You are browsing the archive for MP.

CM12 SP1 Management Point will not install on Server 2012

9:19 am in ConfigMgr 2012, ConfigMgr 2012 SP1, MP, SCCM 2012, SCCM 2012 SP1, Server 2012 by Kenny Buntinx [MVP]

 

Hi,

I am using Windows Server 2012, SQL 2012 SP1 and SCCM 2012 sp1, and I have one Primary site with a remote site server that will host the DP and MP role.

I am trying to install the Management Point (using HTTP for client connections) but it fails.  did have the SCCM 2007 client install on this server due to a automatic build process with CM07 and that was the in the end the issue . The CM07 client left traces.

Looking throught the msisetup log which said a previous version was detected, I used ccmsetup /uninstall to remove the client (which gets rid of it from control panel), and then removed the MP, rebooted and tried to install the MP again. However, the MP still wouldn’t install.

mpmsi log as below:

[9:53:33] Failed to compile ‘D:\SMS_CCM\CcmExec_Global.mof’ (Phase: 3, Object: 5, Lines: 76 – 83, Error: 80041002)
[9:53:33] Compiled ‘D:\SMS_CCM\CCMVDI.mof’
[9:53:33] Compiled ‘D:\SMS_CCM\ccmauthmessagehook.mof’
[9:53:33] Compiled ‘D:\SMS_CCM\LocationServices.mof’
[9:53:33] Compiled ‘D:\SMS_CCM\NetworkConfig.mof’
[9:53:33] Failed to compile ‘D:\SMS_CCM\PolicyDefaults.mof’ (Phase: 3, Object: 4, Lines: 49 – 57, Error: 80041002)
[9:53:33] Compiled ‘D:\SMS_CCM\PolicyAgentEvents.mof’
[9:53:33] Failed to compile ‘D:\SMS_CCM\StateMsgSchema.mof’ (Phase: 3, Object: 6, Lines: 89 – 94, Error: 80041002)
[9:53:33] Failed to compile ‘D:\SMS_CCM\DataTransferService.mof’ (Phase: 3, Object: 5, Lines: 318 – 323, Error: 80041002)
[9:53:33] Compiled ‘D:\SMS_CCM\CcmExec_MPFramework.mof’
[9:53:33] Compiled ‘D:\SMS_CCM\SmsCommon.mof’
[9:53:33] Compiled ‘D:\SMS_CCM\XmlStore.mof’
[9:53:33] Compiled ‘D:\SMS_CCM\InventoryAgentEvents.mof’
[9:53:33] Compiled ‘D:\SMS_CCM\SWMtrEvents.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\SWDistEvents.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\SrcUpdateEvents.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\PatchMgmtEvents.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\SMSNapEvents.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\MpStatusForwarderDefaults.mof’
[9:53:34] Failed to compile ‘D:\SMS_CCM\CcmExec_MP.mof’ (Phase: 3, Object: 1, Lines: 31 – 36, Error: 80041002)
[9:53:34] Compiled ‘D:\SMS_CCM\mp_pss.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\mp_ccmConfig.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\mp_ccmConfig_Defaults.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\MpEvents.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\OSDEventClasses.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\DPStatus.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\ImgDeployEvents.mof’
[9:53:34] Compiled ‘D:\SMS_CCM\DCMClientEvents.mof’
[9:53:35] Compiled ‘D:\SMS_CCM\SUMEvents.mof’
[9:53:35] Compiled ‘D:\SMS_CCM\OOBMgmtEvents.mof’
[9:53:35] Compiled ‘D:\SMS_CCM\PwrEvents.mof’
[9:53:35] @@ERR:25140
MSI (s) (8C!1C) [09:53:35:212]: Product: ConfigMgr Management Point — Error 25140. Setup was unable to compile the file CcmExec_Global.mof
The error code is 80041002
Error 25140. Setup was unable to compile the file CcmExec_Global.mof
The error code is 80041002
CustomAction CcmRegisterWmiMofFile returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (8C:70) [09:53:35:241]: Note: 1: 2265 2:  3: -2147287035
MSI (s) (8C:70) [09:53:35:248]: User policy value ‘DisableRollback’ is 0
MSI (s) (8C:70) [09:53:35:248]: Machine policy value ‘DisableRollback’ is 0
Action ended 09:53:35: InstallFinalize. Return value 3.

