Install a New SCCM Management Point Role | ConfigMgr

Let’s how to Install a New SCCM Management Point site system. SCCM Management Point (MP) provides client devices policy and service location information. In this post, you shall learn how to install a New Management Point Role.

You can get more information about the use of management point site system roles from this post. The MP role installs on the site server when you install a new primary or secondary site.

ConfigMgr Primary sites support multiple instances of this role. Secondary sites help a single management point. A secondary site management point is a proxy management point because it gets all the policy and other information from the primary server DB.

The MPSetup.log, MPcontrol.log, and IIS logs (located at W3SVC1) have always been best friends when troubleshooting MP-related issues.

Patch My PC

sccm mp internal server error is called httpsendrequestsync failed port 80 status code 500. FIX SCCM Management Point Issues Internal Server Error 500.

What is SCCM Management Point

A management point provides policy and content location information to clients. It also receives configuration data from clients. The SCCM clients use a service location process to locate site system servers.

SCCM clients can communicate with these servers.

SCCM clients can get the service location process with domain and network configurations like Active Directory Domain Services and DNS.

The Management selection process is happening from the client side. The client shall get the MP details from Active Directory using System Management Container.

There are configurations like preferred Management points in the latest versions of SCCM. Preferred MPS are management points from a client’s assigned site.

You can configure preferred MPs using boundary groups. SCCM Preferred Management Points and Selection Criteria are also explained in that post.

Install a New SCCM Management Point Role | ConfigMgr
Install a New SCCM Management Point Role | ConfigMgr

Management Point Prerequisites

You need to confirm the operating system support for the SCCM Management Point installation. The following are some of the other prerequisites of SCCM MP.

  • Windows Server roles and features
    • BITS Server Extensions or Background Intelligent Transfer Services (BITS)
  • .NET Framework
    • .NET Framework version 4.5 or later
    • .NET Framework 4.8 (ConfigMgr 1906 or later)
  • IIS configuration
    • Application Development:
      • ISAPI Extensions
    • Security:
      • Windows Authentication
    • IIS 6 Management Compatibility:
    • IIS 6 Metabase Compatibility
    • IIS 6 WMI Compatibility
  • SQL Server Native Client

More details about SCCM Management Point prerequisites.

Add Site Server Account to Install a New SCCM Management Point Role

Ensure your site server has administrative privileges on the remote management point server before starting the activity.

  • Add Site Server Computer account to MP server’s local administrator’s Group.
Add Site Server Account to Install a New SCCM Management Point Role
Add Site Server Account to Install a New SCCM Management Point Role

Add New Management Point Role | ConfigMgr

You can install the Management point from the Configuration Manager console. The following are the steps to install SCCM MP on a Windows server.

You want to install remote Management points and a new site system server, following the steps.

NOTE! – When you already have a remote site system server and want to install remote MP on the already existing SCCM site system, you can skip the following two steps.

Navigate \Administration\Overview\Site Configuration\Sites. Right-click on the site server and select Create Site System Server.

 Create Site System Server - Management Point
Create Site System Server – Management Point – Install a New SCCM Management Point Role

Enter remote Management Point (MP) server FQDN and click next.

 Create Site System Server - Management Point Install a New SCCM Management Point Role
Select a server to use as a site system – Install a New SCCM Management Point Role.

Navigate \Administration\Overview\Site Configuration\Servers and Site System Roles. Select the Site System server and Right Click on the server – Select Add Site System Roles.

Add Site System Roles Install a New SCCM Management Point Role
Add Site System Roles Install a New SCCM Management Point Role

Click NEXT to continue.

Select a server to use as a site system  Install a New SCCM Management Point Role
Select a server to use as a site system. Install a New SCCM Management Point Role

Select Site System Role – Install a New SCCM Management Point Role

Click NEXT on the proxy configuration page. Proxy is not required for this Management Point (MP) setup. Select the Management Point option and click the NEXT button.

Specify roles for this server - Management Point
Specify roles for this server – Management Point Install a New SCCM Management Point Role.

Specify Management Point Settings – A management point provides clients with policy and content location information. It also receives configuration data from clients.

  • Select either HTTP or HTTPS client connections as per your requirement

NOTE! – For HTTPS configuration of Management Point – Set up HTTPS MP SUP SCCM Site Systems.

Management Point Communication HTTP Install a New SCCM Management Point Role
Management Point Communication HTTP Install a New SCCM Management Point Role

Specify Management Point Database Settings – Select Use the site database.

Select Management Point Connection Account – The Management Point Connection Account connects the management point to the SQL Server database.

