none
Clientdeploy fails whilst validating user RRS feed

  • Question

  • I cannot join client computers to the domain on the Server Essentials 2012 system. When ever I try, the clientdeploy wizard fails with a message that it can't find the server, just after it has collected the domain account name and password. I'm assuming this is some configuration issue with IIS on the server, but I haven't got any handle on what it might be.

    In the ClientDeploy Log, this is what I see:

    [2064] 131227.171658.4208: ClientSetup: Validating User
    [2064] 131227.171658.4208: ClientSetup: Call MachineIdentityManager.GetMachineStatus
    [2064] 131227.171658.6611: ClientSetup: MachineIdentityManager.GetMachineStatus had errors: ErrorCatalog:NetworkError ErrorCode:-1
    BaseException: Microsoft.WindowsServerSolutions.Devices.Identity.MachineIdentityException: MachineIdentityManager.GetMachineStatus ---> System.ServiceModel.ProtocolException: The remote server returned an unexpected response: (405) Method Not Allowed. ---> System.Net.WebException: The remote server returned an error: (405) Method Not Allowed.
       at System.Net.HttpWebRequest.GetResponse()
       at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
       --- End of inner exception stack trace ---
    
    Server stack trace: 
       at System.ServiceModel.Channels.HttpChannelUtilities.ValidateRequestReplyResponse(HttpWebRequest request, HttpWebResponse response, HttpChannelFactory`1 factory, WebException responseException, ChannelBinding channelBinding)
       at System.ServiceModel.Channels.HttpChannelFactory`1.HttpRequestChannel.HttpChannelRequest.WaitForReply(TimeSpan timeout)
       at System.ServiceModel.Channels.RequestChannel.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Dispatcher.RequestChannelBinder.Request(Message message, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannel.Call(String action, Boolean oneway, ProxyOperationRuntime operation, Object[] ins, Object[] outs, TimeSpan timeout)
       at System.ServiceModel.Channels.ServiceChannelProxy.InvokeService(IMethodCallMessage methodCall, ProxyOperationRuntime operation)
       at System.ServiceModel.Channels.ServiceChannelProxy.Invoke(IMessage message)
    
    Exception rethrown at [0]: 
       at System.Runtime.Remoting.Proxies.RealProxy.HandleReturnMessage(IMessage reqMsg, IMessage retMsg)
       at System.Runtime.Remoting.Proxies.RealProxy.PrivateInvoke(MessageData& msgData, Int32 type)
       at Microsoft.WindowsServerSolutions.Devices.Identity.ICertService.GetMachineStatus(MachineStatus& status, Boolean& isAdmin, Int32& maxClientNum, Int32& currentClientNum, String userName, String password, String machineName)
       at Microsoft.WindowsServerSolutions.Devices.Identity.MachineIdentityManager.GetMachineStatus(String serverName, String userName, String password, String machineName, Boolean& isAdmin)
       --- End of inner exception stack trace ---
       at Microsoft.WindowsServerSolutions.Devices.Identity.MachineIdentityManager.GetMachineStatus(String serverName, String userName, String password, String machineName, Boolean& isAdmin)
       at Microsoft.WindowsServerSolutions.ClientSetup.ClientDeploy.ValidateUserTask.Run(WizData data)
    [2064] 131227.171658.6611: ClientSetup: Exiting ValidateUserTask.Run
    [2064] 131227.171658.6611: ClientSetup: Task with Id=ClientDeploy.ValidateUser has TaskStatus=Failed
    [2064] 131227.171658.6611: ClientSetup: Task with Id=ClientDeploy.ValidateUser has RebootStatus=NoReboot
    [2064] 131227.171658.6611: ClientSetup: Exting ConnectorWizardForm.RunTasks
    [164] 131227.171658.6711: ClientSetup: JoinNetwork Tasks returned TaskStatus=Failed
    [164] 131228.000408.7404: ClientSetup: Back from the Client Deployment Wizard
    [164] 131228.000408.7805: ClientSetup: Saving Wizard Data
    [164] 131228.000408.7805: ClientSetup: End of ClientDeploy: ErrorCode=1603
    
     

    Searching the web, I can only find this error in items about  people programming web services in ASP.

    Can anyone help to figure out what's wrong?

    Friday, December 27, 2013 1:45 PM

All replies

  • Can you check the IIS log file for "WSS Certificate Web Service" Web Application. Log files should ben the folder C:\Inetpub\Logs\LogFiles\W3SVC2. Check for error 405. 