MPsetup.log is below:

<01/17/13 09:52:54> SMSMP Setup Started….
<01/17/13 09:52:54> Parameters: D:\SCCM\bin\x64\rolesetup.exe /install /siteserver:SCCM01 SMSMP 0
<01/17/13 09:52:54> Installing Pre Reqs for SMSMP
<01/17/13 09:52:54>         ======== Installing Pre Reqs for Role SMSMP ========
<01/17/13 09:52:54> Found 2 Pre Reqs for Role SMSMP
<01/17/13 09:52:54> Pre Req MSXML60 found.
<01/17/13 09:52:54> No versions of MSXML60 are installed.  Would install new MSXML60.
<01/17/13 09:52:54> Enabling MSI logging.  msxml6_x64.msi will log to D:\SCCM\logs\msxml6_x64MSI.log
<01/17/13 09:52:54> Installing D:\SCCM\bin\x64\00000409\msxml6_x64.msi
<01/17/13 09:52:54> msxml6_x64.msi exited with return code: 0
<01/17/13 09:52:54> msxml6_x64.msi Installation was successful.
<01/17/13 09:52:54> Pre Req SqlNativeClient found.
<01/17/13 09:52:54> SqlNativeClient already installed (Product Code: {D9DDE0F8-0CFD-4C0F-8A07-C815DE47FF4D}). Would not install again.
<01/17/13 09:52:55> Pre Req SqlNativeClient is already installed. Skipping it.
<01/17/13 09:52:55>         ======== Completed Installation of Pre Reqs for Role SMSMP ========
<01/17/13 09:52:55> Installing the SMSMP
<01/17/13 09:52:55> Passed OS version check.
<01/17/13 09:52:55> IIS Service is installed.
<01/17/13 09:52:55> No versions of SMSMP are installed.  Installing new SMSMP.
<01/17/13 09:52:55> Enabling MSI logging.  mp.msi will log to D:\SCCM\logs\mpMSI.log
<01/17/13 09:52:55> Installing D:\SCCM\bin\x64\mp.msi CCMINSTALLDIR="D:\SMS_CCM" CCMSERVERDATAROOT="D:\SCCM" USESMSPORTS=TRUE SMSPORTS=80 USESMSSSLPORTS=TRUE SMSSSLPORTS=443 USESMSSSL=TRUE SMSSSLSTATE=63 CCMENABLELOGGING=TRUE CCMLOGLEVEL=1 CCMLOGMAXSIZE=1000000 CCMLOGMAXHISTORY=1
<01/17/13 09:55:52> mp.msi exited with return code: 1603
<01/17/13 09:55:52> Backing up D:\SCCM\logs\mpMSI.log to D:\SCCM\logs\mpMSI.log.LastError
<01/17/13 09:55:52> Fatal MSI Error – mp.msi could not be installed.
<01/17/13 09:55:52> ~RoleSetup().
<01/17/13 09:59:03> ====================================================================

Solution :

I ran ccmclean, didn’t work for me initially. But this did the trick …

In an elevated Powershell window, run this:

Get-WMIObject -namespace “root” -query “SELECT * FROM __Namespace where name = ‘ccm’” | remove-wmiobject

It removes any last trace of ‘CCM’ from WMI. In my case I’d already uninstalled an old client and scoured the machine for any file or registry traces of ccm, but finally this worked.

Hope it helps ,

Kenny Buntinx

Citrix Provisioning Services and Microsoft System Center Configuration Manager 2012 SP1

12:54 pm in App-V, App-V 5.0, ConfigMgr 2012, ConfigMgr 2012 SP1, ConfigMgr V.next, MP, PVS, SCCM 2012 SP1, XEN, Xenapp, Xendestop, XENSERVER by Kenny Buntinx [MVP]

 

Hi ,

Today colleague Frank Vandenbergh at my customer responsible for Citrix was fighting to get there Citrix Provisioning services up and running with clients registering into System center Configuration Manager 2012 SP1. He has written already a blog post about it here , but I want to share some background info with you and dig a little deeper.

