August 2008 - Posts
This document is designed to provide an overview of sample hardware configurations used in stress and scale testing for different size environments. Additionally, it answers common questions about planning and configuring for optimal performance in Configuration Manager 2007.
http://download.microsoft.com/download/4/b/9/4b97e9b7-7056-41ae-8fc8-dd87bc477b54/Sample%20Configurations%20and%20Common%20Performance%20Related%20Questions.pdf
What you gonna a do if you are getting following error in execmgr.log
OnContentAvailable program ProgramName NOT available, 0x80091007 Fatal error 0x80008602 encountered for program ProgramName. This program will not retry.
The problem because of hash mismatch. I referred KB artical http://support.microsoft.com/kb/907979 but upating Distribution point didnt solved my problem.But yes the 2nd method listed below from KB artical solved my problem.
1. Use an account that has administrative credentials to log on to a computer that is acting as the SMS distribution point.
2. Click Start, point to Administrative Tools, and then click Internet Information Services (IIS) Manager.
3. Expand the name of the server that is running IIS, expand Web Sites, expand Default Web Site, right-click SMS_DP_SMSPKGC$, and then click Properties.
4. On the Virtual Directory tab, make sure that the Directory Browsing option is turned on, and then click OK.
5. Repeat step 4 for each package subfolder in the SMS_DP_SMSPKGC$ virtual directory.
what if you are getting following warning message in SMS_Status_Manager Component with Message ID 1215?
SMS Status Manager received a status message reported by component "Advanced Client" running on computer "<server name >", and the time stamp on the message is more recent than the current system time on the site server. Possible cause: The system clock on computer "<server name>" is 32192 or more seconds ahead of the site server's system clock.Solution: Synchronize the system clock of computer "<server name>" with the site server's system clock. Please refer to your Windows NT Server documentation or the Microsoft Knowledge Base for further information. SMS Status Manager will process status messages with improper time stamps when the site server's system clock surpasses the improper time stamps. For example, this status message will not be processed for 32192 seconds. SMS Status Manager will continue to report this problem every 24 hours until you fix it. SMS Status Manager will not report this problem if the system clock of computer "<server name >" is less than 300 seconds ahead of the site server's system clock. This interval is configurable in the SMS site control file. Please refer to the Microsoft Knowledge Base for further information.
Please follow the steps below
1) Go to status filter rule.
2) Create the rule as given below in the figures below
Note:- This behavior only occurs when the computer is using this particular runtime library when the transition date (the day we change to Daylight Saving Time) falls on the first day of the month. For more details please go through http://support.microsoft.com/kb/295450
In my environment some X64 bit servers were not scanning for
ITMU. When I was tried to troubleshooting the servers, I was not able to lookup
CCM folder in system32 and System Management Icon in control panel but I was
able to see SMS agent host service.
After some digging I got to know following things
Where you will find the system management icon?
1) Go
to control panel. Click on view x86 control panel Icons
2) It
will open in new window and there you will find System management Icon
Where you will find CCM folder in x64 bit computer?
1) You
will find C:\WINDOWS\sysWOW64. In the same folder you will find VPcache folder.
If MPControl.log file throwing error “http verification .sms_aut (<Port number>) failed with status code 503, service unavailable” then check for your IIS application pool. SMS management point pool and CCM server framework pool might have stopped.
For resolution please check site server’s for Netlogon service is stopped or not.
Note: - After installing June 08 patches Netlogon service was stopped on some of the SMS secondary site which causes proxy management point stops working. Starting of Netlogon service solved our problem.
Management points need to authenticate to the clients to prevent attackers from inserting unauthorized management points and redirecting clients to them. When a management point is created, it creates a certificate to be used for signing. The certificate is self-signed and is valid for 99 years. It is created and stored in the certificate store on the management point.When the Advanced Client receives a message from the management point, the client uses one of two ways to verify that the message came from a valid management point. The message can be verified using Active Directory or the trusted root key.If the AD schema has not been extended and SMS does not have permissions to publish to Active Directory, the Advanced Clients switch to an alternate method to verify the authenticity of the management point and its certificate. Each primary site server generates a trusted root key. If the primary site is joined to a parent site, it eliminates its own trusted root key and instead trusts the trusted root key of the parent site. The function of the trusted root key is similar to a root certificate in a public key infrastructure. By signing the management point certificates with the private key of the trusted root key pair, and by making a copy of the public key of the trusted root key pair available to the Advanced Clients, clients can differentiate between valid management points and unauthorized management points. Advanced Clients require only the trusted root key if the Active Directory schema is not extended for SMS. The trusted root key is stored in WMI in the root\ccm\locationservices directory.
If the Advanced Client has the wrong trusted root key then it will throw following errors in CertificateMaintaince.log and locationservices.log
In my environment many of workgroup clients was giving above errors and so they are not reporting H/W inventory (Reporting to MP through Proxy management point)I tried to Manually Transferring Site Keys but I didn’t get any success and "removing of Key information" by running CCMSetup with the RESETKEYINFORMATION switch on many numbers of clients was not possible for me. Reinstalling of secondary site and reinstalling proxy management point solved my problem. And the clean log looks like this
The reason why problem has been resolved? (When a new management point is created, its self-signed certificate is saved to a location in the registry. Site component manager collects the certificate from the registry and sends its certificate to its site server. If its site server is not the central site, the certificate is passed up through the hierarchy until it arrives at the central site where the trusted root key is kept. The central site server signs the management point’s certificate with the trusted root key and sends it back down through the hierarchy to the management point, along with a copy of the trusted root key. When the management point receives the copy of the trusted root key, it signs the trusted root key with its own private key.)
For Better understanding please go through SMS Certificate Infrastructure