Fix SCCM Default IIS Configurations DP MP Troubleshooting Issues ConfigMgr Configuration Manager

Fix SCCM Default IIS Configurations DP MP Troubleshooting Issues ConfigMgr Configuration Manager? I think this post will help us to understand the default settings of IIS when it’s installed and configured by SCCM / ConfigMgr vNext (2016) itself.

IIS role is installed and configured by SCCM when you install the DP site system server role. These are the IIS configurations of the SCCM vNext TP 3 lab. I’ve seen SCCM admins change the IIS settings manually to work around some issues.

Introduction – Fix SCCM Default IIS Configurations DP Troubleshooting Issues

However, it’s hard to find out the default settings of a freshly installed SCCM server once we change IIS configurations. Probably, this post may help in those situations. The version of IIS is IIS 8.

Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager

Following are the two applications that are created in IIS for SCCM DP.  Those are for content and signature files.

Patch My PC

ACNCM2016\Sites\Default Web Site\SMS_DP_SMSPKG$

ACNCM2016\Sites\Default Web Site\SMS_DP_SMSSIG$

Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager

Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager?

Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager

DP Troubleshooting Issues ConfigMgr Configuration Manager

SMS Distribution Points Pool Application advanced settings. .NET CLR Version is v4.0, Enabled 32-Bit Applications = False, Managed Pipeline Mode = Integrated.

SMS Distribution Points Pool Application Basic Setting:-

SCCM IIS Configurations Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager

SCCM IIS Application Pool settings:- SMS Distribution Points Pool – Identity is LocalService, and this application pool is assigned to 2 applications.

SCCM IIS Configurations Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager

There are two Virtual directories created in IIS for SCCM DP:- SMS_DP_SMSPKG$ and subfolders where SCCM applications and Packages contents are stored – DataLib, FileLib, and PkgLib! SMS_DP_SMSSIG$ is the signature folder.

Adaptiva
Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager

Directory Browsing is enabled for these package content virtual directories:-

Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS

Authentication of SCCM related IIS virtual folders is also important:- Windows Authentication is the only authentication method IIS enables kernel-mode authentication.

Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS

Edit SCCM IIS-related applications using the following:- We can test the authentication and connectivity from this IIS wizard.

Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager
Fix SCCM Default IIS

Websites of the root virtual folders like SMS_DP_SMSPKG$ and SMS_DP_SMSSIG$:- 404 not found error. Browse options won’t work!

http://localhost/SMS_DP_SMSPKG$

http://localhost/SMS_DP_SMSSIG$

SCCM IIS Configurations
Fix SCCM Default IIS Configurations DP Troubleshooting Issues ConfigMgr Configuration Manager

Browse IIS website option will work for SCCM content library folders like – DataLib, FileLib, and PkgLib.

http://localhost/SMS_DP_SMSPKG$/DataLib

http://localhost/SMS_DP_SMSPKG$/FileLib

http://localhost/SMS_DP_SMSPKG$/PkgLib

SCCM IIS Configurations
SCCM IIS Configurations
SCCM IIS Configurations

Resources

SCCM Related Posts Real World Experiences Of SCCM Admins (anoopcnair.com)

Author

Anoop is Microsoft MVP! He is a Solution Architect in enterprise client management with more than 20 years of experience (calculation done in 2021) in IT. He is a blogger, Speaker, and Local User Group HTMD Community leader. His main focus is on Device Management technologies like SCCM 2012, Current Branch, and Intune. E writes about ConfigMgr, Windows 11, Windows 10, Azure AD, Microsoft Intune, Windows 365, AVD, etc…

7 thoughts on “Fix SCCM Default IIS Configurations DP MP Troubleshooting Issues ConfigMgr Configuration Manager”

  1. Hello Anoop,

    This is really nice and informative blog.

    Can you also share some documentation about IIS configuration for WSUS for IBCM facing server where SSL will be enabled?

    Many thanks,
    Manish

    Reply
  2. Really most odd statements here:
    Browse IIS website option will work for SCCM content library folders like – DataLib, FileLib and PkgLib

    That will not happen on default install! Not on localhost & not across network

    One will ALWAYS get 403 – Forbidden: Access is denied.

    Reply
  3. Hi Anoop,
    I have faced an issue in Windows deployment after version upgrade. error was “8007002” in task sequence. I have opened the client deployment log and find the error was IIS 404 in “propfind /sms_dp_smspkg$/”. i went through this page and confirmed the values are equal to my settings. finally i found that “SCCMContentLib” folder permission was missed for IIS/Users. i have added users with read permission and my issue is resolved. You may add a line for checking the NTFS security of the mentioned folder in you blog.
    Thanks Anoop for giving a hint
    Regards
    Vinod

    Reply
  4. Hi Anoop
    I am having an issue with iis certificate being expired.
    I have sccm server 2012 and the iis certificate has expired.

    I generated a new certificate. However, when I import the new certificate I get an error:

    Mismatched Address

    I believe I generated the cert. with the wrong information.
    Should I use https://localhost as the CN

    Reply
  5. OMG, this was article was a life saver for me. I was facing many issues in my SCCM after check that i could fix Thank you so much Anoop

    Reply
  6. How about adding Part II and go over all the details when configuring your DP’s using https/certificates therefore explaining the authentication that goes on for the following virtual directories.

    CCMTOKENAUTH_SMS_DP_SMSPKG$
    NOCERT_SMS_DP_SMSPKG$
    SMS_DP_SMSPKG$

    Reply

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.