SMS 2003: MP authentication problems on domain controllers
dmcheng1_at_yahoo.com
Date: 02/16/05
- Previous message: dmcheng1_at_yahoo.com: "Re: SMS 2003: unassigned clients after child site rebuild?"
- Messages sorted by: [ date ] [ thread ]
Date: 16 Feb 2005 13:42:00 -0800
Can anyone explain to me the setup and permissions required for running
SMS and IIS on domain controllers? While most of my SMS environment
seems to working, I have had a few site servers that have rebooted and
since then, their Management Points fail the authentication (the
http://....?mpcert and ?mplist pages) and I can't get them running
again even after reinstalling the Management Point.
Here's my setup: SMS 2003 (no SP) running on Windows 2003 Server (no
SP) in an Active Directory tree, all in the same domain. A central
primary site server at the data center and about 170 child primary site
servers at remote locations. All servers are domain controllers and
running SMS, IIS 6, and SQL 2000.
I see the IUSR and IWAM accounts for all the affected site servers in
the Active Directory. The accounts have not been disabled. I have
placed the IWAM accounts into a group called IWAM_ALL_DCs. I have
placed IWAM_ALL_DCs into the IIS_WPG group so that when a new IIS
server comes up, the list isn't wiped out.
Question: Should IIS_WPG be a member of any domain groups? Right now
it is not.
I run IIS Admin on the affected site servers,verify that SMS Management
Point Pool and CCM Server Framework application pools are using IWAM
and are started. Then I restart the IIS server process.
When I go to the mpcert and mplist pages, I get Service Unavailable
errors and then I see that the application pools have stopped.
Any advice would be appreciated!
Thanks
David
- Previous message: dmcheng1_at_yahoo.com: "Re: SMS 2003: unassigned clients after child site rebuild?"
- Messages sorted by: [ date ] [ thread ]
Relevant Pages
|
