Install a New SCCM Management Point Role|ConfigMgr

8
Management Point SCCM

Configuration Manager|SCCM Management Point (MP) provides policy and service location information to clients client devices. In this post, you shall learn how to install a New Management Point Role.

The MP role installs on the site server when you install a new primary or secondary site. ConfigMgr Primary sites support multiple instances of this role. Secondary sites support a single management point.

Related Post FIX SCCM Management Point Issues Internal Server Error 500

NOTE! – A management point provides policy and content location information to clients. It also receives configuration data from clients.

Management Point Prerequisites

You need to confirm the operating system support for SCCM Management Point installation from here. The following are some of the other prerequisites of SCCM MP.

  • Windows Server roles and features
    • BITS Server Extensions or Background Intelligent Transfer Services (BITS)
  • .NET Framework
    • .NET Framework version 4.5 or later
    • .NET Framework 4.8 (ConfigMgr 1906 or later)
  • IIS configuration
    • Application Development:
      • ISAPI Extensions
    • Security:
      • Windows Authentication
    • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
  • SQL Server Native Client

More details about SCCM Management Point prerequisites.

Add Site Server Account

Make sure the your site server has administrative privileges on remote management point server before start of the activity.

  • Add Site Server Computer account to MP server’s local administrators Group
Administrators - Add Site Server
Administrators – Add Site Server
Altaro Office 365 Backup
Advertisement Altaro Office 365 Backup

Add New Management Point Role | ConfigMgr

You can install the Management point from Configuration Manager console. The following are the steps to install SCCM MP on a Windows server.

You want to install remote Management point and new site system server, then follow the steps.

NOTE! – When you already have remote site system server and want to install remote MP on the already existing SCCM site system, then you can skip following two steps.

  • Navigate \Administration\Overview\Site Configuration\Sites
  • Right click on site server and select Create Site System Server
 Create Site System Server - Management Point
Create Site System Server – Management Point
  • Enter remote Management Point (MP) server FQDN and click next
 Create Site System Server - Management Point
Select a server to use as a site system
  • Navigate \Administration\Overview\Site Configuration\Servers and Site System Roles
  • Select the Site System server and Right Click on the server – Select Add Site System Roles
Add Site System Roles
Add Site System Roles
  • Click NEXT to continue
Select a server to use as a site system
Select a server to use as a site system

Select Site System Role

  • Click NEXT on the proxy configuration page. Proxy is not required for this Management Point (MP) setup
  • Select Management Point option and click NEXT button
Specify roles for this server - Management Point
Specify roles for this server – Management Point
  • Specify Management Point Settings – A management point provides policy and content location information to clients. It also receives configuration data from clients
  • Select either HTTP or HTTPS client connections as per your requirement

NOTE! – For HTTPS configuration of Management Point – Setting up HTTPS MP SUP SCCM Site Systems.

Management Point Communication HTTP
Management Point Communication HTTP
  • Specify Management Point Database Settings – Select Use the site database
  • Select Management Point Connection Account – The Management Point Connection Account connects the management point to the SQL Server database
  • Select Use the computer account
  • Click NEXT to continue
MP Database Settings
MP Database Settings
  • Click NEXT and NEXT and CLOSE to complete the new management point creation process
Install a New SCCM Management Point Role|ConfigMgr 1

IIS Validation

The IIS component is the critical component for SCCM Management Point. The client can’t communicate with MP if IIS is down. The MP installation shall fail if the IIS is not working on the server. More details SCCM IIS configurations.

You can launch IIS from Server Manager -> Tools -> Internet Information Services (IIS) Manager. The following are the entries created during the ConfigMgr Management Point creation.

  • CcmSystemVDirName = CCM_System
  • CcmSystemRegVDirName = CCM_System_WindowsAuth
  • CcmSystemAltAuthVDirName = CCM_System_AltAuth
  • CcmSystemTokenAuthVDirName = CCM_System_TokenAuth
  • CcmSecurityTokenServiceVDirName = CCM_STS
  • CcmUserServiceVDirName = CMUserService
  • CcmUserServiceWinAuthVDirName = CMUserService_WindowsAuth
Install a New SCCM Management Point Role|ConfigMgr 2
IIS MP

Logs Verification

The logs are important to validate New Management Point installation in any of the SCCM|ConfigMgr|MEMCM|MECM environment. More details about SCCM Logs.

  • MPSetup.log (MP Install and Reinstall status)
  • mpMSI.log (MP MSI setup login for advanced troubleshooting)
  • mpcontrol.log (To confirm whether MP is working fine and clients are able to communicate with MP or not)

MPSETUP.LOG

The following some of the sample entries of MPSETUP.log:

Installing pre-req using command line "C:\Program Files\Microsoft Configuration Manager\CMUClient\ccmsetup.exe" /UpgradeWithServer:mp
Pre Req SqlNativeClient is already installed. Skipping it.
======== Completed Installation of Pre Reqs for Role SMSMP ========
Installing the SMSMP
Passed OS version check.
IIS Service is installed.
No versions of SMSMP are installed.  Installing new SMSMP.
Enabling MSI logging.  mp.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\mpMSI.log
Installing C:\Program Files\Microsoft Configuration Manager\bin\x64\mp.msi CCMINSTALLDIR="C:\Program Files\SMS_CCM" CCMSERVERDATAROOT="C:\Program Files\Microsoft Configuration Manager" USESMSPORTS=TRUE SMSPORTS=80 USESMSSSLPORTS=TRUE SMSSSLPORTS=443 USESMSSSL=TRUE SMSSSLSTATE=1024 CCMENABLELOGGING=TRUE CCMLOGLEVEL=1 CCMLOGMAXSIZE=1000000 CCMLOGMAXHISTORY=1
mp.msi exited with return code: 0
Installation was successful.
~RoleSetup().

mpMSI.log

The following are some of the log snippets from mpMSI.log.