  • Select Use the computer account.
  • Click NEXT to continue.
MP Database Settings Install a New SCCM Management Point Role
MP Database Settings Install a New SCCM Management Point Role

Click NEXT and NEXT and CLOSE to complete the new management point creation process.

Install a New SCCM Management Point Role | ConfigMgr 1

IIS Validation for MP Installation

The IIS component is the critical component for SCCM Management Point. The client can’t communicate with MP if IIS is down. The MP installation shall fail if the IIS is not working on the server. More details on SCCM IIS configurations.

You can launch IIS from Server Manager -> Tools -> Internet Information Services (IIS) Manager. The following are the entries created during the ConfigMgr Management Point creation.

  • CcmSystemVDirName = CCM_System
  • CcmSystemRegVDirName = CCM_System_WindowsAuth
  • CcmSystemAltAuthVDirName = CCM_System_AltAuth
  • CcmSystemTokenAuthVDirName = CCM_System_TokenAuth
  • CcmSecurityTokenServiceVDirName = CCM_STS
  • CcmUserServiceVDirName = CMUserService
  • CcmUserServiceWinAuthVDirName = CMUserService_WindowsAuth
Install a New SCCM Management Point Role
IIS MP Install a New SCCM Management Point Role

MP Logs Verification

The logs are important to validate the New Management Point installation in any SCCM | ConfigMgr| MEMCM | MECM environments. More details about SCCM Logs.

  • MPSetup.log (MP Install and Reinstall status)
  • mpMSI.log (MP MSI setup login for advanced troubleshooting)
  • mpcontrol.log (To confirm whether MP is working fine and clients can communicate with MP or not)

MPSETUP.LOG

The following are some of the sample entries of MPSETUP.log:

Installing pre-req using command line "C:\Program Files\Microsoft Configuration Manager\CMUClient\ccmsetup.exe" /UpgradeWithServer:mp
Pre Req SqlNativeClient is already installed. Skipping it.
======== Completed Installation of Pre Reqs for Role SMSMP ========
Installing the SMSMP
Passed OS version check.
IIS Service is installed.
No versions of SMSMP are installed.  Installing new SMSMP.
Enabling MSI logging.  mp.msi will log to C:\Program Files\Microsoft Configuration Manager\logs\mpMSI.log
Installing C:\Program Files\Microsoft Configuration Manager\bin\x64\mp.msi CCMINSTALLDIR="C:\Program Files\SMS_CCM" CCMSERVERDATAROOT="C:\Program Files\Microsoft Configuration Manager" USESMSPORTS=TRUE SMSPORTS=80 USESMSSSLPORTS=TRUE SMSSSLPORTS=443 USESMSSSL=TRUE SMSSSLSTATE=1024 CCMENABLELOGGING=TRUE CCMLOGLEVEL=1 CCMLOGMAXSIZE=1000000 CCMLOGMAXHISTORY=1
mp.msi exited with return code: 0
Installation was successful.
~RoleSetup().

mpMSI.log

The following are some of the log snippets from mpMSI.log.

INSTALLLEVEL = 1
CcmAdministratorsGroupName = Administrators
CcmUsersGroupName = Users
CcmCreatorOwnerAccountName = CREATOR OWNER
PrimaryVolumePath = C:
SOURCEDIR = C:\Program Files\Microsoft Configuration Manager\bin\x64\
SourcedirProduct = {5111B577-B25C-4C45-8938-4D6319E6B672}
LASTSTATESERIALNUM = 0
CCMHTTPSSTATE = 224
ProductToBeRegistered = 1
CCMHTTPSPORT = 443
CCMHTTPPORT = 80
NOTIFYONLY = FALSE
MSI (s) (94:F4) [06:07:08:915]: Note: 1: 1707 
MSI (s) (94:F4) [06:07:08:915]: Product: ConfigMgr Management Point -- Installation operation completed successfully.
MSI (s) (94:F4) [06:07:08:917]: Windows Installer installed the product. Product Name: ConfigMgr Management Point. Product Version: 5.00.8953.1000. Product Language: 1033. Manufacturer: Microsoft Corporation. Installation success or error status: 0.
LOGS Install a New SCCM Management Point Role
LOGS Install a New SCCM Management Point Role

MPControl.log

The following logfile entries confirm that MP works fine after the new installation process. The status code 200 is one of the lines you shall look into.