We had tried this in ConfigMgr 2007 out of the box without great succes resulting in a blog post :”ConfigMgr on xendesktop with the usage of provisioning server : Unique GUID issue and the smscfg.inihttp://scug.be/sccm/2011/02/04/configmgr-on-xendesktop-with-the-usage-of-provisioning-server-unique-guid-issue-and-the-smscfg-ini/

A little background :

Managing Virtual Desktops Created with PVS

 

Citrix Provisioning Services allows for multiple servers to stream their boot disk from the same master image (vDisk). During the boot process, PVS will make sure each server has a unique SID and dynamically apply the computername together with some other tasks to make those systems unique.

If you tried installing the SCCM client on a PVS image, you will notice that SCCM shows new machines with the same name every time a PVS target device reboots in standard mode. This is because the SCCM client changes the GUID when an image is pushed to new hardware. ConfigMgr uses the GUID to keep track inside his database.

ConfigMgr uses an ID that is generated on the Client to identify a machine inside the ConfigMgr hierarchy. This ID, also known as SMS GUID is generated during ConfigMgr Client installation.
An Algorithm, which combines the Timestamp (Time of ConfigMgr Client Installation) and the Universally Unique Identifier (UUID) is used to generate a unique Identifier.
A Client generates a new SMS GUID if the following things change

  • the SMBIOS serial number
  • the Machine SID
  • the Hardware ID (see appendix)

When VM is provisioned for the first time, the client will create a new GUID to register with server. If this client was discovered earlier by AD system discovery it can merge based on machine SID if previous history is present in SCCM site server DB. If server finds a match for this GUID in system_disc with exact AD machine account, the GUID and resource ID assigned will be same. If server finds a match based on AD machine SID in SID0, server will assign the GUID associated with the AD machine account and resource ID assigned will be the record that is the AD machine account. If it cannot find previous history using either of these methods, the server will assign the client passed in GUID and a new resource ID will be assigned.

Once new GUID is established for the VM, it will retain the same GUID for that VM based on machine SID as well as identity information restored locally on client from VDI persistent store. From the logs the client starts with GUID:78F1CF6F-814B-4E44-A2AE-729FB2C4F725 for reregistration that was established earlier and if cert changes it will associate the new cert with the GUID in re-registration. For any identity changes, client will retain the same GUID and same resource ID.

If resource ID changes (ItemKey in system_disc), it means there is no match in previous history for either client GUID or AD machine SID or client cert.

The heartbeat DDR will be sent when VM is provisioned for the first time i.e. when new ID is created. Thereafter it will depend on heartbeat discovery schedule set in the policy. Once DDR is sent by the client and gets processed by MP and site server, you should see all attributes in Admin console.

To ensure any desktops created with Provisioning Services operate correctly with ConfigMgr 2012, you must set the write cache to the target device’s hard drive. Using the Provisioning Services Console, in vDisk Properties, select Cache on device hard drive as the Cache Type. If you do not configure the cache this way, data required by ConfigMgr 2012 is not persisted when the desktops are restarted, which may result in unexpected behavior such as duplicate GUID’s or invalid inventory etc.

Unique Machine IDs for Shared Image Desktops

Virtual desktops built on the shared image provisioning solutions provided by XenDesktop (Provisioning Services and Machine Creation Services) presented a bit of a challenge for Configuration Manager 2007. 

With XenDesktop 5.6 and Configuration Manager 2012 / SP1 that problem is now history.  When you create your master image with either MCS or PVS simply install the SCCM agent and forget about it.  When you create cloned/streamed machines from that master image, the SCCM agent will automatically generate and store machine IDs that persist for the life of the VM.  Your virtual desktops will register and behave exactly like their physical counterparts.  One record per machine and that machine will continue to use the same ID across reboots.  This capability will also be available for XenApp servers streamed with Provisioning Services 6.1.

However it is not that simple …

Step 1 : Extending ConfigMgr Inventory for XenDesktop

XenDesktop makes available to ConfigMgr 2012 so that virtual desktops can be managed using this tool. The properties are available for the Citrix_virtualDesktopInfo class in the Root\Citrix\DesktopInformation namespace. See official info here : http://support.citrix.com/proddocs/topic/xendesktop-ibi/cds-manage-sccm-ibi.html

The following properties are available. Property names are those used in the Windows Management Instrumentation (WMI) provider:

