chappel Posted December 27, 2013 Report post Posted December 27, 2013 I'm trying to deploy SCEP to about 250 clients to replace Symantec. I leave arguments over which sucks more for later. I'm doing a clean SCCM installation, and trying to standardize all my new servers on Server 2012r2 / SQL 2012 (as much as possible). I've got SCCM installed as a basic Primary site (everything on one server), and it *claims* to be running, but I can't install any of the SCCM clients on any endpoints (all Windows 7). I've got an SMS Server error '5436' in the SCCM event log, with a bunch of blather about possibly SQL and IIS permissions errors. Before I get further into figuring out what I missed, do I have any hope of making this work, or should I just delete the entire thing and start over with server 2008r2 and SQL 2008? I did the installation following the 'recipe' out of the book 'Microsoft System Center 2012 Endpoint Protection Cookbook', which, like the guide here, steps through setting it up on 2008. I'd assumed that's just because 1) that's what was available at the time and 2) that's what everyone who knows what they are doing is comfortable with, but want to make sure it isn't just because it won't work with 2012 (or not without some patch / hotfix / SP / whatever). Assuming 2012r2 isn't a non-starter, any tips for troubleshooting Error 5436? This doesn't mean much to me: On 12/27/2013 10:39:27 AM, component SMS_MP_CONTROL_MANAGER on computer SCCM reported: MP Control Manager detected management point is not responding to HTTP requests. The HTTP status code and text is 404, Not Found. Possible cause: Management point encountered an error when connecting to SQL Server. Solution: Verify that the SQL Server is properly configured to allow Management Point access. Verify that management point computer account or the Management Point Database Connection Account is a member of Management Point Role (msdbrole_MP) in the SQL Server database. Possible cause: The SQL Server Service Principal Names (SPNs) are not registered correctly in Active Directory Solution: Ensure SQL Server SPNs are correctly registered. Review Q829868. Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which the site is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which the site is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. Possible cause: The MP ISAPI Application Identity does not have the requisite logon privileges. Solution: Verify that the account that the MP ISAPI is configured to run under has not been denied batch logon rights through group policy. For more information, refer to Microsoft Knowledge Base article 838891. Quote Share this post Link to post Share on other sites More sharing options...
