SCCM Using a Custom Web site. Modifying the Default Web site ports but need to go back.
I had a dumb screw up.
Summary:
I have two W2K3SP1 w/SP2 Servers for my Single Site, Mixed Mode 2007 SP1 w/R2. AD is extended. I have completed the initial setup of our New SCCM Infrastructure, and things are going great.
SCCM01 is Hosting SQL 2K5SP2 Server, Primary Site Server, SMS Provider, MP, DP (Removed the DP after xfering to SCCM02) (Future SLP, RP, SRS).
SCCM02 is the DP, FSP, PXE (Installed one at a time after the Primary site is up).
(I know that I should not put the FSP on this server but it’s all we got)
Our Server build procedures require that we put all non OS System Software on Alternate Partitions if possible.
So things are spread out on different volumes. As documented, it is difficult to control the install locations.
Before I started the SCCM site install, both servers have IIS in a default configuration on C:\inetpub\wwwroot\, BITS, WEBDAV are enabled on both and ASP.NET 2.0 w/ASP is registered and enabled on SCCM01 only, (Future SRS Server).I created the custom named "SMSWEB" Web Site on Port HTTP-8085 and HTTPS-null. I linked to a Folder named SMSWEB on an alternate HD partition on both servers. Note - The IIS Wizard required a folder location to be defined. Home Dir. Locations are: SCCM01=G:\inetpub\SMSWEB and SCCM02=E:\inetpub\SMSWEB), Permissions match default IIS inetpub and wwwroot.
I don’t think the Home Dir. location mismatch is a problem?
I manually installed SCCM and during setup I set the HTTP Client Communication port to 8085 and did not set HTTPS. (This may have been a mistake) Setup completed but reported a MP Time out Failure.
I added HTTPS-8086 to the SMSWEB site and the MP started to work.
I Updated the Site Property/Ports from 8085 and 443 to HTTP-8085 HTTPS-8086 and enabled the “Use Custom Web Site”.
!!! The Service Ports are very confusing and have Duplicate Descriptions. I was not sure how to handle which port to set on what and when to set as default.
Added SLP to SCCM01 and FSP to SCCM02 which I think was on the default web site on port 80 on SCCM02.
All looked good for the week that I just monitored with no change activity.
All Virtual Dir and SCCM configurations were removed from the Default web site.
So I wanted RP and SRS to use alternate ports so I changed the Default Web Site on SCCM01 from ports 80 and 443 to 8080 and 8081. Then installed the SMS reporting point and assigned it to HTTP-8080
so far so good. all is working as far as i can tell, status is all green
I did notice that the User Rights Association for Network access: Sharing and security model for local accounts - CHANGED From <Classic> to <Guest only> ...we do have the Default Domain Policy disabling the Guest Account Status.Is the OS Local Guest Account required for any particular scenario in SCCM? I could not find specific SCCM KBs, other than general OS info about Network access: Share and Security model changing and no anonymous SMB access allowed.
http://technet.microsoft.com/en-us/library/cc787725(WS.10).aspx
There are many postings about Client install access issues.
I Installed SQL reporting services on SCCM01 and configured as documented using the default folders and database settings. everything is a ok.
Added the Reporting Services Point to SCCM01 and Pointed to the default folder "Reports" then copied all the SMS Reports to the SRS Database. All is great. and appears to be working as it should.
!! Run a Report and the path shows "Reports\{GUID}\{GUID}\Reports\" Path...Seems strange but it is working.. :)
Two more weeks go by monitoring an all green board.
However I started noting an occasional SRS_REPORTING_POINT health status failure but not enough to trigger a warning.
I started to configure for Client Deployment. and during a manual client install i was having issues with the "Source is not accessible".
…Here’s were the fun begins...
I found out that our Trend micro Client for the enterprise is configured to use port 8080 for communication...my bad for not knowing.
I guess I need the Default web site on SCCM01 to go back to 80 and 443.
Let the “Shooting myself in the foot” begin.
