Posts Tagged ‘SCCM 2012’

SMS Component Manager failed to install component SMS_PORTALWEB_CONTROL_MANAGER on server . The IIS ASP.NET is not registered correctly

May 10, 2012

When installing ConfigMgr 2012 on a site, i was looking at the Site Status node to check if all components were doing good.
This is located in the ConfigMgr Console under \Monitoring\Overview\System Status\Site Status
One component had a red X, specifically the Application Catalog Website Point Role.

Specific error messages were:

Site Component Manager failed to install component SMS_PORTALWEB_CONTROL_MANAGER on server .

The IIS ASP.NET is not registered correctly.
Solution: Review Microsoft Technet article located at: to resolve the issue.

Wow, now that’s a pretty clear errormessage, even including a link how to fix it.
Lets see some more info about this though.
There is a specific logfile for this component, called SMSPORTALWEBsetup.log, which in a default installation is located under C:\Program Files\Microsoft Configuration Manager\Logs.

In this file, the following was shown

So, ASP.NET isn’t properly registered in IIS. And we know how to fix it.
Just run

%windir%\Microsoft.NET\Framework\version\aspnet_regiis.exe” -i

Ehm, but what about the \version\ bit then?
There are no less then SIX versions of .NET present on this system:

Now which one to register?
It would make sense it it was the 4.0 version, since that is a new requirement in ConfigMgr 2012.
So, lets do that one:

Hey waddayaknow? It worked.
The installation of the role finished nicely:

Thanks to Markus Baker, whose blog posting confirmed my findings. Was hard to find though, in German 🙂


Mobile Device Management in SCCM 2012 – Hands on (Part 2)

April 29, 2012

So, after connecting the SCCM 2012 server to Exchange and getting some info about devices through EAS, now it’s time to really get busy with Mobile Device Management.

In this posting i will show you how i set up the Mobile Device Enrollment, and actually got my old Windows Mobile 6.5 phone enrolled. W00t!

Starting point in this is this 10-step program to get your mobile devices managed in SCCM 2012.

The basic steps are:

  • Set up a working Microsoft PKI infrastructure
  • Install and configure certificates to SCCM servers
  • Install Enrollment Point Roles
  • Publish the Enrollment point so devices can contact it
  • Allow users to enroll their device

The first step is a tricky one already. Setting up a single issuing Root CA in a test environment is no big deal. But setting up a PROPER PKI Infrastructure is a whole different ballgame.

Since this is way out of scope for this post, i’ll just assume you’ve got a working PKI Infrastructure already. (hehe)

So, onto configuring the required certificates then.

I created a couple of new certificate templates:

Important note when creating these certificate templates and enabling them, is to use the “Windows Server 2003, Enterprise Edition” version.  That is the only supported version in ConfigMgr.

O, and don’t forget to configure a GPO for auto-enrollment of workstation certificates

Well, after you get all the certificates created, enabled and installed, it’s time to configure them in ConfigMgr.

Yes, that’s step 5 of the 10 step program already 🙂

This involves first configuring the MP and DP to manage Mobile Devices, which basically means enabling https, allowing internet-based client access, and selecting certificates. And don’t forget to first configure the Site System on which these roles run, with an external FQDN.

Then the Distribution Point:

and finally the MP:

Then, onto step 6, installing the Enrollment Point Role, and the Enrollment Proxy Point Roles.

When adding these roles it is important to keep in mind that you must use the external FQDN that you will use for Device Enrollment.

After his, you can already access the website containing the Device Enrollment Agents:

This very basic page (what, not even a nice System Center logo??)  contains two links, to the Client Agent installers for Windows Mobile (.cab format) and for Nokia Symbian Belle (.sisx format)

Now, we fly to step 9, to configure the device settings for Mobile Devices

Here you can set things like which usergroup you want to allow to enroll their devices.

This is done in the Mobile Device Enrollment Policy:

Now, that’s it. Now to get the old Windows Mobile device charged up, and see what we can do with it.

In the next posting that is.

Mobile Device Management in SCCM 2012 – Hands on (part 1)

April 28, 2012

In SCCM 2012 there is a completely revised version of the Mobile Device Management part.

Sure, this was already there in SCCM 2007, but hey, would YOU want to “manage” ancient Windows CE or Windows Mobile 5.0 devices? I didn’t think so too. Also, in the SCCM 2007 era, Bring Your Own Device (BYOD) wasn’t as hot as it is today, with everyone wanting to bring in and use their own Tablets, Smarphones and laptops.

Now with SCCM 2012, there is proper support for BYOD. Yeah! For a nice overview of this, see this video of Principal Program manager Jeffrey Sutherland, talking about Mobile Device Management in SCCM 2012.


Light and Depth Management

We can define two types of device management in SCCM 2012:

-> Light Management <

Working through Exchange ActiveSync, we leverage on the existing Exchange Device Policies, to do light management of the device (remote wipe, lockdown etc)

Why do we want this? It’s already in Exchange right?

Well, the Exchange admins might not be very concerned with specific end-users devices as they are with handling the mailflow, so this task may better fit with the desktop/enduser/device management team in your organization. They are the ones working with SCCM 2012, and they are the ones most interested in gathering information about, and managing the devices. Also, SCCM provides some very nice Reporting on these devices.

->In-Depth Management <-

The other type is the In-Depth Management of Mobile Devices

This does not work through EAS, but through two new SCCM Roles that have been introduced in SCCM 2012; the Enrollment Point and the Enrollment Proxy point.

In-depth management can be done in two ways;

– Enroll the mobile devices into SCCM by installing the Mobile Device Client on them. Only on supported mobile OS’s.(Currently WinMobile 6.1, 6.5 and Nokia Symbian Belle) .Offers most features.

