can only be installed on systems running Windows
Server 2008 SP2 or later.
<01-16-2015 08:53:52> INFO: The rule 'Domain membership' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:54:05> INFO: Windows Cluster not found on DPServer.ms.com.
<01-16-2015 08:54:05> DPServer.ms.com; Windows Failover Cluster; Passed
<01-16-2015 08:54:05> INFO: The rule 'Pending system restart' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:54:05> <<<RuleCategory: Dependent Components>>>
<01-16-2015 08:54:05> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<01-16-2015 08:54:05> INFO: The rule 'Microsoft XML Core Services 6.0 (MSXML60)' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:54:10> DPServer.ms.com; IIS service running; Warning; Internet Information Services (IIS) is required for some site system roles. You have selected to install a site system role that
requires IIS. Install IIS on the site system to continue setup.
<01-16-2015 08:54:39> ERROR: Failed to get WEBSVCEXT from Remote Service on DPServer.ms.com.
<01-16-2015 08:54:39> INFO: Failed to get IIS BITS Server Extensions state on DPServer.ms.com.
<01-16-2015 08:54:39> DPServer.ms.com; BITS installed; Warning; Background Intelligent Transfer Service (BITS) is required for the management point and distribution point site system roles. BITS
is not installed, IIS 6 WMI compatibility component for IIS7 is not installed on this computer or the remote IIS host, or Setup was unable to verify remote IIS settings because IIS common components were not installed on the site server computer. Also, check
if IIS/BITS services are running properly. Setup cannot continue until BITS is installed and enabled in the IIS settings.
<01-16-2015 08:55:08> ERROR: Failed to get WEBSVCEXT from Remote Service on DPServer.ms.com.
<01-16-2015 08:55:08> INFO: Failed to get IIS BITS Server Extensions state on DPServer.ms.com.
<01-16-2015 08:55:08> DPServer.ms.com; BITS enabled; Warning; Background Intelligent Transfer Service (BITS) is required for the management point and distribution point site system roles. BITS is
not installed, IIS 6 WMI compatibility component for IIS7 is not installed on this computer or the remote IIS host, or Setup was unable to verify remote IIS settings because IIS common components were not installed on the site server computer. Also, check
if IIS/BITS services are running properly. Setup cannot continue until BITS is installed and enabled in the IIS settings.
<01-16-2015 08:55:08> DPServer.ms.com; IIS HTTPS Configuration for management point; Passed
<01-16-2015 08:55:08> INFO: Stand-alone primary site or secondary site. Skip checking firewall settings for SQL Server
<01-16-2015 08:55:08> DPServer.ms.com; Firewall exception for SQL Server for management point; Passed
<01-16-2015 08:55:08> DPServer.ms.com; Administrative rights on management point; Passed
<01-16-2015 08:55:08> INFO:CheckV4ClientNotInstalled <DPServer.ms.com>
<01-16-2015 08:55:36> ERROR: Failed to call GetResultByRunningService
<01-16-2015 08:55:36> DPServer.ms.com; Client Version on Management Point Computer; Warning; You cannot install the management point on a computer with an earlier version of the Configuration Manager
client installed. Upgrade the client to the current version, remove the client, or select a different computer for the management point installation, and then try again.
<01-16-2015 08:55:36> ===== INFO: Prerequisite Type & Server: DP:DPServer.ms.com =====
<01-16-2015 08:55:36> <<<RuleCategory: Access Permissions>>>
<01-16-2015 08:55:36> <<<CategoryDesc: Checking access permissions...>>>
<01-16-2015 08:55:36> <<<RuleCategory: System Requirements>>>
<01-16-2015 08:55:36> <<<CategoryDesc: Checking system requirements for ConfigMgr...>>>
<01-16-2015 08:55:49> DPServer.ms.com; Unsupported distribution point operating system version for Setup; Warning; Configuration Manager distribution point can only be installed on systems running
Windows Server 2003 or later.