I removed the SMS reporting point. Changed the Default web site ports back. Ran the SQL reporting service configuration and kept the same settings.
Installed the SMS report point to Http-80. (report’s are working)
Reporting Services Point broke. (Cant connect to database).
Manual Client install is still not able to access source. (Checked just for laughs)Changed the Site Property Ports around and got confused on where I was...
The FSP on SCCM02 that I thought was on the default web site has moved to the SMSWEB site on SCCM02.
I would like to clean it up and start over, and not blow the install.
The MP stopped responding... the SMSWEB sites are offline. Will not start, ERROR: "Another site may be using the ports".
Generally, I am getting into trouble and need to stop.
I have not changed any Server Security Settings or Folder/File ACLs. just IIS Default web site Ports on SCCM01
I know SCCM works, and is really good handling change and repairing itself...
I guess I am asking if there is a process you can recommend to back out of this.
Back to the lab egor.
All Replies
- Wow, I think you may have the record for the longest post ever LOL.
Two things that come to mind here.... You could remove the MP,DP, RP, RSP and WSUS, uninstall IIS and then add everything back or you could just get an SMS backup and start over. Honestly I do not know if either of those will work but it's the only two things that come to mind.
John Marcum | http://www.TrueSec.com/en/Training.htm | http://myitforum.com/cs2/blogs/jmarcum That's extremely difficult to troubleshoot here in the forums because you have a non-standard configuration that was changed at lot of times until now. I think that it would be possible to get ConfigMgr working again (without reinstalling it), but that's defnitely something where you have to sit right in front of the console and that's beyond the possibilities of a forum.
Sorry about that...
in getting the services ports confused i guess it configured IIS with conflicting settings. even though the IIS Admin GUI showes different ports. i could shut down one and bring the other up, but not both. after cycling them around a couple of time, SCCM reconfigured correctly.
I corrected the Site Properties>Service Port settings back to the way they were with one of the set of services disabled the other on the correct Custom Web site ports (the services that were blank on Initial install but now have port 80 and 443 set and cant remove).
I removed Reporting Services point and SMS Reporting Point from SCCM01 and all is looking good.
reinstalled SCCM Reporting Point to SCCM01 and all looks good and working.
reinstalled Reporting Services Point but it will not connect to the site or database.
In reading more about SQL Reporting Services Deployment docs. I read that the default SRS Web Services setup will assign the Default Content Manager to "Builtin\Administrators" Prior to installing SSRS the SQL Admins here insisted on removing the "Builtin\Administrators" SQL Login Account from the SQL server. I dont know what that may do to the default SRS web services configuration.
IE Enhanced security is enabled
note that I am configuring these points logged on locally to SCCM01 with the domain account used to install SCCM.
SSRS was installed after SQL Server hardening. SQL and SSRS Service run with seperate deticated Domain account.
I can logon to a remote computer with an account that has administrators access to SCCM01 and can manualy access the http://SCCM01/Reports page and looks like i can manage ok.
I do see a datasource folder that has that GUID defined.
that said, reading How to Configure Properties for the Reporting Services Point Document Data Source Authentication. Step 5. I Selected - "Credentials supplied by the user running the report". :( I read later that this is not currently supported in R2. I went back and changed this when it was working and i think thats when the two GUID's in the path showed up.
It seems only the SRS/SCCM intergration is a miss now.I was able to get the Peropting Services Point connecting to the SRS reports server web site.
I found that in the rsreportserver.config file had the old port :8080 defined in the <urlroot> and removed the port assignment ":8080" from the url
this seem to allow SCCM Admin console access to the properties again and i can run reports again. i am not sure if this corrected the whole intergration problem or just fixed the connection problem.
- Proposed As Answer byWil BradyMSFT, ModeratorFriday, November 06, 2009 5:28 PM
- JTweedle - from what I read, it seems your issues are resolved, correct? If so, i would like to close this thread by marking at least one response as "answer". Please feel free to mark the response(s) you feel provide the answer to your situation.
Thanks,
Wil
Wil