  • BrokerSiteName – The name of your XenDesktop site; returns the same value as HostIdentifier
  • DesktopCatalogName – The name of the catalog associated with the desktop
  • DesktopGroupName – The name of the desktop group associated with the desktop
  • HostIdentifier – The name of your XenDesktop site; returns the same value as BrokerSiteName
  • IsAssigned – False for a pooled-random desktop, otherwise true
  • IsVirtualMachine – True for a virtual machine, false for a physical machine
  • OSChangesPersist – False if the desktop operating system image is reset to a clean state every time it is restarted, otherwise true
  • PersistentDataLocation – The location where Configuration Manager stores persistent data. This is not accessible to users.
  • PersonalvDiskDriveLetter – For a desktop with a personal vDisk, the drive letter you assign to the personal vDisk

The properties BrokerSiteName, DesktopCatalogName, DesktopGroupName, and HostIdentifier are determined when the desktop registers with the controller, so they are null for a desktop that has not fully registered.

You can display the properties using the hardware inventory in Configuration Manager or using attributes of Configuration Manager objects. When you do, the names may include spaces or vary slightly in other ways.

On how to extend the HW inventory , Marius Sandbu has written an excellent acticle about that here : https://msandbu.wordpress.com/2013/03/27/excalibur-and-configuration-manager/

Step 2 : Create your Master VM with care !

 

Keep in mind that your Master VM is a fully configured and running VM. You allow SCCM to install the client as normal and so the SCCM server is aware of the machine so I guess you can say the reverse it true as well. You do this install before you do create the catalog from the VM image of course. From there it should just work.

  • Install the Configuration Manager client software on the golden image as part of your automated Configmgr Task Sequence
  • Stop the SMS Agent Host service (CCMExec.exe) on the reference computer (net stop ccmexec).
  • Delete the C:\Windows\SMSCFG.INI file
  • Delete the current certificates in the "SMS" certificate store. ( open an MMC.exe)
  • Change the provisioning image from private to standard.
  • Stream the vdisk to target computers.

If you do not remove the certificates , you will get into the following problem that registration of the client will not succeed successfully. What will happen is :

1. System booting up in “private mode”, the master image. Hostname is TEST1.

2. Same disk is now booted in standard “readonly” mode. Hostname is TEST1. SCCM is correctly getting the persistent disk location from WMI . SCCM restores everything from CCMCFG.BAK, except the correct SMBIOS value. It reports SID unchanged, HWID unchanged, SMBIOS changed (it is still reading the SMBIOS value from the ‘master’ device in the SMSCFG.INI file in the default location.)

3. ClientIDManagerStartup reports: Detected hardware identity change, generating new certificates.The Client is re-registering with the SCCM server.

4. The SCCM service seems to be restarted following the registration witch is normal .The ccmexec service restart is expected even on non-VDI systems if any of the policy configuration require service to be restarted. The heartbeat DDR will be sent when VM is provisioned for the first time i.e. when new ID is created.

5. In the SCCM console the record is recreated and as a result we loose the software metering information / direct collection memberships. We did the test with removing the SMSCFG.ini file in the “master” disk. On next startup SCCM is reading everything correctly from the CCMCFG.BAK and reports “SMBIOS unchanged”.

6.The computer object is not recreated, but we have a feeling the client is still not registered correctly because the console is not updating its last hardbeat time etc.  .This is due the faulty SMS Client certificates being stuck in the “Master Images” . Remove the Certificates as said before and you’ll be fine .

 

Hope it Helps ,

Kenny Buntinx

Mpsetup.log: Setup was unable to create ccm_incoming on a Windows 2008 (non R2) Box after installing a patch

6:40 pm in ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, ConfigMgr SP2, ConfigMgr2007 R3, MP, R3, sccm, SCCM 2007, SCCM 2007 R2, SCCM 2007 R3, SCCM 2007 SP2, sccm2007 by Kenny Buntinx [MVP]

Issue : During a necessary patch installation it denied installing the Configmgr client hotfix package on the site server because it told us another install was already occurring . After rebooting the server , the server had issues with reinstalling the component called the Management point . It always failed with error 1603 ( Install Failed , unknown error ).

