Trevor, To confirm that the client is "truly" communicating with IIS on the MP - from the MP -, go to and open <Inetpub>\Logs\W3SVC1\<most recent logfile>. Starting from the bottom, look for lines with the vidr/URL entry like CCM_System_WindowsAuth/Request.
Most likely you're going to see 401 (unauthorized access) entries/return codes. That's telling you that the client is trying to register (and is able to communicate with the MP), but the MP is not authorizing the registration request. I think what you're seeing is an authentication issue, where the client being built is not trusted by the MP because it (the client) is in a Workgroup. By default, that vdir only has Windows Authentication (trusted/domain-joined) enabled...For kicks, configure the Authentication property of the vdir above to enable Anonymous Authentication. If the client still does not get registered with Anonymous enabled, then if you have AD Sites as boundaries, trying changing them to IP ranges instead. Troy L. Martin | Principal Consultant 1E | Empowering Efficient IT US Mobile: +1 678-898-6147 UK Mobile : +44 758 530 0940 [email protected]<mailto:[email protected]> | www.1e.com<http://www.1e.com/> Facebook<http://www.facebook.com/1eglobal> | Twitter<https://twitter.com/1e_global/> | YouTube<http://www.youtube.com/1enews> | Blogs<http://blogs.1e.com/> | RSS<http://blogs.1e.com/index.php/feed/> Please consider the environment before printing this e-mail From: [email protected] [mailto:[email protected]] On Behalf Of Trevor Sullivan Sent: Friday, November 1, 2013 5:51 PM To: [email protected] Subject: RE: [mssms] ConfigMgr 2012 SP1 CU3: OSD Client fails to communicate with MP Andrew, Thanks for the response. Yes, I was aware that the SLP is still configured in the registry. I did verify that it was being configured, as long as I specified the SMSMP client installation property in the Setup Windows and ConfigMgr step. I believe that the SMSSLP registry value was left blank if I did not specify SMSMP. Here's the PowerShell command to verify the SMSSLP value: (Get-ItemProperty -Path HKLM:\Software\Microsoft\CCM -Name SMSSLP).SMSSLP; Even with the SMSSLP registry value configured, the workgroup client fails automatic site assignment in the full operating system. Another symptom I noticed was in the CIDownloader.log file. I think you're on to something with the whole thing around CI-based task sequence items, but I still think the root cause is somehow related to client site assignment. GenerateDCMUrlPrefix failed (0x80004005). CIDownloaderJob({70F1A50C-CAE6-4021-8287-88876E5EDFFE}): DownloadPackages failed (0x80004005). CIDownloaderJob({70F1A50C-CAE6-4021-8287-88876E5EDFFE}): StartDownload failed (0x80004005). Cheers, Trevor Sullivan From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Craig Andrew (OIZ) Sent: Friday, November 1, 2013 11:06 AM To: [email protected]<mailto:[email protected]> Subject: AW: [mssms] ConfigMgr 2012 SP1 CU3: OSD Client fails to communicate with MP Hi Trevor, Yeah, I picked up on the point of the package working but not the application or updates. You're right, the variable doesn't apply pre-R2 and I also missed that you are running a B&C. Running training courses affects my brain. :) Still, it's interesting that just the CI based steps are failing. Did you know that although the SLP is deprecated in 2012, the entry still exists in the registry? I'm not exactly sure how it influences the client - I gave up on testing it because the benefits were not enough to justify the time. But I did notice that it affected the site assignment when I tried to remotely reassign the site of a client. Good luck anyway. Andrew Von: [email protected]<mailto:[email protected]> [mailto:[email protected]] Im Auftrag von Trevor Sullivan Gesendet: Freitag, 1. November 2013 14:57 An: [email protected]<mailto:[email protected]> Betreff: RE: [mssms] ConfigMgr 2012 SP1 CU3: OSD Client fails to communicate with MP Hello Andrew, Thanks for your response. I'm running a Build & Capture task sequence on a Lenovo ThinkPad T430, which does not have a SSD in it. Additionally, since I am running ConfigMgr 2012 SP1 CU3, I do not have the SMSTSMPListRequestTimeout task sequence variable available to me. It looks like, based on the "How fast are SSDs?" thread that, that variable is only available in ConfigMgr 2012 R2. While I'm not entirely ruling out the possibility that adding a "wait" might help things, on the other hand, I am seeing some error messages in the logs that indicate communication failures between the client and Management Point. These have me somewhat concerned. I'm going to test out with a 60 second wait, and see what happens. FYI: This is a build & capture task sequence. The computer never touches Active Directory. Cheers, Trevor Sullivan From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Craig Andrew (OIZ) Sent: Friday, November 1, 2013 2:04 AM To: [email protected]<mailto:[email protected]> Subject: AW: [mssms] ConfigMgr 2012 SP1 CU3: OSD Client fails to communicate with MP Hi Trevor, Did you see the thread on How fast are SSDs? It sounds like a similar problem. The app step tries to run before the computer has registered on the domain. That would be why it doesn't look up AD and reverts to DNS (in the locationservices.log). Perhaps try using the SMSTSMPListRequestTimeout variable? Andrew The locationservices.log you posted doesn't show an attempt at AD lookup for site and unless you are using DNS lookup then it will fail if the computer has not yet logged on to the domain. The install package step is a little more resilient, and slower than install application (and software updates, both are based on CIs) Von: [email protected]<mailto:[email