So, after I heard the great news that Configuration Manager 2007 SP2 would release at the same time that Windows 7 went retail I was of course very excited! I promised myself that I would do the upgrade when I got home, but first I had to finish my work day. I received a phone call from a customer who had also been excited about the SP2 upgrade, and of course the possibility to start deploying Windows 7. Unfortunately this customer had already experienced trouble with the upgrade process for ConfigMgr 2007 SP2.
Firstly, the setup for the upgrade had given some error messages:
==================== <<10-23-2009 09:12:43>> ====================
Back up customizable files: Completed
Create and initialize site database: Completed
Transfer files: Completed
Install SMS provider components: Completed
Register controls: Completed
Upgrade inboxes: Completed
Upgrade site control file: Completed
Initialize Configuration Manager site: Completed
Install site component manager: Completed
Update default boot image packages: Completed
Create program group: Completed
Install Configuration Manager services (site component manager): Completed
Install component monitor: Completed
Install SMS executive: Completed
Install database notification monitor: Completed
Install site control manager: Completed
Install hierarchy manager: Completed
Install inbox manager: Completed
Install policy provider: Completed
Install MP control manager: Unknown
Install management point: Unknown
As you can see there was a problem upgrading the Management Point in this particular site. I checked the setup log:
<10-23-2009 08:14:10> Adding Boot Image Packages…
<10-23-2009 08:14:15> Attempting to export x86 boot image from WAIK installation source
<10-23-2009 08:26:08> Attempting to create x86 default boot image from \\<site>\SMS_<code>\osd\boot\i386\boot.wim
<10-23-2009 08:31:57> Successfuly created Boot image (x86)
<10-23-2009 08:31:59> Attempting to export x64 boot image from WAIK installation source
<10-23-2009 08:39:49> Attempting to create x64 default boot image from \\<site>\SMS_<code>\osd\boot\x64\boot.wim
<10-23-2009 08:45:43> Successfuly created Boot image (x64)
<10-23-2009 08:47:17> Failed to update the non-default boot image: \\<site>\root\sms\site_<code>:SMS_BootImagePackage.PackageID=”<code>00067″. Error code 0×80041001
<10-23-2009 08:48:54> Failed to update the non-default boot image: \\<site>\root\sms\site_<code>:SMS_BootImagePackage.PackageID=”<code>00068″. Error code 0×80041001
<10-23-2009 08:48:54> Attempting to delete legacy SMS program groups
<10-23-2009 08:48:54> Failed to delete program group C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Systems Management Server with error 2
<10-23-2009 08:48:54> Attempting to delete Configuration Manager 2007 sub-program group
<10-23-2009 08:48:54> Attempting to delete Microsoft System Center program group
<10-23-2009 08:48:54> Creating directory C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center
<10-23-2009 08:48:54> CreateDirectory for C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center returned: 1
<10-23-2009 08:48:54> Creating directory C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center\Configuration Manager 2007
<10-23-2009 08:48:54> CreateDirectory for C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft System Center\Configuration Manager 2007 returned: 1
<10-23-2009 09:10:12> Begin monitoring – SMS_MP_CONTROL_MANAGER.
<10-23-2009 09:10:12> Timed out monitoring.
<10-23-2009 09:10:12> End monitoring – SMS_MP_CONTROL_MANAGER.
<10-23-2009 09:10:12> Begin monitoring – SMS Management Point.
<10-23-2009 09:10:12> Timed out monitoring.
<10-23-2009 09:10:12> End monitoring – SMS Management Point.
It seems that the new WinPE 3.0 boot images did not manage to upgrade the older 2.1 boot images, and this was in addition to the problems with the Management Point. Since I know that the Management Point is installed with the MP.msi file, I checked the MPmsi.log to see if that would give me some more information, but it simply stated that the Management Point did not install successfully. We did tried to repair the MP by running the MP.msi file from the bin directory in ConfigMgr install dir. The repair failed, and the MSI rolled back the changes.
At this point I checked the ConfigMgr Component Status, and of course the SMS_MP_CONTROL_MANAGER component had status ‘Unknown’. At this point I usually remove and reinstall the site role in question, so I tried uninstalling the MP and then reinstalling. No luck, and still the same errors. I checked the SMS_MP_CONTROL_MANAGER error log and got this message:
Message ID: 4963
MP Control Manager detected MPsetup has failed to create the CCM_Incoming Virtual Directory.
Possible cause: The IIS IWAM account has expired, been disabled, or has invalid or too restrictive logon hours. You may verify this information by running the net user command line for the IWAM account. (i.e.: “net user IWAMMachineName)
Solution: Use the output to verify that the account is enabled, and logon is possible during the time of installation. Note: You can use “net user” to modify the account properties.
Possible cause: The IIS IUSR account has expired, been disabled, or has invalid or too restrictive logon hours. You may verify this information by running the net user command line for the IUSR account. (i.e.: “net user IWAMMachineName)
Solution: Use the output to verify that the account is enabled, and logon is possible during the time of installation. Note: You can use “net user” to modify the account properties.
Possible cause: The Default Web Site is disabled in IIS.
Solution: Verify that the Default Web Site is enabled, and functioning properly.
This immediately led me to believe this was an IIS issue, and as the error message indicates there could be an issue with access rights. I checked the account mentioned against another SCCM site and quickly realized they were not present on either one of the sites. I also checked the Default Web Site to see if it was in fact disabled, but it wasn’t.
