IT Infrastructure blog

September 12, 2012

How to configure DCOM permissions for configuration manager console in SCCM 2007

Filed under: SCCM 2007 — Akther @ 7:16 am
Tags: , ,

SCCM 2007 console has been installed to few of the of help desk team machine. But unable to open the console. below error was throwing while accessing.

 

 

 

 

 

 

 

 

Cause

Help desk users was not member of “SMS Admins” local group in SCCM server.

SMS Admins” group was not having WMI permission.

Solution .

Added helpdesk users to “SMS Admins” local group in SCCM server.

– Add “SMS Admins” group to DCOM security for “Launch and Activation Permissions” in SCCM server.
– Gave “Remote Activation” Permissions for “SMS Admins” group for DCOM.

Go to SCCM server -> RUN  -> dcomcnfg ->Component Services – >Right Click on My computer –>properties ->COM Security

Click on Edit Limits  under Launch and Activation Permission->add SMS Admins group from SCCM server .

Enable Local Lounge and Remote Activation

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Issue resolved.

Thanks to Jamshi who is my friend and colleague to help us to troubleshoot this issue.

Advertisements

September 28, 2011

Server service is not starting on windows 2008 server R2

Filed under: SCCM 2007,Windows 2008 Servers — Akther @ 9:08 am
Tags:

We were struggling to start server service in one of the Windows 2008 enterprise edition of R2 server. Because of this issue we were facing lot of issue especially we want to migrate this server in to 2008 Active directory and it cannot because of this server service.

Ok, what we have find out after several research there are two registry entries were corrupted in that server. the registry entries are

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\MSiSCSI 

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\LanmanServer

Which affect the starting for the services “Server” and “Computer Browser” and causes the failure.

And these two registry entries are exported from another working windows 2008 server and imported in to this server. After this service was successfully started. ( Browser service as well started.

 

April 27, 2011

SCCM Admin console is not opening

Filed under: SCCM 2007 — Akther @ 6:16 am
Tags:

We have installed SCCM Admin console in one of the Admin machine to manage SCCM. System Admin is having enough SCCM permision. While trying to open it throws below error.

Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))

Resolved

To resolve this issue, add the users who are trying to make remote connections to the SCCM admin console to the Distributed COM Users local group.

Ref

http://support.microsoft.com/kb/913000/en-us

May 18, 2010

SCCM 2007 reporting is not working

Filed under: SCCM 2007 — Akther @ 10:58 am
Tags: ,

When i try to generate report from SCCM 2007 server it’s throwing below error and i was not in a position to generate any report

Report Name: Compliance 1 – Overall Compliance
Category: Software Updates – A. Compliance
Comment: This report returns the overall compliance data for an Update List.
Parameters: Update List ID (Required) ScopeId_000330B9-1284-4982-89B8-D1B64A7561F2/AuthList_5E0CBA68-7C8F-4AE7-8849-18EBABAE5F44
Collection ID (Required) SMS000ES 
 

 Compliance 1 – Overall Compliance
An error occurred when the report was run. The details are as follows:
The specified schema name “webreport_approle” either does not exist or you do not have permission to use it.
Error Number: -2147217900
Source: Microsoft OLE DB Provider for SQL Server
Native Error: 2760

Resolution

Surely some thing wrong with “webreport_approle” in SQL server 2005.

What i did i went to SCCM database in SQL server 2005–> security–>Roles–>Application roles –> Webreport_approle –> properties–>Select webreport approle check box.

There was no permission on webreport_approle. And some how i don’t have any idea how this permission was removed!!

After that all the reports started working.

August 5, 2009

SCCM client status showing N/A Approved No

I have seen so many times SCCM client status is not approved or N/A after you push client to that particular server. If you install sccm client manually in this server also same story only.

 

So where we need to look in to this to get client status approved and client assigned Yes.

1 ) Open these ports in firewall 

80, 445 ,443 ,135 , 8530 and 8531

2)Check the ip subnets are in sites boundaries.

3) check the sms agent host, BITS and WMI services are running.

 

If the bove settings are configured then go to configuration manager console and right click from collection and update membership collection then refresh. Now the client status should be Yes and Assigned

 

Thanks

Akther

July 2, 2009

Software updates reports in SCCM Server 2007

Filed under: SCCM 2007 — Akther @ 11:12 am
Tags: , ,

Reports are the greate companion in my sccm journey. Through the below reports we can easily identify the windows /software updates  status on  sccm  clients.

Report 1Enforcement state for deployment : Will give following status

Compliant status

Failed to install upates

Non compliance

Pending system restart

Report 2 –  Evaluation state of deploymnet

Evaluation succeeded

Evaluation failed

Evaluation state unknown

Report 3 -Compliance 1- overall compliance

This report will give the full windows update details by client by client.

reports

June 18, 2009

Maintinence window in SCCM 2007

Configuration manager added a new option for collection called the maintinence window. Its define a specific period of time within which changes can be made to clietns that are members of that collection.

For example, if you have set of computers that should only receive software updates and other advertisement between 1.30 A.M to 2.30 A.M midnight.In such cases you can use maintinence window for that specific collection.

A maintinence window cannot be longer than any given 24 hours period. If you need a longer maintinence windows, create multiple windows for collection.