<01-16-2015 08:55:49> INFO: The rule 'Domain membership' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:55:49> INFO: The rule 'Windows Failover Cluster' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:55:49> INFO: The rule 'Pending system restart' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:55:49> <<<RuleCategory: Dependent Components>>>
<01-16-2015 08:55:49> <<<CategoryDesc: Checking dependent components for ConfigMgr...>>>
<01-16-2015 08:55:57> DPServer.ms.com; Microsoft XML Core Services 6.0 (MSXML60) for distribution point; Warning; MSXML 6.0 or later libraries are required for Configuration Manager console and
Configuration Manager site server installations. MSXML 6.0 is available for download at http://go.microsoft.com/fwlink/?LinkId=215744
<01-16-2015 08:55:57> INFO: The rule 'IIS service running' has been run on server 'DPServer.ms.com', skipped.
<01-16-2015 08:55:57> DPServer.ms.com; IIS HTTPS Configuration for distribution point; Passed
<01-16-2015 08:55:57> DPServer.ms.com; Administrative rights on distribution point; Passed
<01-16-2015 08:55:57> ***************************************************
<01-16-2015 08:55:57> ******* Prerequisite checking is completed. *******
<01-16-2015 08:55:57> ***************************************************
<01-16-2015 08:55:57> INFO: Updating Prerequisite checking result into the registry
<01-16-2015 08:55:57> INFO: Connecting to DPServer.ms.com registry
<01-16-2015 08:56:09> INFO: Setting registry values
<01-16-2015 08:56:16> ERROR: Failed to update prerequisite results into the registry; error = 1.<01-16-2015 08:48:08> DPServer.ms.com; Site server computer account administrative rights; Error; Configuration Manager Setup requires that the site server computer has administrative rights
on the SQL Server and management point computers.
Actually the administrative permission had been granted. -
Remote Distribution Points for Software Update Point Site
Hi,
I have deployed Primary Site MP (SCCM 2012 R2) in the Main Office. In our environment, we have many remote offices with limited internet connection.
Is it best to setup Secondary Site in those remote offices or setup Distribution Points? What are the considerations?
Thanks.
~AndreYou only install one SUP. You can't install a SUP on DP's, and you don't need to install WSUS on DP's either, just IIS.
The clients will need to connect to the SUP (port 8530) to get the windows update catalogue. If they can't connect to your MP and SUP directly, then you will need to check your proxy configuration on the clients
Once the client has performed a scan, it will then match what it determines are "required updates" against what you have deployed in its client policy.
The client then connects to the local DP to download the updates and install them.
The client only downloads policy from an MP. If you have a DP on the same server as the MP then clients may try to download updates if you don't have your content boundaries configured correctly, and have also allowed them to use a fallback location.
To prevent clients going over the WAN to download the updates, check your update deployment under the "Download Settings" tab and choose "Do not install software updates" on both the options, and make sure you have your content location
boundaries configured correctly with the DP at each remote site assigned to the correct boundary. -
SCEP definitions do not update on Secondary site server
Issue: Win 2008R2 server - Secondary site server - SCEP is installed, but it cannot find/download/install any virus definitions. When attempting to hit "update" within the SCEP console, it returns no results. When attempting to
check online for Win Updates via control panel, no virus def updates are found (but 11 different updates are found for .NET and other things).
The error that is thrown in the Windows Updates log when attempting to update through the SCEP console is Error: 0x80248014. http://support.microsoft.com/kb/2832355/en-us Although this
applies to Windows 8, I still checked the settings per the article. My settings check out okay.
No error is thrown when attempting to check for updates via Windows Update in the control panel. It finds 11 available updates (none of which are SCEP related), and displays them properly.
This server has the CCM2012 client installed, and the Anti-Malware policy has been successfully applied. We have a separate Anti-Malware policy that is applied only to our SCCM site servers. The policy indicates that all virus defs are to be
obtained from Microsoft online Update. Our primary site server does not display this problem. It is updating automatically with no issues.
It is possible to manually download and apply the latest virus definitions by visiting the MS virus defs site and running the manual update installer. I have only done this to ensure that the virus defs are somewhat current.
Steps taken: I have removed SCEP and re-installed it. I have also attempted the Windows Update "Fix-it" found here.
http://support.microsoft.com/kb/971058
Error 0x80248014 persists when attempting an update through the SCEP console, and no SCEP related updates are found by Microsoft online Update.
Any suggestions on what I might try next?Thank you for the reply.