INSTALLLEVEL = 1
CcmAdministratorsGroupName = Administrators
CcmUsersGroupName = Users
CcmCreatorOwnerAccountName = CREATOR OWNER
PrimaryVolumePath = C:
SOURCEDIR = C:\Program Files\Microsoft Configuration Manager\bin\x64\
SourcedirProduct = {5111B577-B25C-4C45-8938-4D6319E6B672}
LASTSTATESERIALNUM = 0
CCMHTTPSSTATE = 224
ProductToBeRegistered = 1
CCMHTTPSPORT = 443
CCMHTTPPORT = 80
NOTIFYONLY = FALSE
MSI (s) (94:F4) [06:07:08:915]: Note: 1: 1707 
MSI (s) (94:F4) [06:07:08:915]: Product: ConfigMgr Management Point -- Installation operation completed successfully.
MSI (s) (94:F4) [06:07:08:917]: Windows Installer installed the product. Product Name: ConfigMgr Management Point. Product Version: 5.00.8953.1000. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
LOGS
LOGS

MPControl.log

The following log file entries confirms that MP is working fine after the new installation process. The status code 200 is one of the line you shall look into.

Successfully performed Management Point availability check against local computer.~  $$<02-16-2020 06:28:21.469-330>
SSL is not enabled.  $$<02-16-2020 06:28:21.471-330>
Using thread token for request  $$<02-16-2020 06:28:21.475-330>
Call to HttpSendRequestSync succeeded for port 80 with status code 200, text: OK  $$<02-16-2020 06:28:21.489-330>
Http test request succeeded.~  $$<02-16-2020 06:28:21.490-330>
STATMSG: ID=5465 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_MP_CONTROL_MANAGER" SYS=SCCMTP2.INTUNE.COM SITE=TP4 PID=8148 TID=8564 GMTDATE=Sun Feb 16 00:58:21.492 2020 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0  $$<02-16-2020 06:28:21.492-330>
Successfully performed User Service availability check against local computer for /CMUserService_WindowsAuth/applicationviewservice.asmx.~  $$<02-16-2020 06:28:21.496-330>

Resources

8 COMMENTS

  1. Hi,

    I am currently on MECM 2002 and completed a fresh install with a stand alone MECM 2002 Server (which contains all the MECM roles) and a database on a separate server.

    I dont see the SMS_CCM folder in C:\Program Files is this normal or how do I get this folder to install. I have tried uninstalling and reinstall the MP and it still doesnt create this folder.

    Another issue I am seeing reported in the logs is:

    I am running https for my MP.

    In the mpcontrol.log it is giving the below error:

    Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
    Http test request failed, status code is 401, ‘Authentication failed’.

    SMS_MP_CONTROL MANAGER is showing:
    MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

    I am able to access https:///SMS_MP/.SMS_AUT?MPLIST without any issues
    I am am having issues accessing: http:///SMS_MP/.SMS_AUT?MPLIST

    Your guidance is much appreciated.

  2. I have uninstalled the mp role and the reinstalled the mp role. But issue still occurs and the weird thing is the MP seems to be working without issue.

    Can I confirm is the SMS_CCM role required if the MP is installed on a Primary (Standalone Server)?

    Should http:///SMS_MP/.SMS_AUT?MPLIST be accessible if it is a https management point?

    In the log it says:

    MSI (s) (F4:BC) [12:34:56:266]: PROPERTY CHANGE: Modifying CCMINSTALLDIR property. Its current value is ‘C:\Program Files\SMS_CCM’. Its new value: ‘C:\Windows\CCM\’.

    Thanks again

      • Thanks heaps you are awesome. I have been able to get the SMS_CCM folder now on my Primary Server. Reason was that sccm client was installed on the server and after uninstalling it and reinstalling the MP the folder came back.

        I however am still getting a 401 error in the mpcontrol.log it is giving the below error:

        Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
        Http test request failed, status code is 401, ‘Authentication failed’.

        On the SMS_MP_CONTROL MANAGER is showing:
        MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

        On the SECM Server I am able to browse to:
        I am able to access http:/// and https:///

        But on the MP:
        I am able to access https:///SMS_MP/.SMS_AUT?MPLIST without any issues

        I am am having issues accessing: http:///SMS_MP/.SMS_AUT?MPLIST the error that comes up when browsing to it is “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.”

        Considering that my Management point is running https can the error above be ignored or is there a location that I need to add permission to stop this error from occurring?

        Thanks heaps.

  3. Anoop you are awesome. I was able to get the SMS_CCM folder now and issue was to do with SCCM Client being installed. Removing it and reinstalling MP in solve that issue.

    The weird thing is that I am still getting a 401 error. In the mpcontrol.log it is giving the below error:

    Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
    Http test request failed, status code is 401, ‘Authentication failed’.

    SMS_MP_CONTROL MANAGER messaging is showing:
    MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

    I am able to to browse to:

    https:///SMS_MP/.SMS_AUT?MPLIST

    But I am not able to browse to:
    http:///SMS_MP/.SMS_AUT?MPLIST and when I browse to it I am getting the error message: “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.”

    I am also able to browse to https:// and http:// hence I believe IIS is working correctly.

    My Management point is running https and clients are running https only.

    Thanks heaps

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.