    If you are getting error 405 check for Web Handler for *.svc

    You can do this by running the PowerShell command Get-WebHandler | Where-Object {$_.Path -like "*.svc"} 

    This should result in the following Web Handlers

    Name                          Path                          Verb                          Modules
    ----                             ----                          ----                          -------
    svc-Integrated-4.0     *.svc                         *                             ManagedPipelineHandler
    svc-ISAPI-4.0_32bit   *.svc                         *                             ManagedPipelineHandler
    svc-ISAPI-4.0_64bit   *.svc                         *                             ManagedPipelineHandler

    If the command does not return any result, you need to add the Web Handler for *.svc




    This post is "AS IS" and confers no rights. Mohammed Sabir [MSFT]

    Friday, December 27, 2013 2:49 PM
  • Thank you Mohammed, this appears to be the immediate issue.

    I backtracked to the Web Handler mappings in IIS Manager, concentrating on the WSS Certificate Web Service site.

    There are no handler mappings for *.svc, so I went looking for the module that provides them (ServiceModule-4.0), and it is not present either. I'm not sure how to add the assembly that's needed.

    Friday, December 27, 2013 9:23 PM
  • Hello 

    You can follow the steps mentioned below. May be it will fix your issue. 

    1. Highlight ServerName in IIS Console 
    2. Open handler Mappings
    3. Add Managed Handler

    Request Path: *.svc
    Type: System.ServiceModel.Activation.ServiceHttpHandlerFactory, System.ServiceModel.Activation,Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35
    Name: svc-Integrated-4.0

    4. Add a script map

    Request Path: *.svc
    Executable: C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_isapi.dll
    Name: svc-ISAPI-4.0_64bit

    5. Add a script map

    Request Path: *.svc
    Executable: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_isapi.dll
    Name: svc-ISAPI-4.0_32bit

    6. Restart IIS. 

    If the above mentioned steps fixes your issue please mark it as an answer. 



    This post is "AS IS" and confers no rights. Mohammed Sabir [MSFT]

    Sunday, December 29, 2013 8:15 AM
  • Mohammed,

    There is progress - but it still doesn't work.

    Coincidentally, I (re) installed .Net framework 4.5, and that has recreated the mappings you detailed.

    Now I am getting a different problem - the server is returning a 500 to the client.

    I turned on failed request tracing, but I'm not sure it's telling me anything meaningful.

    Monday, December 30, 2013 4:17 AM
  • Can you upload the FRT Logs the entire folder. Along with this also please upload the logs from the client in question.


    This post is "AS IS" and confers no rights. Mohammed Sabir [MSFT]

    Monday, December 30, 2013 8:14 AM
  • Can you upload the FRT Logs the entire folder. Along with this also please upload the logs from the client in question.


    This post is "AS IS" and confers no rights. Mohammed Sabir [MSFT]

    I uploaded the files to my skydrive, but the forums won't let me post the links (despite validating my account). Is there some other way I can get them to you?
    Monday, December 30, 2013 1:39 PM
  • post the link, remove hyperlink...will be OK.

    seems really some WSS Certificate Web Service entries missing in the list of Handler Mappings. this may give you clues...

    http://social.technet.microsoft.com/Forums/windowsserver/en-US/2eb71492-0175-4a36-baf8-864f9f08c2c2/cant-connect-client-computers-windows-server-2012-essentials?forum=winserveressentials

    Best,

    Howtodo

    Monday, December 30, 2013 1:56 PM
  • At last!

    FRT Log Folder

    ClientDeploy.log

    Thank you for your assistance!

    Sunday, January 5, 2014 11:08 AM
  • changed the authentication settings in IIS on the server: enable "Anonymous Authentication" in the 'Connect' sub-group of the "Default Web Site". Can solve?

    Best,

    Howtodo

    Wednesday, January 8, 2014 12:20 PM
  • Already set, so this is not the solution.

    I really need someone to read the logs I posted a few days back - hopefully someone will understand what's causing the problem from there....

    Regards

    Wednesday, January 15, 2014 2:11 AM
  • Go into PowerShell.

    Type in:

    Get-ChildItem IIS:\SSLBindings
    
    Please post result.