Well, the issue with this secondary site server isn't 100% fixed, but your line of questions pushed me in a direction that allowed me to put a Band-Aid on it. That said, it is updating the virus defs - although not exactly as it should be. But,
this is good enough for me now.
To answer some of your questions that seem relevant. This is a fairly new SCCM setup. Our implementation of SCCM currently is not configured to handle any Software Updates yet. We still rely on a separate WSUS server in our environment for all
WinUpdates (including SCEP/FEP). With that in mind, the Anti-Malware policy that is applied to both SCCM servers use the following 2 locations in order for obtaining SCEP updates:
1) MS online Updates 2)WSUS
As mentioned previously, the secondary site never detected updates via SCEP console or WinUpdates via Control Panel. But this did not explain why it could not retrieve from WSUS.
A quick look at our WSUS setup shows that auto-approval is configured for all of our workstations, but not our servers. I corrected this within WSUS - Forced GPUpdate on the site server - ran wuauclt /detectnow on the site server - Now, the virus defs
were found and could be installed. (I'll have to wait a little while to see if it continues to update automatically as it should)
So, as I mentioned above - the big problem of not updating at all is corrected, however the issue still remains "why are no updates found from MS Updates online?"
At this point - I don't know, but as long as it updates in some fashion, I'm good with that. -
Endpoint Protection clients no getting updates from SCCM 2012 in new Secondary Site
I recently stood up a secondary site behind a PCI firewall to manage PCI in-scope systems. All of my boundaries are properly configured and there are no overlaps. I am able to push packages to these clients and the clients are reporting as healthy however
I am not able to get updates to the SCEP clients. There is no internet access from these systems so I have to rely on updates from SCCM. From what I can see in the WindowsUpdate log it is only trying to go to Microsoft for the definitions. Here is the Log:
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Send failed with hr = 80072ee2.
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
2014-04-30 11:05:09:739
828 da8
Misc WARNING: Send request failed, hr:0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
error 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-04-30 11:05:09:739
828 da8
Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-04-30 11:05:09:739
828 da8
SLS FATAL: GetResponse failed with hresult 0x80072ee2...
2014-04-30 11:05:09:739
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetEndpointFromSLS - Failed to get client data and init parser, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
EP FATAL: Failed to obtain 9482F4B4-E343-43B6-B170-9A65BC822C77 redir SecondaryServiceAuth URL, error = 0x80072EE2
2014-04-30 11:05:09:739
828 da8
Agent WARNING: Failed to obtain the authorization cab URL for service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0
2014-04-30 11:05:09:739
828 da8
Agent FATAL: Caller <NULL> failed to opt in to service 7971f918-a847-4430-9279-4a52d1efe18d, hr=0X80072EE2
2014-04-30 11:05:09:739
828 da8
SLS Retrieving SLS response from server...
2014-04-30 11:05:09:739
828 da8
SLS Making request with URL HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Send failed with hr = 80072ee2.
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Proxy List used: <(null)> Bypass List used : <(null)> Auth Schemes used : <None>
2014-04-30 11:05:30:742
828 da8
Misc WARNING: Send request failed, hr:0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestUsingProxy failed for <HTTPS://sls.update.microsoft.com/SLS/{9482F4B4-E343-43B6-B170-9A65BC822C77}/x64/6.3.9600.0/0?CH=41&L=en-US&P=&PT=0x7&WUA=7.9.9600.16422>.
error 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation MakeRequest failed. error 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: SendRequestToServerForFileInformation failed with 0x80072ee2
2014-04-30 11:05:30:742
828 da8
Misc WARNING: WinHttp: ShouldFileBeDownloaded failed with 0x80072ee2
2014-04-30 11:05:30:742
828 da8
SLS FATAL: GetResponse failed with hresult 0x80072ee2...