Successfully performed Management Point availability check against local computer.~  $$<02-16-2020 06:28:21.469-330>
SSL is not enabled.  $$<02-16-2020 06:28:21.471-330>
Using thread token for request  $$<02-16-2020 06:28:21.475-330>
Call to HttpSendRequestSync succeeded for port 80 with status code 200, text: OK  $$<02-16-2020 06:28:21.489-330>
Http test request succeeded.~  $$<02-16-2020 06:28:21.490-330>
STATMSG: ID=5465 SEV=I LEV=M SOURCE="SMS Server" COMP="SMS_MP_CONTROL_MANAGER" SYS=SCCMTP2.INTUNE.COM SITE=TP4 PID=8148 TID=8564 GMTDATE=Sun Feb 16 00:58:21.492 2020 ISTR0="" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0  $$<02-16-2020 06:28:21.492-330>
Successfully performed User Service availability check against local computer for /CMUserService_WindowsAuth/applicationviewservice.asmx.~  $$<02-16-2020 06:28:21.496-330>

Resources

Author

Anoop C Nair is Microsoft MVP! He is a Device Management Admin with more than 20 years of experience (calculation done in 2021) in IT. He is Blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. He writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc.

8 thoughts on “Install a New SCCM Management Point Role | ConfigMgr”

  1. Hi,

    I am currently on MECM 2002 and completed a fresh install with a stand alone MECM 2002 Server (which contains all the MECM roles) and a database on a separate server.

    I dont see the SMS_CCM folder in C:\Program Files is this normal or how do I get this folder to install. I have tried uninstalling and reinstall the MP and it still doesnt create this folder.

    Another issue I am seeing reported in the logs is:

    I am running https for my MP.

    In the mpcontrol.log it is giving the below error:

    Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
    Http test request failed, status code is 401, ‘Authentication failed’.

    SMS_MP_CONTROL MANAGER is showing:
    MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

    I am able to access https:///SMS_MP/.SMS_AUT?MPLIST without any issues
    I am am having issues accessing: http:///SMS_MP/.SMS_AUT?MPLIST

    Your guidance is much appreciated.

    Reply
  2. I have uninstalled the mp role and the reinstalled the mp role. But issue still occurs and the weird thing is the MP seems to be working without issue.

    Can I confirm is the SMS_CCM role required if the MP is installed on a Primary (Standalone Server)?

    Should http:///SMS_MP/.SMS_AUT?MPLIST be accessible if it is a https management point?

    In the log it says:

    MSI (s) (F4:BC) [12:34:56:266]: PROPERTY CHANGE: Modifying CCMINSTALLDIR property. Its current value is ‘C:\Program Files\SMS_CCM’. Its new value: ‘C:\Windows\CCM\’.

    Thanks again

    Reply
      • Thanks heaps you are awesome. I have been able to get the SMS_CCM folder now on my Primary Server. Reason was that sccm client was installed on the server and after uninstalling it and reinstalling the MP the folder came back.

        I however am still getting a 401 error in the mpcontrol.log it is giving the below error:

        Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
        Http test request failed, status code is 401, ‘Authentication failed’.

        On the SMS_MP_CONTROL MANAGER is showing:
        MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

        On the SECM Server I am able to browse to:
        I am able to access http:/// and https:///

        But on the MP:
        I am able to access https:///SMS_MP/.SMS_AUT?MPLIST without any issues

        I am am having issues accessing: http:///SMS_MP/.SMS_AUT?MPLIST the error that comes up when browsing to it is “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.”

        Considering that my Management point is running https can the error above be ignored or is there a location that I need to add permission to stop this error from occurring?

        Thanks heaps.

  3. Anoop you are awesome. I was able to get the SMS_CCM folder now and issue was to do with SCCM Client being installed. Removing it and reinstalling MP in solve that issue.

    The weird thing is that I am still getting a 401 error. In the mpcontrol.log it is giving the below error:

    Call to HttpSendRequestSync failed for port 443 with status code 401, text: Authentication failed
    Http test request failed, status code is 401, ‘Authentication failed’.

    SMS_MP_CONTROL MANAGER messaging is showing:
    MP Control Manager detected User Service is not responding to HTTP requests. The http error is 401. (Message ID: 5491)

    I am able to to browse to:

    https:///SMS_MP/.SMS_AUT?MPLIST

    But I am not able to browse to:
    http:///SMS_MP/.SMS_AUT?MPLIST and when I browse to it I am getting the error message: “403 – Forbidden: Access is denied. You do not have permission to view this directory or page using the credentials that you supplied.”

    I am also able to browse to https:// and http:// hence I believe IIS is working correctly.

    My Management point is running https and clients are running https only.

    Thanks heaps

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.