    Robert Pearman SBS MVP
    itauthority.co.uk | Title(Required)
    Facebook | Twitter | Linked in | Google+

    Wednesday, January 15, 2014 3:38 PM
    Moderator
  • Get-ChildItem : Cannot find drive. A drive with the name 'IIS' does not exist.
    At line:1 char:1
    + Get-ChildItem IIS:\SSLBindings
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : ObjectNotFound: (IIS:String) [Get-ChildItem], DriveNotFoundException
        + FullyQualifiedErrorId : DriveNotFound,Microsoft.PowerShell.Commands.GetChildItemCommand

    Wednesday, January 15, 2014 6:55 PM
  • You can Run the following command 

    Import-Module WebAdministration

    Get-ChildItem IIS:\SSLBindings

    The result you will get should be as follows

    IP Address Port Host Name Store Sites

    -------------- ------- --------------- -------- --------

    443 HOSTNAME My

    :: 443 My

    0.0.0.0 443 My

    0.0.0.0 65500 My

    0.0.0.0 65520 My


    This post is "AS IS" and confers no rights. Mohammed Sabir [MSFT]

    Wednesday, January 15, 2014 7:05 PM
  • IP Address          Port   Host Name        Store            Sites
    ----------          ----   ---------        -----            -----
                        443    DirectAccess-NLS My               Network Location Service
                               .ERILYAN.local
                        443    ERILYAN-BL       My
    ::                  443                     MY
    0.0.0.0             443                     MY
    0.0.0.0             65500                   My               WSS Certificate Web Service
    0.0.0.0             65520                   My
    0.0.0.0             8172                    MY
    192.168.254.101     62000                   MY               Default Web Site
    fd32:a259:458:1:0:5 62000                   MY               Default Web Site
    efe:192.168.254.101
    fd32:a259:458:3333: 62000                   MY               Default Web Site
    :1
    

    Wednesday, January 15, 2014 7:22 PM
  • I checked the logs 

    Take a backup of IIS 

    Open Command prompt with admin credentials. Change the directory to C:\Windows\System32\Inetsrv 

    Run the command

    Appcmd add backup "Name of Backup"

    Or manually copy the web.config file to a different location. 

    We can check the Web.config file in the path "C:\Program Files\Windows Server\Bin\WebApps\CertWebService\", find for "%SBSPRODUCTBINPLACEHOLDER%". If we have these entries please replace them with the absolute path which is "C:\Program Files\Windows Server\Bin"



    This post is "AS IS" and confers no rights. Mohammed Sabir [MSFT]

    Wednesday, January 15, 2014 7:24 PM
  • Mohammed,

    I've done that, the problem still persists.

    One thing I do notice - none of the dlls referenced in the web.config file are actually located in C:\Program Files\Windows Server\Bin.

    Does this mean something needs to be reinstalled? If so, what?

    Regards,

    mike

    Thursday, January 16, 2014 6:42 AM
  • No it just means you are using 2012, not 2012 R2.

    Do you have any systems joined correctly? Do they show up in the dashboard correctly?


    Robert Pearman SBS MVP
    itauthority.co.uk | Title(Required)
    Facebook | Twitter | Linked in | Google+

    Thursday, January 16, 2014 10:05 AM
    Moderator
  • Can you let me know the path of the Dlls

    It would be nice if you can upload the copy of web.config I will compare it with my box and update you.


    This post is "AS IS" and confers no rights. Mohammed Sabir [MSFT]

    Thursday, January 16, 2014 4:08 PM
  • web.config

    Oh, and Robert Pearman is right - the server is running 2012, not 2012 R2.

    Thursday, January 16, 2014 11:10 PM
  • The server is definitely Server 2012 Essentials, not 2012 R2.

    At the moment, no systems are joined correctly, as in via the Connect webpage. I've joined the client machines (all Win 7 Pro) to the domain through the advanced system settings on the client, so they can use domain resources, but no-one is showing up on the dashboard.

    Thursday, January 16, 2014 11:18 PM

  • I have modified the file based on my box and uploaded it. Please make a copy of your existing web.config and replace the one which I have uploaded. 

    Restart the IIS and then try to run the connect software.



    This post is "AS IS" and confers no rights. Mohammed Sabir [MSFT]

    Friday, January 17, 2014 4:15 PM
  • I signed in just to vote on this.

    I searched for weeks off and on trying to find a resolution.
    Connector would not run.

    I followed every KB article and could find everywhere. Once following this procedure on the connector started working

    Wonderful, thanks!!!

    Monday, April 20, 2015 1:48 PM
  • I had the same problem - the ComputerConnector sees the server then prompts for username and passwort and then tells me that Server is unavailable

    I ran BPA scan for Server Essentialsand it told me that WSS site have the certificate with the incorrect sitename

    I opened IIS console, navigated to WSS Certificate site and installed the cert in Bindings menu. It is the same short-DNS-name certificate that the default site uses.

    I re-checked with BPA scan - the warning gone away - so the certificate i installed was correct.

    It helped in my case, the ComputerConnector worked as expected.

    Friday, July 29, 2016 1:10 PM