We finally decided to reinstall IIS to see if this would clear up and perhaps reset the environment so it would fix the problems with the Virtual Directory creation. So we stopped all the SMS services and uninstalled IIS, and when we started the re-install everything failed miserably. We were presented with these errors:
Web Server (IIS): Installation failed
Attempt to install IIS 6 Metabase Compatibility failed with error code 0×80070643. Fatal error during installation
Attempt to install IIS Management Console failed with error code 0×80070643. Fatal error during installation
Attempt to install Static Content failed with error code 0×80070643. Fatal error during installation
Attempt to install HTTP Errors failed with error code 0×80070643. Fatal error during installation
Attempt to install Default Document failed with error code 0×80070643. Fatal error during installation
Attempt to install Request Monitor failed with error code 0×80070643. Fatal error during installation
Attempt to install Directory Browsing failed with error code 0×80070643. Fatal error during installation
Attempt to install Static Content Compression failed with error code 0×80070643. Fatal error during installation
Attempt to install Request Filtering failed with error code 0×80070643. Fatal error during installation
Attempt to install Windows Authentication failed with error code 0×80070643. Fatal error during installation
Attempt to install HTTP Logging failed with error code 0×80070643. Fatal error during installation
Attempt to install ISAPI Filters failed with error code 0×80070643. Fatal error during installation
Attempt to install ISAPI Extensions failed with error code 0×80070643. Fatal error during installation
Attempt to install .NET Extensibility failed with error code 0×80070643. Fatal error during installation
Attempt to install ASP.NET failed with error code 0×80070643. Fatal error during installation
At this point we began to be mildly frustrated. Not only had the SP2 upgrade messed up our MP, but it had possibly also messed up our IIS install beyond repair. Luckily, we came across this forum post, explaining a way to get around this issue. Apparently the Windows Process Activation service configuration can become corrupted if IIS setup is interrupted either on uninstall or install, and thus this service must be uninstalled before reinstalling IIS.
We went right ahead and uninstalled WAS and then reinstalled IIS. Success! After IIS was reinstalled we tried to reinstall our MP, and wouldn’t you know it, success also here! We tried to launch a PXE boot, and WinPE successfully got the task sequences presented. We had finally fixed the broken Management Point some 5 to 6 hours later.
Note: As I mentioned earlier, the SP2 upgrade also failed to update the WinPE boot images, and this actually resulted in two new WinPE boot images in the SCCM site. This meant that we had to reassign the Task Sequences to the new WinPE image, and also that all the drivers that were originally injected into the old boot images had to be injected a second time into the new boot images. Quite a hassle to be honest, but normally the SP2 setup should do this automatically using the Windows Automated Installation Kit (WAIK).
In conclusion, if you have trouble with your Management Point after the SP2 upgrade (updated with detailed steps and info regarding WSUS, credits to Jose Orellana):
- Stop SCCM services (i.e. SMS_EXECUTIVE, SMS_SERVER_LOCATOR_POINT, etc)
- Remove SMS Management, Software Updates and Reporting Point roles
- Uninstall WSUS 3.0 SP2 (don’t remove updates, logs, and WSUS database)
- Remove the Windows Process Activation Service feature (it will remove IIS)
- Reboot server
- Stop SCCM services
- Reinstall IIS, required IIS role services by SCCM, and required features (BITS Server Extensions and Remote Differential Compression)
- Reboot
- Reinstall WSUS 3.0 SP2
- Reboot
- You might need to repair or reinstall the WebDAV extensions for IIS
- Reinstall SCCM Management, Reporting, and Software Updates Point roles.
- Checked mpMSI.log and MPSetup.log and reboot was required
- Optional: if your boot images are not updated, reassign your Task Sequences to use the new ones and inject the right drivers into them.
NOTE: If your SCCM site is in Native mode you need to remember to configure your SSL-certificate for the IIS SSL bindings (HTTPS for whatever port you are using).
about 10 months ago
Thanks for this blog. I spend 6 hrs troubleshooting this problem. Very disappointed! I was geeting exactly the error described on this article. On my case the boot wim files were updated, and since I also had the Software Updates Point role installed, I had to remove it and also removed WSUS 3.0 SP2. So in summary:
1. Stop SCCM services (i.e. SMS_EXECUTIVE, SMS_SERVER_LOCATOR_POINT, etc)
2. Remove SMS Management, Software Updates and Reporting Point roles
3. Uninstall WSUS 3.0 SP2 (don’t remove updates, logs, and WSUS database)
4. Remove the Windows Process Activation Service feature (it will remove IIS)
5. Reboot server
6. Stop SCCM services
7. Reinstall IIS, required IIS role services by SCCM, and required features (BITS Server Extensions and Remote Differential Compression)
8. Reboot
9. Reinstall WSUS 3.0 SP2
10. Reboot (Noticed a restart message on the Application log)
11. Reinstall SCCM Management, Reporting, and Software Updates Point roles.
12. Checked mpMSI.log and MPSetup.log and reboot was required
about 10 months ago
Thanks for the info regarding WSUS and the detailed steps. I wrote this a couple of days after I had the problem, so I didn’t remember them all. I will include it in the blog and give you credit.
about 10 months ago
Also not sure if you noticed this, but the WebDav Authoring Rules icon was not showing up when I launched the IIS console. I didn’t see any error reported on the SMS_SITE_COMPONENT_MANAGER, but did a repair of WebDav anyways. Then checked IIS and the WebDav icon showed up and the initial rules that I set when I first installed SCCM were still there.
about 10 months ago
Actually I noticed something simliar. However repairing the WebDAV extensions did not work for me, so I just uninstalled and reinstalled them.
On another note, if your site is in Native mode, remember to configure the SSL certificate to the IIS bindings (HTTPS, 443).
Thanks for the heads up, I’ll mention it.
about 10 months ago
Thanks for this info. I had the same problem and I was about to reinstall IIS but I don’t think reinstalling WSUS would have crossed my mind.
about 10 months ago
Just remove and re-add bits features. This fixed my server.