Install a New SCCM Management Point Role | ConfigMgr

Let’s see how to Install a New SCCM Management Point site system. SCCM Management Point (MP) provides client devices policy and service location information. In this post, you shall learn how to install a New Management Point Role.

This post provides more information about using management point site system roles. The MP role is installed on the site server when you install a new primary or secondary site.

ConfigMgr Primary sites support multiple instances of this role. Secondary sites help a single management point. A secondary site management point is a proxy management point because it gets all the policy and other information from the primary server DB.

The MPSetup.log, MPcontrol.log, and IIS logs (located at W3SVC1) have always been best friends when troubleshooting MP-related issues.

Patch My PC

sccm mp internal server error is called httpsendrequestsync failed port 80 status code 500. FIX SCCM Management Point Issues Internal Server Error 500.

Index
What is SCCM Management Point
Management Point Prerequisites
Add Site Server Account to Install a New SCCM Management Point Role
Add New Management Point Role | ConfigMgr
Select Site System Role
IIS Validation for MP Installation
MP Logs Verification
MPSETUP.LOG
mpMSI.log
MPControl.log
Install a New SCCM Management Point Role | ConfigMgr – Table.1

What is SCCM Management Point

A management point provides policy and content location information to clients and receives configuration data from them. The SCCM clients use a service location process to locate site system servers. SCCM clients can communicate with these servers.

Adaptiva

SCCM clients can initiate the service location process with domain and network configurations, such as Active Directory Domain Services and DNS.

The Management selection process happens from the client side. The client shall get the MP details from the Active Directory using the System Management Container.

The latest versions of SCCM have configurations like preferred management points (MPS). Preferred MPS are management points from a client’s assigned site.

You can configure preferred MPs using boundary groups. SCCM Preferred Management Points and Selection Criteria are also explained in that post.

Install a New SCCM Management Point Role | ConfigMgr - Fig.1
Install a New SCCM Management Point Role | ConfigMgr – Fig.1

Management Point Prerequisites

You need to confirm the operating system support for the SCCM Management Point installation. The following are some of the other prerequisites of SCCM MP.

  • Windows Server roles and features
    • BITS Server Extensions or Background Intelligent Transfer Services (BITS)
  • .NET Framework
    • .NET Framework version 4.5 or later
    • .NET Framework 4.8 (ConfigMgr 1906 or later)
  • IIS configuration
    • Application Development:
      • ISAPI Extensions
    • Security:
      • Windows Authentication
    • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
  • SQL Server Native Client

More details about SCCM Management Point prerequisites.

Add Site Server Account to Install a New SCCM Management Point Role

Ensure your site server has administrative privileges on the remote management point server before starting the activity.

  • Add Site Server Computer account to MP server’s local administrator’s Group.
Install a New SCCM Management Point Role | ConfigMgr - Fig.2
Install a New SCCM Management Point Role | ConfigMgr – Fig.2

Add New Management Point Role | ConfigMgr

You can install the Management point from the Configuration Manager console. The following are the steps to install SCCM MP on a Windows server.

You want to install remote Management points and a new site system server, following the steps.

NOTE! – When you already have a remote site system server and want to install remote MP on the already existing SCCM site system, you can skip the following two steps.

Navigate \Administration\Overview\Site Configuration\Sites. Right-click on the site server and select Create Site System Server.

Install a New SCCM Management Point Role | ConfigMgr - Fig.3
Install a New SCCM Management Point Role | ConfigMgr – Fig.3

Enter remote Management Point (MP) server FQDN and click next.

Install a New SCCM Management Point Role | ConfigMgr - Fig.4
Install a New SCCM Management Point Role | ConfigMgr – Fig.4

Navigate \Administration\Overview\Site Configuration\Servers and Site System Roles. Select the Site System server and Right Click on the server – Select Add Site System Roles.

Install a New SCCM Management Point Role | ConfigMgr - Fig.5
Install a New SCCM Management Point Role | ConfigMgr – Fig.5

Click NEXT to continue.

Install a New SCCM Management Point Role | ConfigMgr - Fig.6
Install a New SCCM Management Point Role | ConfigMgr – Fig.6

Select Site System RoleInstall a New SCCM Management Point Role

Click NEXT on the proxy configuration page. Proxy is not required for this Management Point (MP) setup. Select the Management Point option and click the NEXT button.

Install a New SCCM Management Point Role | ConfigMgr - Fig.7
Install a New SCCM Management Point Role | ConfigMgr – Fig.7

Specify Management Point Settings- The management point provides clients with policy and content location information and receives client configuration data.