– Enroll the mobile devices into SCCM by installing the Legacy Mobile Device Client on it. Only on supported mobile OS’s, which currently are ancient WinCE 5, 6 and 7, and WinMo 6.0. Less features, but still way more options than with EAS.

For a good comparison of all features on all three scenarios( EAS, Mobile Device Client on device, and Legacy Mobile device client), see this page on Technet.

Note that both in-depth solutions require a PKI Infrastructure, because of the Certificates that are used on the devices!

So, more on the In-Depth part later, let’s first get the EAS connected. (Yes, you can also choose hybrid solutions, ie. managing with both EAS and through the Enrollment)


Configuration of Mobile Device Management through Exchange

So, how do we set this up?

First the prereqs: an Exchange 2010 SP1 server (or Exchange Online(office365),and a working SCCM 2012 server (duh) and a network connection between them.

Then we have to establish a connection between the SCCM server and the Exchange (CAS) server.

We click Add exchange server and get the wizard:

Specifiy the name of the exchange CAS server…

Hey, look at this screen. A precise listing of the exchange permissions that the connector account requires. I’d say this calls for a new RBAC  Role in Exchange!

So, lets first create a serviceaccount for this connection and assign the proper exchange permissions to it.

Now i am going to be assigning Read-Only rights to this service account, ’cause i just want to get data from EAS about the devices, and not do any remote wiping. Which is by the way also how Microsoft IT did this (read here )


Then continue through the wizard:

I just set this to Weekly Full discovery, and Delta discovery twice a day.

So, after this wizard, the connection has been established with the CAS server.


As you can see, the path /powershell has been added to the targetpath of the Exchange server. Which makes sense, because all it really does is fire up PowerShell cmdlets against the CAS, to get information from it.

So, do we see any devices now?

First lets kick off a discovery cycle:

And behold:


Well that device has my name written all over it (tee-hee)

So, what can we do with it then?

Well, not an awfull lot:

Wipe, Block, and.. hmm. well.

Lets have a look at those Reports then:

Wow. That’s a lot of Reports Built-in. Very cool!


So far for this then.

Time to get really busy, and fire up an old Windows Mobile 6.5 phone, and start doing some real managing.

In the Next post that is.


SCCM 2012 – Boundary groups are REQUIRED in order for clients to locate DPs

April 13, 2012

If you have setup your new SCCM 2012 (test)environment, you might run into issues with clients not being able to locate required content on Distribution Points, for instance during an OSD TS.
When going into the smstslog logfile on the client, you will then see that no local DPs can be found. ( 0x80040103, Could not access package content in the DP )
This happens when you have defined boundaries, but have not yet created a Boundary Group, and have added the boundaries to this Boundary Group.
Yes, this is a new feature compared to SCCM 2007, where defining boundaries was enough for clients in a site to locate content.
“Each boundary must be a member of a boundary group before a device on that boundary can identify an assigned site, or a content server such as a distribution point.”
See more information about Boundary Groups here

SCCM 2012 PXE not working after failed OSD TS

April 8, 2012

When i was doing my first OSD TS with SCCM 2012, the TS failed at first. Of course 🙂

I got a nice error 0x80004005 during a “Build and Capture” sequence, at the point where it was supposed to start installing windows 7 x64 to my VM.

When opening the smsts.log file it told me that i had made a bad combination of Boot image (x86) and the Windows  7 version i wanted to install (x64)

Well that made perfect sense, so i changed the boot image, and was ready to retry the operation.

But hey, after rebooting, i would no longer get a PXE boot.


I had advertised the TS to the “All unknown computers” collection, but i suspected that even though this TS had failed pretty fast, somehow a record of the new computer had been made in SCCM.

And when a record has been made for the copmuter, it is of course no longer an “Unknown Computer”.

And yes, in the Collection “All Systems”, there was a new Computer object, called “unknown computer”

Hey, that’s a new one. An Unknown Computer, which is in itself no longer an unknown entity, because there is a record for it in SCCM.

And therefore, it has become a member of the “All Systems” collection, and is no longer a member of the “All Unknown Computers” collection.

Can anyone still follow me? 😛

To make a long story short, just delete this object, update the collection membership, and PXE is working again for the new computer

SCCM 2012 RTM PXE not working… Warning: Matching Processor Architecture Boot Image (0) not found

April 8, 2012

So, i am working on setting up a System Center 2012 RTM test environment, all in VMware Workstation, on a 16 GB Dell Precision M4600 laptop.
After setting up a 2008 R2 SP1 DC and a 2008 R2 SP1 CU4 SQL Server, i started with my favourite product, Configuration Manager.
After the initial installation and some basic configuration of Boundaries, Service accounts, and Server Roles, i was ready for my first OSD TS.

However, when booting my test client (vmware workstation) for PXE boot, i didn’t receive any boot file name.

Into the logs then! The smspxe.log logfile on the SCCM 2012 server showed the following error:

Okay, that’s weird. After checking that the 2 default boot images (x86 and x64) were properly distributed to the DP, i opened the boot images themselves.
Clicking around on them i found this setting:
So, that’s a new one. Appearantly you have to explicitly enable a boot image to be used on a PXE service point.

Lets see the documentation on Technet about this new feature:Click here and then expand the item “To Modify the Properties of a Boot image”.
Here we see the option mentioned.
And some more information here, in the section “Distributing Boot Images to the Distribution Point
Basically when you make the Boot Images availiable to a DP, they are only copied to the DP folders, and not to the Reminst share, which is used for PXE deployment.