2014-04-30 11:05:30:742
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetWUClientDataAndInitParser - failed to get SLS data, error = 0x80072EE2
2014-04-30 11:05:30:742
828 da8
EP FATAL: EP: CSLSEndpointProvider::GetSecondaryServicesEnabledState - Failed to get client data and init parser, error = 0x80072EE2
2014-04-30 11:05:30:742
828 da8
Agent * WARNING: Online service registration/service ID resolution failed, hr=0x80248014
2014-04-30 11:05:30:742
828 da8
Agent * WARNING: Exit code = 0x80248014
2014-04-30 11:05:30:742
828 da8
Agent *********
2014-04-30 11:05:30:742
828 da8
Agent ** END ** Agent: Finding updates [CallerId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB) Id = 9]
2014-04-30 11:05:30:742
828 da8
Agent *************
2014-04-30 11:05:30:742
828 da8
Agent WARNING: WU client failed Searching for update with error 0x80248014
2014-04-30 11:05:30:742
828 da8
IdleTmr WU operation (CSearchCall::Init ID 9, operation # 99) stopped; does use network; is not at background priority
2014-04-30 11:05:30:742
828 da8
IdleTmr Decremented PDC RefCount for Network to 0
2014-04-30 11:05:30:742
828 da8
IdleTmr Decremented idle timer priority operation counter to 0
2014-04-30 11:05:30:743
576 12c0
COMAPI >>-- RESUMED -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-04-30 11:05:30:743
576 12c0
COMAPI - Updates found = 0
2014-04-30 11:05:30:743
576 12c0
COMAPI - WARNING: Exit code = 0x00000000, Result code = 0x80248014
2014-04-30 11:05:30:743
576 12c0
COMAPI ---------
2014-04-30 11:05:30:743
576 12c0
COMAPI -- END -- COMAPI: Search [ClientId = System Center Endpoint Protection (DDEFDD14-250E-4DC8-A0B3-9D667EC5D8EB)]
2014-04-30 11:05:30:743
576 12c0
COMAPI -------------
2014-04-30 11:05:30:743
576 1254
COMAPI WARNING: Operation failed due to earlier error, hr=80248014
2014-04-30 11:05:30:743
576 1254
COMAPI FATAL: Unable to complete asynchronous search. (hr=80248014)
The log is from a Server 2012 R2 Client. The only thing I was able to find was this Article which did not resolve my issue. Anyone else encounter anything similar? Any help would be appreciated.
Regards, Evan Mills - Systems AdministratorEvery two hours is too aggressive for the ADR. Definitions are only released 2-3 times a day so every 8 hours is what most consider best practice. Is your WSUS sync occurring every two hours as well? If not, then the ADR wouldn't have anything new to pick
up anyway. It's best to set the WSUS sync for every 8 hours and then set the ADR to run after any successful WSUS sync.
So the EP definitions are caching but not installing? What does the WUAHandler.log show? One of my machines shows the following which indicates a successful installation from the ConfigMgr delivered update:
1. Update (Missing): Definition Update for Microsoft Endpoint Protection - KB2461484 (Definition 1.173.933.0) (0a156122-d4f8-4215-9e63-8f0f1e32c9c6, 200) WUAHandler 4/30/2014 6:49:33 AM 11080 (0x2B48)
Async installation of updates started. WUAHandler 4/30/2014 6:49:34 AM 11080 (0x2B48)
Update 1 (0a156122-d4f8-4215-9e63-8f0f1e32c9c6) finished installing (0x00000000), Reboot Required? No WUAHandler 4/30/2014 6:50:23 AM 8664 (0x21D8)
Async install completed. WUAHandler 4/30/2014 6:50:23 AM 8664 (0x21D8)
Installation of updates completed. WUAHandler 4/30/2014 6:50:23 AM 11032 (0x2B18)
It sounds like if you set "Check for Endpoint Protection definitions at a specific interval" to 0 then it would prevent the WindowsUpdate.log activity you're seeing when the EP client tries to reach out for updates. -
Sccm 2012 Can we migrate a distribution point to a Secondary site
Can we upgrade our SCCM 2012 Distribution point to a Secondary Site? Can anyone advise the process please?