  • Select either HTTP or HTTPS client connections as per your requirement

NOTE! – For HTTPS configuration of Management Point – Set up HTTPS MP SUP SCCM Site Systems.

Install a New SCCM Management Point Role | ConfigMgr - Fig.8
Install a New SCCM Management Point Role | ConfigMgr – Fig.8

Specify Management Point Database Settings – Select Use the site database.

Select the Management Point Connection Account. This Account connects the management point to the SQL Server database.

  • Select Use the computer account.
  • Click NEXT to continue.
Install a New SCCM Management Point Role | ConfigMgr - Fig.9
Install a New SCCM Management Point Role | ConfigMgr – Fig.9

Click NEXT and NEXT and CLOSE to complete the new management point creation process.

Install a New SCCM Management Point Role | ConfigMgr - Fig.10
Install a New SCCM Management Point Role | ConfigMgr – Fig.10

IIS Validation for MP Installation

The IIS component is critical for SCCM Management Point. The client can’t communicate with MP if IIS is down, and the MP installation will fail if IIS is not working on the server. For more details on SCCM IIS configurations, click here.

You can launch IIS from Server Manager -> Tools -> Internet Information Services (IIS) Manager. The following are the entries created during the ConfigMgr Management Point creation.

  • CcmSystemVDirName = CCM_System
  • CcmSystemRegVDirName = CCM_System_WindowsAuth
  • CcmSystemAltAuthVDirName = CCM_System_AltAuth
  • CcmSystemTokenAuthVDirName = CCM_System_TokenAuth
  • CcmSecurityTokenServiceVDirName = CCM_STS
  • CcmUserServiceVDirName = CMUserService
  • CcmUserServiceWinAuthVDirName = CMUserService_WindowsAuth
Install a New SCCM Management Point Role | ConfigMgr - Fig.11
Install a New SCCM Management Point Role | ConfigMgr – Fig.11

MP Logs Verification

The logs are important to validate the New Management Point installation in any SCCM | ConfigMgr| MEMCM | MECM environment. For more details, see SCCM Logs.

  • MPSetup.log (MP Install and Reinstall status)
  • mpMSI.log (MP MSI setup login for advanced troubleshooting)
  • mpcontrol.log (To confirm whether MP is working fine and whether clients can communicate with MP or not)

MPSETUP.LOG

The following are some of the sample entries of MPSETUP.log:

Installing pre-req using command line "C:\Program Files\Microsoft Configuration Manager\CMUClient\ccmsetup.exe" /UpgradeWithServer:mp
Pre Req SqlNativeClient is already installed. Skipping it.
======== Completed Installation of Pre Reqs for Role SMSMP ========
Installing the SMSMP
Passed OS version check.
IIS Service is installed.
No versions of SMSMP are installed.  Installing new SMSMP.
Enabling MSI logging.  mp.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\mpMSI.log
Installing C:\Program Files\Microsoft Configuration Manager\bin\x64\mp.msi CCMINSTALLDIR="C:\Program Files\SMS_CCM" CCMSERVERDATAROOT="C:\Program Files\Microsoft Configuration Manager" USESMSPORTS=TRUE SMSPORTS=80 USESMSSSLPORTS=TRUE SMSSSLPORTS=443 USESMSSSL=TRUE SMSSSLSTATE=1024 CCMENABLELOGGING=TRUE CCMLOGLEVEL=1 CCMLOGMAXSIZE=1000000 CCMLOGMAXHISTORY=1
mp.msi exited with return code: 0
Installation was successful.
~RoleSetup().

mpMSI.log

The following are some of the log snippets from mpMSI.log.

INSTALLLEVEL = 1
CcmAdministratorsGroupName = Administrators
CcmUsersGroupName = Users
CcmCreatorOwnerAccountName = CREATOR OWNER
PrimaryVolumePath = C:
SOURCEDIR = C:\Program Files\Microsoft Configuration Manager\bin\x64\
SourcedirProduct = {5111B577-B25C-4C45-8938-4D6319E6B672}
LASTSTATESERIALNUM = 0
CCMHTTPSSTATE = 224
ProductToBeRegistered = 1
CCMHTTPSPORT = 443
CCMHTTPPORT = 80
NOTIFYONLY = FALSE
MSI (s) (94:F4) [06:07:08:915]: Note: 1: 1707 
MSI (s) (94:F4) [06:07:08:915]: Product: ConfigMgr Management Point -- Installation operation completed successfully.
MSI (s) (94:F4) [06:07:08:917]: Windows Installer installed the product. Product Name: ConfigMgr Management Point. Product Version: 5.00.8953.1000. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
Install a New SCCM Management Point Role | ConfigMgr - Fig.12
Install a New SCCM Management Point Role | ConfigMgr – Fig.12

MPControl.log

The following log file entries confirm that MP works fine after the new installation process. The status code 200 is one of the lines you shall look into.

