locked
Management Point installation issue RRS feed

  • Question

  • Team

    We are on SCCM 2012 R2 SP1 (8239.1000) and the hierarchy has 1 CAS and 2 Primary Sites. One Primary site is configured for Workstation Management which has remote 2 Management Points configured under https mode. Since last week, one MP started misbehaving and IIS logs revealed logon failure issues with access denied errors (401.5). The client download uses windoes authentication and we were not sure why this error was producing. We had seen this error few months back and we then rebuild the MP and the issue resolved.

    We started to rebuild the MP, however we are stuck at one point where the MP installation fails while copying files from Site server to MP. All pre-requisites, permissions have set correctly. Sitecomp.log revealed below errors.

    

    On remote MP, none of the MP logrs are being generated. The SMS_MP_CONTROL_MANAGER status clearly shows issues while copying files. 

    Site Component Manager could not copy file "D:\Program Files\Microsoft Configuration Manager\Client\x64\WindowsUpdateAgent30-x64.exe" to "\\ABC.XYZ.COM\D$\SMS\Client\x64\WindowsUpdateAgent30-x64.exe". The operating system reported error 5: Access is denied. 

    Site Component Manager reports this error when it fails to:

    1. Create the destination directory, if it does not already exist.
    2. Assign the proper directory permissions to the destination directory.
    3. Copy the source file to the destination directory.

    Possible cause: The site system is turned off, not connected to the network, or not functioning properly.
    Solution: Verify that the site system is turned on, connected to the network, and functioning properly.

    Possible cause: Site Component Manager does not have sufficient access rights to administer the site system.
    Solution: Verify that the Site System Connection accounts are properly configured to allow the site to administer the site system.

    Possible cause: Network problems are preventing Site Component Manager from connecting to the site system.
    Solution: Investigate and correct any problems on your network.

    We have ensured the the destination drive is healthy, perms are set and ports are open. We have already re-imaged the server twice and issue remains the same.

    Any help greatly appreciated.

    regards

    Guru


    Gururaj Pai

    Wednesday, March 16, 2016 3:40 PM

All replies

  • "The operating system reported error 5: Access is denied."

    This has nothing to do with pre-requsitie components or ports.

    This could be because the primary site's computer account is not a local admin on the target system, the system is locked down by a policy (deployed via GPO), or because something else is interfering with access (like Anti-virus).

    You'll have to troubleshoot this like you would any access denied as this is not specific to ConfigMgr. Check the event viewer, use ProcMon, use psexec (to impersonate the the local System account on the site server and test thing manually), etc.

    Given that this started happening before and continues to happens with new systems, GPO or AV are very likely culprits.


    Jason | http://blog.configmgrftw.com | @jasonsandys


    Wednesday, March 16, 2016 7:08 PM
  • Error 5: Access denied , So you just check the permissions of computer accounts and access.

    As per Jason, Just check the computer account in Local Admin group.


    Please click answer If it works Thanks KMI

    Thursday, March 17, 2016 8:50 AM
  • Thanks Jason, all computer accounts, network accounts and perms have set correctly and have local admin perms on remote MP machine. There are new GPO or AV policies set. Its very weird one as we can see SMS folder in D drive and sub folders in it. It copies few files successfully and then fails which is annoying.

    regards

    Guru


    Gururaj Pai

    Thursday, March 17, 2016 10:59 AM
  • "There are new GPO or AV policies set."

    Did you mean "no" or "new"?

    There are always GPOs in a domain and there is always a default AV policy. 

    Have you reviewed the event logs? Have you tried using ProcMon? As noted, this is something external to ConfigMgr and unique to your environment and so you will have to dig and troubleshoot to find out the root of this.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Thursday, March 17, 2016 4:46 PM