The following error was found in the eventlog or MPMSI.log  :

Error 25006. Setup was unable to create the Internet virtual directory CCM_Incoming.The error code is 800CC801
CustomAction CcmCreateIISVirtualDirectories returned actual error code 1603

 

Note that the failures are observed on Standard, Enterprise, x86, and x64 versions. The failures are observed in the following circumstances:

  • After performing a site repair of a site server running on Windows 2008 with a local MP already installed
  • Initial install of an MP on a machine running Windows 2008
  • After removing and attempting to reinstall an MP on a machine running Windows 2008

 

Steps to we tried to resolve the issue :

· Looked at the error and it seemed related to a bits error and task scheduler service .We looked at the permissions and if the task scheduler service was started. Everything was green so , no luck .

· I uninstalled the SCCM client as we have seen other customers suffering reinstalling Management points on their servers when sitting on the same box . No Luck either .

· My last resort was a BITS corruption , de-installed BITS and the reinstalled it . Solved the issue !.

 

At the same time I de-installed BITS , I found a quick fix article describing the exact issue : http://support.microsoft.com/default.aspx?scid=kb;en-us;2419559&sd=rss&spid=12769

This is problem described is only valid for Windows 2008 environments , not for Windows 2008 R2 . Took us a half a day figuring out what was going on .

 

Solution :

As of right now, the easiest way to resolve this issue is to remove and reinstall the BITS component. If the ConfigMgr 2007 Management Point role was already installed then it will also be necessary to remove and reinstall that role once you’ve done the same with BITS.

You could find the same answer on http://support.microsoft.com/default.aspx?scid=kb;en-us;2419559&sd=rss&spid=12769

 

Hope it Helps ,

Kenny Buntinx

SCCM 2007 MP horror : “Cannot create the internet virtual directory CCM_Incoming. The error code is 8007005”.

4:39 pm in Conficker, ConfigMgr, ConfigMgr 2007, ConfigMgr 2007 R2, MP, sccm, SCCM 2007, SCCM 2007 R2 by Kenny Buntinx [MVP]

This story happened at one of my customers , but lucky it happenend into an acceptance environment instead of production

After discovering that a reboot happened in our acceptance environment around the 19th of july 2009 , we saw that the management point did not communicate anymore with their clients.

After some investigation , we decided to uninstall the mgmt point and reinstall it. This should always go smooth and without issues.

Guess what , at my client it didn’t. Below you will find the detailed log files of the installation failing.

clip_image002

These errors didn’t worry me to much as the mgmt point was not existing anymore . Below you will find the rest of the log and that was really worrying me .

 

clip_image002[6]

 

As you can see it says : “Cannot create the internet virtual directory CCM_Incoming. The error code is 8007005” ==> This means somewhere access denied .

After checking the default permissions on the following accounts (IUSR,IWAM,IIS_WPG), I checked if the accounts did not give any Failure audits in the security log of the eventvwr to see if the account wasn’t locked out.

Guess what , it wasn’t the case.

So after that I started to dig any further to see if any patches where installed / deinstalled on the server ( remember the reboot ) . Well it seemed that the 18/07/09 the following hot fix KB923845 was uninstalled for whatever reason . Unlucky this was a BITS 2.5 hotfix …

clip_image002[8]

 

clip_image002[10]

I downloaded the hot fix and reinstalled it on the server . Same issue . It could just be a coincidence . After that I tried to see in IIS if Bits would still work and I tried to apply the bits into the default website and got the following error message : “Task scheduler could not be started . Cleanup cannot be scheduled now…” .

This triggerd me thinking it thru and I verified the service was running . The service was up and running . So the only one place to look further into ….GPO’s !

clip_image002[12]

I saw directly something strange . A GPO applied into the root of the forest doing the following as shown below :

clip_image002[14]

Here is the problem ! They are killing the TASKS service by reducing security . Well , they killed BITS in one go as well as the MP and DP are using this feature !

So my next step was to create a separate OU , block inheritance of existing GPO’s and create and apply a UNDO_KB958644 to reset permission.

The server team at my customer implemented this for fighting the Conficker Virus , witch is recommended by Microsoft …but they didn’t do the last part in the article.

Well they (Customer server team)  killed my Mgmt Point on my SCCM server ….

 

*******************************************************************************************************

If you are experiencing this kind of issues and it worked before , make sure to check your GPO’s for security add-ons !

(Thanks to Kim Oppalfens to put me on track for looking into GPO security add-ons)

*******************************************************************************************************

 

Hope it Helps ,

 

Kenny Buntinx