Hi,
Please refer to the link below:
Planning a Content Deployment Migration Strategy in System Center 2012 Configuration Manager
http://technet.microsoft.com/en-us/library/gg712275.aspx
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place. -
New Site Server with Distribution Point & Software Update Point Roles not pulling SUGs
I just set up a new server & installed the DP & SUP roles on it. I am getting the following in the log this is just a small sample as its kind of repetative:
Report state message 0x8000094F to MP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Report Body: <ReportBody><StateMessage MessageTime="20140328183445.000000+000" SerialNumber="0"><Topic ID="FPP00002" Type="901" IDType="0"/><State ID="2383" Criticality="0"/><UserParameters
Flags="0" Count="2"><Param>FPP00002</Param><Param>["Display=\\FPPSCCM02.FPP.WUCON.WUSTL.EDU\"]MSWNET:["SMS_SITE=FPP"]\\FPPSCCM02.FPP.WUCON.WUSTL.EDU\</Param></UserParameters></StateMessage></ReportBody>
SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Report status message 0x8000094F to MP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Status message has been successfully sent to MP from remote DP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Retry 10 times SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Start to evaluate all packages ... SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Start to evaluate package 'FPP00002' version 0 ... SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Report status message 0x4000094C to MP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Status message has been successfully sent to MP from remote DP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Failed to evaluate package FPP00002, Error code 0x80070002 SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Report state message 0x8000094F to MP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Report Body: <ReportBody><StateMessage MessageTime="20140328183445.000000+000" SerialNumber="0"><Topic ID="FPP00002" Type="901" IDType="0"/><State ID="2383" Criticality="0"/><UserParameters
Flags="0" Count="2"><Param>FPP00002</Param><Param>["Display=\\FPPSCCM02.FPP.WUCON.WUSTL.EDU\"]MSWNET:["SMS_SITE=FPP"]\\FPPSCCM02.FPP.WUCON.WUSTL.EDU\</Param></UserParameters></StateMessage></ReportBody>
SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Report status message 0x8000094F to MP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Status message has been successfully sent to MP from remote DP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Report status message 0x40000952 to MP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Status message has been successfully sent to MP from remote DP SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
DP monitoring finishes evaluation. SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
Failed to evaluate some packages after 10 retry SMS_Distribution_Point_Monitoring 3/28/2014 1:34:45 PM 6444 (0x192C)
The Console shows for the DP that it's waiting for content and I don't see where I can create a Prestage Package
# When I wrote this script only God & I knew what I was doing. # Now, only God Knows! don't retire technet http://social.technet.microsoft.com/Forums/en-US/e5d501af-d4ea-4c0f-97c0-dfcef0192888/dont-retire-technet?forum=tnfeedbackD:\SMS_DP$\sms\logs\smsdpmon.log
This is the 2nd server in our SCCM 2012 Sp1 Hierarchy. It is set up with the following Site System Roles:
Component Server
Distribution Point
Site System
Software Update Point
It is Prestaged Enabled. My intent is that the client systems @ the location where this DP is located will use it to pull their Microsoft Updates from as well as content for any Applications we push to them rather than going over the WAN to the Primary
Site Server.
IN Distribution Point Configuration Status. the console shows "Failed to update package" & "Packaget Transfer Manager failed to update the package "yxz00040". Version 3 on Distribution Point server.my.domain.com review pkgxfermgr.log for more information
about this failure."
It also goes on toe list 2 possible causes and solutions
Site servers does not have sufficient rights to the source directory.
(Site server account is a member of local Administrators on Primary)
Not enough disk space available
(I have over 1TB of available space and primary site server has only 150GB available for entire content repository, both applications and sofware updates.)
# When I wrote this script only God & I knew what I was doing. # Now, only God Knows! don't retire technet http://social.technet.microsoft.com/Forums/en-US/e5d501af-d4ea-4c0f-97c0-dfcef0192888/dont-retire-technet?forum=tnfeedback -
Source hierarchy AAA is at 2012 R2 CU3 and contains a primary site and 14 secondary sites (A01 through A14). The 14 secondary site servers hold the following roles:
Site system
Management Point
State migration point
Site server
Site database server
Component server
Distribution Point
Target hierarchy BBB is also at 2012 R2 CU3 and contains only a primary site. The goal is to "downgrade" the severs at source secondary sites A01 through A14 to distribution points.
AAA was added as a source site. Data gathering was done. A migration job was created an run, and distribution points from the source hierarchy were shared to allow a phased migration of the clients.
We have reach the point where we are ready to reassign distribution points in sites A01 through A14 from AAA to BBB, but none of the shared distribution points are eligible for reassignment. We surmise that since the DP role is not the only role on
these servers (as you can see from the bullet list above), they are ineligible for reassignment. We are unable to remove most of the roles. In fact, the only 2 roles that can be removed are the DP role itself, and the State Migration
Point. If we delete the secondary site, it removes ALL roles...not leaving any behind...including the one we need...DP.
