none
SCCM 1610 OS Upgrade

    Question

  • Hi All,

    In view of Going towards 1706, We thought of Upgrading our Only Standalone Primary Server from Windows Server 2008 R2 to Windows Server 2012 R2.

    Post Upgrade of OS, We had a strange issue, MP is Not able to forward none of   messages stuck at outbox getting error ,getting error *ERROR: Cannot connect to the inbox source, sleep 30 seconds and try again on mpfdm.log on the Management Point

    We did a Site Reset but that also did not resolve the issue. For testing we removed one of the MP and readd it back still same issue.

    We Tried adding SMS_SiteSystemToSiteServerConnection_MP_XXX group to Primary Site Server inbox\bgb.box and also  on hman.box\ForwardingMsg with full permission. Still no go

    Than we add the MP Computer account as a Local admin account on Primary Site Server and boom messages start to flow?

    I am surprised why this has happened and it was working fine?Why we need a change post OS Upgrade.. Did anyone face this or is this a bug with SCCM 1610? Please advise

     

    Tuesday, October 31, 2017 12:41 PM

All replies

  • Hi,

    In my opinion, it's not normal and it should not happen. 

    It's not required for a remote site system computer account to be a local admin on Primary site server, so to add the MP computer account as a local admin should be a little over-do. But it can prove that the permission is not ready for the management point to connect to Primary site inboxes.

    Normally, SMS_SiteSystemToSiteServerConnection_MP_XXX provides this permission for remote site systems.

    So please verify below two:

    1) is the management point still member of this group?

    2) Does this group still have at least Read & Write access to the server inboxes?


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 1, 2017 2:37 AM
    Moderator
  • Yes THE MP still part of 

    1.SMS_SiteSystemToSiteServerConnection_MP_XXX

    2. SMS_SiteSystemToSiteServerConnection_MP_XXX is  having Read & Write access to the server inboxes

    But issue only gets fixed when we add the MP as a Local admin on Primary Site Server.

    Saturday, November 4, 2017 1:46 AM
  • Hi,

    Well, then it's hard to tell what's the root cause as it appears to have proper permission already. 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, November 6, 2017 2:05 PM
    Moderator
  • Hi,

    Well, then it's hard to tell what's the root cause as it appears to have proper permission already. 


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    And it was working for awhile before failing !!!

    Thanks,

    Dom


    Security / System Center Operations Manager 2012 / System Center Configuration Manager 2012 / SQL System Center Operations Manager 2007 / System Center Configuration Manager 2007 R2 / Forefront Client Security / Forefront Identity Manager

    • Proposed as answer by Felyjos Friday, November 10, 2017 6:52 PM
    Wednesday, November 8, 2017 3:25 PM
  • Hi,

    There was another exactly the same issue thread, however, without any solution yet.

    Any possibility that you can use network capturing tool to capture packages on both servers to see what's wrong? Or you can try to call Microsoft.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.


    Thursday, November 16, 2017 6:23 AM
    Moderator
  • Hello! Faced same issue after OS upgrade.

    Solution was found in registry.

    Check your key "Machine" in HKLM\SYSTEM\CurrentControlSet\Control\SecurePipeServers\Winreg\AllowedPaths

    We found, that after upgrade one string was missing. It was "Software\Microsoft\SMS"So, just add "Software\Microsoft\SMS" to "Machine" key, and check mpfdm.log after 5 minutes.

    Key should look like:

    System\CurrentControlSet\Control\Print\Printers

                       System\CurrentControlSet\Services\Eventlog

                       Software\Microsoft\OLAP Server

                       Software\Microsoft\Windows NT\CurrentVersion\Print

                       Software\Microsoft\Windows NT\CurrentVersion\Windows

                       System\CurrentControlSet\Control\ContentIndex

                       System\CurrentControlSet\Control\Terminal Server

                       System\CurrentControlSet\Control\Terminal Server\UserConfig

                       System\CurrentControlSet\Control\Terminal Server\DefaultUserConfiguration

                       Software\Microsoft\Windows NT\CurrentVersion\Perflib

                       System\CurrentControlSet\Services\SysmonLog

                       Software\Microsoft\SMS

    And thanks to Saurabh from Microsoft :)

    • Proposed as answer by Felyjos Wednesday, December 26, 2018 11:25 PM
    Monday, July 9, 2018 12:05 PM