protected]> [mailto:[email protected]] Im Auftrag von Trevor Sullivan Gesendet: Donnerstag, 31. Oktober 2013 18:08 An: [email protected]<mailto:[email protected]> Betreff: RE: [mssms] ConfigMgr 2012 SP1 CU3: OSD Client fails to communicate with MP For what it's worth, if I use an "Install Package" task sequence step, that will execute successfully. However, once it hits the "Install Application" or "Install Software Updates" steps, it fails. Cheers, Trevor Sullivan From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Trevor Sullivan Sent: Wednesday, October 30, 2013 11:24 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] ConfigMgr 2012 SP1 CU3: OSD Client fails to communicate with MP Daniel, I tried using nothing in the "Setup Windows and ConfigMgr" client installation properties, but right now I've got the following: PATCH="%_SMSTSMDataPath\Packages\<PackageID>\hotfix\NameOfCU364-bitPatch.msp" SMSDIRECTORYLOOKUP=NOWINS FSP=sccm01.mydomain.com SMSMP=sccm01.mydomain.com [removed because it didn't resolve the issue] Cheers, Trevor Sullivan From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Daniel Ratliff Sent: Wednesday, October 30, 2013 4:10 PM To: [email protected]<mailto:[email protected]> Subject: RE: [mssms] ConfigMgr 2012 SP1 CU3: OSD Client fails to communicate with MP What does your setup windows and configmgr install switches look like? I have had to add the SMSMP to all my B&Cs to get it to work properly. Daniel Ratliff From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Trevor Sullivan Sent: Wednesday, October 30, 2013 4:42 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] ConfigMgr 2012 SP1 CU3: OSD Client fails to communicate with MP Hey guys, I've got a situation here, where I've got a ConfigMgr 2012 SP1 CU3 stand-alone Primary Site (no MDT integration) running atop Windows Server 2012 R2 and SQL Server Standard Edition 2012 Service Pack 1, and I'm trying to run a Windows 7 Enterprise SP1 Build & Capture task sequence on Lenovo ThinkPad T430 (don't have a VMware virtual machine readily available, unfortunately). It's pretty basic stuff. The Management Point is hosted on the Primary Site server, and the PXE-enabled Distribution Point (Server 2008 R2 SP1) is sitting in the local office, where the client is (but on a different subnet). An IP helper is being used to point the client subnet to the PXE server, which also hosts DHCP (requires DHCP option 60 to be configured to "PXEClient"). Here's what the Build & Capture task sequence looks like (based on the template): * Set a couple TS Variables * Format Disk * Apply OS Image (imported install.wim, not using OS installer) * Apply Windows Settings * Apply Network Settings * Apply Drivers (used Driver category to limit only wired NIC and SATA driver) * Setup Windows & ConfigMgr (includes CU3 patch via PATCH MSI property) * Install Application o <ERROR> At the <ERROR> point, I'm seeing that the client is not getting assigned to a Primary Site correctly, however the SMSSLP registry value is being set correctly. The client is most certainly inside an IP range Boundary that is a member of two different Boundary Groups: one for site assignment and one for content location. Check out the relevant log snippets below. Any thoughts on what's causing this? CertificateMaintenance.log Failed to verify signature of message received from MP using name <MP's FQDN> ClientAuth.log Error signing client message (0x80004005). LocationServices.log Sending Fallback Status Point message, STATEID='500'. Processing pending site assignment. Assigning to site 'abc' LSIsSiteCompatible : Verifying Site Compatibility for <abc> Retrieved lookup MP [sccm01.domain.COM] from Registry Attempting to retrieve lookup MP(s) from DNS DNS Suffix not specified No lookup MP(s) from DNS Retrieved lookup MP [sccm01.domain.COM] from Registry Attempting to retrieve lookup MP(s) from DNS DNS Suffix not specified No lookup MP(s) from DNS Attempting to retrieve site information from lookup MP(s) via HTTP Refreshing the Management Point List for site abc Policy disallows failing over to WINS. Refreshing trusted key information Persisting the management point authentication information in WMI Persisted Management Point Authentication Information locally Failed to verify message. Sending MP [sccm01.domain.com] not in cached MPLIST. MPLIST requests are throttled for 00:59:59 Failed to verify message. Sending MP [sccm01] not in cached MPLIST. MPLIST requests are throttled for 00:59:59 Failed to send site information Location Request Message to sccm01.domain.COM LSIsSiteCompatible : Failed to get Site Version from all directories Sending Fallback Status Point message, STATEID='608'. Client is not assigned to a site. Cannot get security settings. No security settings update detected. Client is not assigned to a site. Cannot get site signing cert. Client is not assigned to a site. Cannot refresh Local MP. Client is not assigned to a site. Cannot get portal info. Cheers, Trevor Sullivan The information transmitted is intended only for the person or entity to which it is addressed and may contain CONFIDENTIAL material. If you receive this material/information in error, please contact the sender and delete or destroy the material/information. ________________________________ DISCLAIMER: This is a PRIVATE AND CONFIDENTIAL message for the ordinary user of this email address. If you are not the intended recipient, please delete without copying and kindly advise us by e-mail of the mistake in delivery. NOTE: Regardless of content, this e-mail shall not operate to bind 1E to any order or other contract unless pursuant to explicit written agreement or government initiative expressly permitting the use of e-mail for such purpose.
