Cannot Resolve Same Management Point Error Thrown On Every Site Server

[BzowK]

Hey Guys -

I've got an SCCM 2012 installation which is about 3 months old. It's got the primary SCCM server on one VM and the SQL server (2008) on a separate, dedicated VM.

When recently trying to add the State Migration Point to my primary server, I keep getting the below error being thrown:

SMP Control Manager detected SMP is not responding to HTTP requests. The http status code and text is 500, Internal Server Error.

Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which the site is configured to communicate.

Solution: Verify that the designated Web Site is configured to use the same ports which the site is configured to use.

 

Possible cause: The designated Web Site is disabled in IIS.

Solution: Verify that the designated Web Site is enabled, and functioning properly.

 

Possible cause: The MP ISAPI Application Identity does not have the requisite logon privileges.

Solution: Verify that the account that the MP ISAPI is configured to run under has not been denied batch logon rights through group policy.

I looked through the MPControl.log file, but didn't see any errors at all. In fact, I used Notepad++ to search all log files in \Program Files\Microsoft Configuration Manager\Logs on the SCCM server for key phrases in the error above and got no results - strange.

After initial fixes didn't fix it, I tried installing the State Management Point on a couple of other different servers - including a brand new VM I created just to try to fix it. Still, nogo.

Any suggestions as to what else I can check? Below is what I've tried so far...

- Made sure IIS site was enabled

- Change local policy on all site servers to add my sccm admin service account & primary sccm server hostname to have logon batch rights

- Installed or Verified prerequisites were installed on servers before deploying State Migration role

Some fixes suggest reinstalling IIS, but really don't want to risk it on my primary SCCM server. Couldn't that cause major havoc? Also - I do have the Software Management Point installed on the primary site server. Could it's IIS be conflicting with MP?

My MPControl.log is attached...

Thanks for your help!

mpcontrol.log

[BzowK]

Update

I'm still having the error, but here's what I've tried and the results...

- I read this post which suggested the error meant that LOCAL SERVICE didn't have full rights to the SMP share. I added them and still got the error.

- I preformed the following

- Uninstalled SMP role from primary sccm server

- Created New folder for SMP on local partition

- Gave full permissions to LOCAL SERVICE, my sccm service acct (domain admin), & local sccm server hostname even though it's already in local admins

- Installed SMP role

No-go. Here's what smpmgr.log had to say about the above...

********************************************************************************

SMS_EXECUTIVE started SMS_STATE_MIGRATION_POINT as thread ID 1636 (0x664).

********************************************************************************

SMS_STATE_MIGRATION_POINT received START notification.

SMPPeriodicActivityInterval = 1440 minutes.

SMPEncryptionCert Length 2992.

RegOpenKeyEx succeeded for regkeypath SOFTWARE\MICROSOFT\SMS\SMP\STATESTORE

StateMsgDir = D:\Program Files\Microsoft Configuration Manager\inboxes\auth\statesys.box\incoming, StatusmsgDir = D:\Program Files\Microsoft Configuration Manager\inboxes\statmgr.box\statmsgs, sitecode = ABC

Securing SMP msg dirs successful

HandleSMPRegistryChanges: RegQueryInfoKey succeeded. Number of SMP stores=1

RegOpenKeyEx succeeded for regkeypath SOFTWARE\MICROSOFT\SMS\SMP\STATESTORE\SMPSTORED_A8FD9DA7

Creating directory "D:\Profiles\SMPSTORED_A8FD9DA7$"

Creating share SMPSTORED_A8FD9DA7$ succeeded

AllowSMPIsapiAccess succeeded for share D:\Profiles\SMPSTORED_A8FD9DA7$.

SMPPeriodicActivityInterval = 1440 minutes

Handling SMP registry Changes succeeded.

Successfully created factory CSMPMgrFactory

Successfully registered class CSMPMgr.

SMS_STATE_MIGRATION_POINT successfully started

Configuration and Availability Monitor thread started.

Initialized 'SMS Server Availability' performance instance => SMS State Migration Point.

SSL is not enabled.

Call to HttpSendRequestSync failed for port 80 with status code 500, text: Internal Server Error

Health check request failed, status code is 500, 'Internal Server Error'.