My question is 2-part:
Is our assumption correct? Must a DP role be the only one on the server for a DP to be eligible for reassignment?
Is there any way we can reassign these DPs instead of deleting everything and building them from scratch?
These secondary site servers are in branch offices and host a lot of distributed packages. It would be very inconvenient to have to rebuild the DPs from scratch and redistribute all those packages over the WAN.Full Disclosure: I have never used this tool myself. I intend to, however the opportunity or time to do so has not yet arisen.
You could use the techniques outlined in CloneDP (https://gallery.technet.microsoft.com/scriptcenter/CloneDP-for-SCCM-2012-SP1-825ce5b1) to create prestage media on each DP and rebuild. That at least would prevent redistributing over the WAN
Ken provides a nice writeup too: http://blogs.technet.com/b/kensmith/archive/2013/08/01/migrating-the-content-library-between-distribution-points-in-sccm-2012-sp1.aspx -
Replace secondary site with distribution point
I have a client that would like to remove some unnecessary secondary sites and replace them with distribution points on the same hardware. Is there a built-in way of doing this from the SCCM console? What should be taken into consideration before doing
such a thing?
Please remember to click “Mark as Answer” on the post that helps you, and to click “Unmark as Answer” if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread. ”No there is no built in way to do this. It's essentially an uninstall (of the Secondary site components) and an fresh install of the DP. Content and boundaries are the only real considerations; you may want to use pre-staged content to essentially
cache a local copy so that it doesn't have to be replicated across the WAN. Technically, if you leave the sccmcontentlib in place, it may be able to reuse this but that's not supported so it may or may not work.
Jason | http://blog.configmgrftw.com -
Secondary Site Distribution Points content flow
We are implementing an environment that contains over 750 locations with distribution points. With the limitation of 250 DPs per site, we are going to have to put DPs under secondary sites.
In preparation for this configuration we would like to have a better understanding of how the content will flow to the lower level DPs (under secondary sites). We are aware that content
being sent to a dp on a secondary site server is compressed at the primary, sent to the secondary and uncompressed. Here are our questions:
1. Will the content for lower level DPs, under the secondary Site, receive its content directly from the primary site DP, or the Secondary Site DP?
2. Will the content for the lower level DPs be compressed, sent and uncompressed (from the primary or secondary)?
This information will help determine the network configuration we use to limit our WAN traffic.
I appreciate any insight into these questions you can provide.
Thanks.Sorry, but can someone explain #1 more detail?
I have Secondary Site with multiple DPs.
If I distribute the content to only 1 DP at Secondary site (not pull DPs), will the content distribute to the Secondary Site server first, then to the DP? Does the content also available at the SS Server?
Does the data flow like: Primary Site -> Secondary Site -> DP ? -
SCCM 2012 Clients at Secondary Site don't update and shows status as INACTIVE
I have 1 Primary site and 1 Secondary sites. I have setup Secondary site Boundaries using IP subnet. I see that the systems from secondary
site show in the console and they all have clients installed but however 60% of the system shows client activity as INACTIVE and not receiving any heartbeat DDR none of the system showing hardware inventory. I am not positive
where to look as far as logs are concerned. I think the clients aren't receiving policy like they should.
Just to give a brief idea, Secondary Site server crashed and we had to rebuild the server and re install secondary site after rebuilding all the
problem. Everything is working fine in Primary site.
Secondary site is communicating with primary site MP and DP
I have checked MPcontrol.log it shows status as OK
I am able to install client through console but yes when I check the configuration manager properties it shows CCM Notification Agent as DISSABLED
and in the Action Tab Machine and User policy are the only cycles showing.