Successfully performed Management Point availability check against local computer.~  $$<02-16-2020 06:28:21.469-330>
SSL is not enabled.  $$<02-16-2020 06:28:21.471-330>
Using thread token for request  $$<02-16-2020 06:28:21.475-330>
Call to HttpSendRequestSync succeeded for port 80 with status code 200, text: OK  $$<02-16-2020 06:28:21.489-330>
Http test request succeeded.~  $$<02-16-2020 06:28:21.490-330>
STATMSG: ID=5465 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_MP_CONTROL_MANAGER" SYS=SCCMTP2.INTUNE.COM SITE=TP4 PID=8148 TID=8564 GMTDATE=Sun Feb 16 00:58:21.492 2020 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0  $$<02-16-2020 06:28:21.492-330>
Successfully performed User Service availability check against local computer for /CMUserService_WindowsAuth/applicationviewservice.asmx.~  $$<02-16-2020 06:28:21.496-330>

Resources

We are on WhatsApp. To get the latest step-by-step guides and news updates, Join our Channel. Click here –HTMD WhatsApp.

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is a Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

8 thoughts on “Install a New SCCM Management Point Role | ConfigMgr”

  1. Hi,

    I am currently on MECM 2002 and completed a fresh install with a stand alone MECM 2002 Server (which contains all the MECM roles) and a database on a separate server.

    I dont see the SMS_CCM folder in C:\Program Files is this normal or how do I get this folder to install. I have tried uninstalling and reinstall the MP and it still doesnt create this folder.

    Another issue I am seeing reported in the logs is:

    I am running https for my MP.

    In the mpcontrol.log it is giving the below error:

    Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
    Http test request failed, status code is 401, ‘Authentication failed’.

    SMS_MP_CONTROL MANAGER is showing:
    MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

    I am able to access https:///SMS_MP/.SMS_AUT?MPLIST without any issues
    I am am having issues accessing: http:///SMS_MP/.SMS_AUT?MPLIST

    Your guidance is much appreciated.

    Reply
  2. I have uninstalled the mp role and the reinstalled the mp role. But issue still occurs and the weird thing is the MP seems to be working without issue.

    Can I confirm is the SMS_CCM role required if the MP is installed on a Primary (Standalone Server)?

    Should http:///SMS_MP/.SMS_AUT?MPLIST be accessible if it is a https management point?

    In the log it says:

    MSI (s) (F4:BC) [12:34:56:266]: PROPERTY CHANGE: Modifying CCMINSTALLDIR property. Its current value is ‘C:\Program Files\SMS_CCM’. Its new value: ‘C:\Windows\CCM\’.

    Thanks again

    Reply
      • Thanks heaps you are awesome. I have been able to get the SMS_CCM folder now on my Primary Server. Reason was that sccm client was installed on the server and after uninstalling it and reinstalling the MP the folder came back.

        I however am still getting a 401 error in the mpcontrol.log it is giving the below error:

        Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
        Http test request failed, status code is 401, ‘Authentication failed’.

        On the SMS_MP_CONTROL MANAGER is showing:
        MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

        On the SECM Server I am able to browse to:
        I am able to access http:/// and https:///

        But on the MP:
        I am able to access https:///SMS_MP/.SMS_AUT?MPLIST without any issues

        I am am having issues accessing: http:///SMS_MP/.SMS_AUT?MPLIST the error that comes up when browsing to it is “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.”

        Considering that my Management point is running https can the error above be ignored or is there a location that I need to add permission to stop this error from occurring?

        Thanks heaps.

  3. Anoop you are awesome. I was able to get the SMS_CCM folder now and issue was to do with SCCM Client being installed. Removing it and reinstalling MP in solve that issue.

    The weird thing is that I am still getting a 401 error. In the mpcontrol.log it is giving the below error:

    Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
    Http test request failed, status code is 401, ‘Authentication failed’.

    SMS_MP_CONTROL MANAGER messaging is showing:
    MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

    I am able to to browse to:

    https:///SMS_MP/.SMS_AUT?MPLIST

    But I am not able to browse to:
    http:///SMS_MP/.SMS_AUT?MPLIST and when I browse to it I am getting the error message: “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.”

    I am also able to browse to https:// and http:// hence I believe IIS is working correctly.

    My Management point is running https and clients are running https only.

    Thanks heaps

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.