How to configure a maintinence windows for a collection

Configuration Console —>Computer Management—> Collection—> Right click—> Modify Collection settings—> Select maintinence window—> New—> set start time and end time.

maintinenceoriginal


maintinence2original

Thanks

Akther


June 12, 2009

SCCM server and Client logs & Log location

I am listing few important logs from SCCM server as well as clients

Server Logs ( try to use tracert32 utility from configmgr2007 tollkit to open logs. But not all like this utility.)

location

D:\SMS_CCM\Logs

D:\SMS\Logs

  • Wsyncmgr.log – In this log we can able to see the sync updates between WSUS and SCCM server.
  • Mpcontrol.log – Current status of Management point. If you see  (Call to httpsendrequestsync succeeded for port 80 with status code 200,text ok http test request succeeded,successfully performed Management Point avaialbility check against local computer) This means MP is working fine.
  • Mp_status.log – Can see the MP status
  • Sender.log – Can see any errors related to the site to site communitation between the central site and the child sites.
  • distmgr.log – Able to see any DP to DP issues/transffering and erros
  • WUAHandler.log
  • WUAHandler.log – Can see any Group Policy Conflicts
  • locationservices.log -Checking and retriving MP availability

Client side Logs

Location – C:\windows\system32\ccm\logs ( 32 bit clients)

C:\Windows\SysWOW64\CCM\Logs ( 64 bit clients)

updatesstore.log   , updatesdeployment.log , updateshandler.log : Can check windows updates details.

Full log information

http://technet.microsoft.com/en-us/library/bb892800.aspx

Thanks

Akther

June 11, 2009

SCCM Client machines are not gettting updates throguh SCCM 2007

Scenario

We have centerl Server  and three primary servers. I was trying to deploy june month patches to clients.  Clients under primary.contoso.com received windows updates with out any issue. But clients under primary2 and primary3 servers didn’t received updates.

Troubleshoot steps

try to telent  from central server

telnet.primary1.contoso.com 80 ( I was able to telnet)

telnet.primary2.contoso.com 80 ( I am uanble to telnet)

telnet.primary3.contoso.com 80 ( I am uanble to telnet)

So the issue figure it out that ports were blocked from central server to child server.  Port 445 and port 80 (or your custom ports) is used to communicate between a parent server with a wsus to a child server with wsus.

I had similar experiance in last month. That time clients under priamry1.contoso.com didn’t receive updates. I did some research and find out that Management Point was not working on that priamry server . Once i removed the MP role and add it back it start getting updates.

If you have issue like few of the clients not recieving updates you also need to check the below steps  from your failed computer

gpedit.msc  —> Computer configuration—>Administrative Templates—>Windows Components–>Windows Updates—>specify intranet microsoft update service location—> check the servername and port number. Try to telent from client to that server with port. If you are not able to connect means open that port from client to server

Regards

Akther

June 10, 2009

How to check Management Point is working fine in SCCM 2007

Filed under: SCCM 2007 — Akther @ 3:40 pm
Tags: , , ,

I was  search a lot at my initial days with SCCM to find out the MP status.  I have found few solution. It is listed below. Hope it will helpfull.

1. Check  mpcontrol.log and find if you have below status message. ( I use tracert32 to read log files)

call to httpsendrequestsync succeeded for port 80 with status code 200,text ok
http test request succeeded
successfully performed Management Point avaialbility check against local computer

Call to httpsendrequestsync succeeded for port 80 with status code 200,text ok

http test request succeeded

successfully performed Management Point avaialbility check against local computer

2. Check MPsetup.log and find the below status message
<12-16-2008 17:12:09> Installing the SMSMP
<12-16-2008 17:12:09> Passed OS version check.
<12-16-2008 17:12:09> IIS Service is installed.
<12-16-2008 17:12:09> SMSMP already installed (Product Code: {3945C886-9779-4280-B537-AB8E62A0878E}).  Upgrading/Reinstalling SMSMP
<12-16-2008 17:12:09> New SMSMP is a new product code {{7AF53388-F428-4A8B-8F20-DBB4851E3424}}.  This is a major upgrade.
<12-16-2008 17:12:09> Enabling MSI logging.  mp.msi will log to D:\SMS\logs\mpMSI.log
<12-16-2008 17:12:09> Installing D:\SMS\bin\i386\mp.msi REINSTALLMODE=vmaus CCMINSTALLDIR=”D:\SMS_CCM” CCMSERVERDATAROOT=”D:\SMS” USESMSPORTS=TRUE SMSPORTS=80 USESMSSSLPORTS=TRUE SMSSSLPORTS=443 USESMSSSL=TRUE SMSSSLSTATE=0 CCMENABLELOGGING=TRUE CCMLOGLEVEL=1 CCMLOGMAXSIZE=1000000 CCMLOGMAXHISTORY=1
<12-16-2008 17:15:59> mp.msi exited with return code: 0
<12-16-2008 17:15:59> Verifying CCM_CLIENT virtual directory.
<12-16-2008 17:15:59> Website path is IIS://LocalHost/W3SVC/1.
<12-16-2008 17:15:59> Connecting to IIS.
<12-16-2008 17:15:59> CCM_CLIENT is currently D:\SMS\Client.
<12-16-2008 17:15:59> Installation was successful.
3. Check IIS and make sure that you have virtual directory named SMS_MP under default website
4. Fianlly for testing run this on IE from any client and from the server itself and you sould get the results mentioned.

a) Run http://<MP name>/sms_mp/.sms_aut?mplist
This returns a blank screen.
b) Run http://<MP name>/sms_mp/.sms_aut?mpcert
This returns a long list of numbers and letters.
5. last resort
Remove MP role from configuration manager. Wait for some time( check mpsetup.log and mp_msi.log) once you find MP has been removed successfully then add it from site system —> New Role–> Select Management Point.
Regards
Akther
Next Page »

Blog at WordPress.com.