STATMSG: ID=6207 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_STATE_MIGRATION_POINT" SYS=BNASCCM02.bassberry.com SITE=BBS PID=2332 TID=5448 GMTDATE=Mon Aug 27 16:08:49.164 2012 ISTR0="500" ISTR1="Internal Server Error" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0

Completed availability check on local machine

Initialization still in progress.

 

The entire log file is attached...

 

After that, it repeats the last 6 lines (starting with "SSL not...") over and over again every 1 minute.

Hope that helps - Thanks

smpmgr.log

[anyweb]

are the management point and dp configured for HTTP or HTTPS ?

what do your component status logs look like (any other obvious problems...)

[BzowK]

Hey Niall!

 

They are configured for HTTP. I've attached screenshots of the MP config as well as the component logs. Thanks again for your help. You are incredible!

compmon.log

compsumm.log

[anyweb]

lots of errors in there, can you verify that your management point is working, this link is for cm07 but it works the same way

 

http://technet.microsoft.com/en-us/library/bb932118.aspx

 

and once again, in monitoring, system status, component status, are things looking all green or mostly red ? any obvious issues in there (like management point being dead ?)

[BzowK]

No kidding...

 

Here, I'll just show you...

 

I've always had issues keeping Dist Point out of the red since I have automatic client site deployment enabled and it errors if it can't reach one machine seemingly. The other errors are really just software metering and the SMP I'm discussing.

 

One other question if I may...

 

I'm discussing something with a coworker about how to reconfigure our discovery and would like your opinion (since she and I aren't agreeing)

 

We have 4 physical locations, ~750 workstations, ~70 servers, & many OUs - all in one domain. I currently have AD System Discovery (ASD) on as well as heartbeat (HB). The problem is that in collections we are getting a lot of clients listed with no client installed. Many (most) of them are duplicates from OS reinstalls or new computers (hostname stays with owner). Anyways - our AD is a mess and doesn't look like it will be cleaned any time soon & not my dept.

 

What's the ideal way to configure discovery for this situation in your opinion?

 

Thanks again Niall!

[Rocket Man]

Any reason as to why you have changed the account that connects the MP to the SQL database from been the local computer account to been a domain account??

 

Is this a prereq for SMP?

 

Is there any client communication at all on your sites back to MP? How is software deployment etc...at the moment?

Is windows authentication enabled in IIS? By default it it is not and anonymous authenitication is the only form of authentication...by standard I always enable windows authentication...

 

from your remote sites verify that you have access to your PS IIS website by opening up a webbrowser and browsing to the name of your site server e:g http://xxx-xxx

You should receive the IIS webpage..

 

Rocket Man

[BzowK]

Good Afternoon Guys -

 

No - No reason that I've changed the accounty that connects MP to SQl other than the domain account used was set up as a full local, domain, and SQL admin for that database. I use it for everything including deploying clients. Is that not suggested?

 

Software Deployment is fine. I deployed a package (EXE with silent and noreboot switches) to All Workstations last night and had a 98% success rate. All Workstations includes machines at 4 different locations across the country and each with their own DP.

 

Windows Auth in IIS - I just verified that it is installed on the primary sccm server (also an MP). When you say you enable it as it's disabled by default, where do you mean exactly. Here's how each item in IIS is set currently:

 

Windows Auth Disabled: Main IIS (Above Application Pools), SMS_MP, SMSSMP

 

Windows Auth Enabled: Default Web Site, SMS_DP_SMSPKG$, SMS_DP_SMSSIG$, SMS_MP_WindowsAuth

 

Note: I just now enabled Windows Auth on SMSSMP to see if that helps...

 

As for the PS IIS Website, do you mean PowerShell IIS Website? If so, I don't have that installed.

 

Note: One thing that I just remembered that may make a difference. A while back, I installed Orchestrator onto the same server, but installed it afterwards. I don't think it's still resident in the server at all, but may have changed some IIS settings???

 

Below are some more details of my IIS on that server...

 

Thanks again for your help!!!

[BzowK]

Bump

 

Any more suggestions guys? Still having the issue... - Thanks!