Checked replmgr.log and rclctrl.log but it’s not showing any error
Only log file which shows error is bgdserver.log ( pasting log errors )
ERROR: SQL exception when retrieve client certificate from DB. Exception: The EXECUTE permission was denied on the object 'sp_GetPublicKeyForSMSID', database 'CM_PRI',
schema 'dbo'. -2146232060 SMS_NOTIFICATION_SERVER 05-07-2014 12:09:01 3968 (0x0F80)
ERROR: Can't do post authentication without client certificate stored in regsitration. SMS_NOTIFICATION_SERVER
05-07-2014 12:09:01 3968 (0x0F80)
ERROR: Failed to authenticate with client [::ffff:10.5.55.88]:49623. SMS_NOTIFICATION_SERVER 05-07-2014
12:09:01 3968 (0x0F80)
ERROR: SQL exception when retrieve client certificate from DB. Exception: The EXECUTE permission was denied on the object 'sp_GetPublicKeyForSMSID', database 'CM_PRI',
schema 'dbo'. -2146232060 SMS_NOTIFICATION_SERVER 05-07-2014 12:09:01 3968 (0x0F80)
ERROR: Can't do post authentication without client certificate stored in regsitration. SMS_NOTIFICATION_SERVER
05-07-2014 12:09:01 3968 (0x0F80)
ERROR: Failed to authenticate with client [::ffff:10.5.62.68]:49923. SMS_NOTIFICATION_SERVER 05-07-2014
12:09:01 3968 (0x0F80)
ERROR: SQL exception when retrieve client certificate from DB. Exception: The EXECUTE permission was denied on the object 'sp_GetPublicKeyForSMSID', database 'CM_PRI',
schema 'dbo'. -2146232060 SMS_NOTIFICATION_SERVER 05-07-2014 12:09:06 3968 (0x0F80)
ERROR: Can't verify signature in message without client certificate for client SCCM GUID:B47059B1-D4E4-41A2-BC88-486A597FE399
SMS_NOTIFICATION_SERVER 05-07-2014 12:09:06 3968 (0x0F80)
ERROR: Invalid hook to be decoded. Authentication SMS_NOTIFICATION_SERVER
05-07-2014 12:09:06 3968 (0x0F80)
ERROR: Failed to decode message body (<BgbSignInMessage TimeStamp="2014-07-05T06:39:01Z"><ClientType>SCCM</ClientType><ClientVersion>5.00.7804.1000</ClientVersion><ClientID>GUID:B47059B1-D4E4-41A2-BC88-486A597FE399</ClientID></BgbSignInMessage>)
with message header
Help me resolve this issue as I am struggling to resolve this for almost 2 weeks.
Please let me know which logs are helpful and I'll try to add it to replies.Hi,
Quote:"see that the systems from secondary site show in the console and they all have clients installed but however 60% of the system shows client activity as INACTIVE and not receiving any heartbeat DDR none of the system showing hardware inventory. "
So not all the clients show inactive? Have you checked the logs in an inactive client? Such as ClientIDManagerStartup.log.
Have you checked Secondary Site server's computer name from SQL logins? You could try to remove this account, wait a while, recreate the same computeraccount login with sysadmin access. (http://social.technet.microsoft.com/Forums/en-US/d5383c23-6b71-47cc-9fad-fda82a44a3aa/secondary-site-showing-inactive-clients?forum=configmanagerdeployment)
You could use Configuration Analyzer for System Center 2012 R2 to troubleshoot issues.
http://technet.microsoft.com/en-us/library/dn469435.aspx
Best Regards,
Joyce
We
are trying to better understand customer views on social support experience, so your participation in this
interview project would be greatly appreciated if you have time.
Thanks for helping make community forums a great place.
Maybe you are looking for
-
How do i stop the search tab from changing other tabs other than just the one with focus?
everytime i use the search bar located next to the web address, it will change other tabs to the results of my search and not just my tab of focus. how do i stop this? it's never done this before and has only started doing it this week.
-
UFL 'u212com.dll' that implements this function is missing
I am attempting to write a user function library for the crystal reports version that ships with Visual Studio 2010. Following the walkthrough on the Business Objects website (although that is for VS2005) I have successfully created my .dll file and
-
In pse 9 when edited photo is saved it doesn't appear in organizer
This happens even though the box entitled "include in organizer" has been checked.
-
In GeoRaster WP,it says SDO_GEOR.generatePyramid can generates pyramid data for a GeoRaster object. there are any examples about It . ths......
-
When I try to play youtube videos, it will start then freeze.
Hi, for about a week now my ipod will start a youtube video then just freeze 2 seconds into it; this happens with most videos. Also, I can't play my apps, it will do the same thing.