Re: Management Points not working after domain controler demontion on
- From: "Rune Norberg" <runeno@xxxxxxxxxxxxxxxx>
- Date: Wed, 25 Apr 2007 21:37:06 +0200
I've done this quite a lot, but on W2k3 SP1/IIS6, and there is a lot of issues. I have a procedure that works for me; some steps might not be required on all servers but generally I find it better to just follow it and be sure that it comes up again without any issues :-)
In short and out of my head what's need to be done is:
1. Remove and install IIS again (with BITS support). This causes IIS accounts to be recreated in local SAM.
2. Run ccmclean /mp to force removal of MP
3. Use dcomcnfg and check if there are any DCOM objects related to SMS IIS sites, and eventually manually delete them (*ccm* + sms*dp*?)
4. Force SMS site reset. This causes SMS accounts (groups) to be recreated in local SAM.
5. Verify MP is correctly setup after site reset.
6. If any DP was BITS enabled: create resetisapi.trn in ...\sms\inboxes\distmgr.box to force "republishing" of the BITS enabled DP (create the missing DCOM objects)
7. Verify membership of local SMS groups
Rgds,
Rune
"Bruce Taylor" <BruceTaylor@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:A40A60F5-CBC1-44DD-9F1F-3EE52E2C385B@xxxxxxxxxxxxxxxx
Thanks I'll try that tomorrow. Today we ran FILEMON on the server while
trying to access the site and after adding some permissions for the local IIS
accounts managed to get some progress, still issues though so I'll be trying
that tomorrow. Otherwise its a weekend of removing IIS and the secondary
sites and re-installing them which should work fine (pity about resending all
those packages!).
Read a bit about the recommended tool though and it looks good. Will post
back after giving it a go tomorrow night. Great to see some good input
comming though, much appreciated.
BT
"Bruce Taylor" wrote:
Recently a client demoted a number of Windows 2000 DC's. These where
secondary SMS servers running IIS 5.0. Applications cannot be deployed to
these servers now. It seems that IIS lost its ability to allow guest access.
When looking at the MP through IE (from another computer) to for example
http://SERVER/sms_mp/.sms_aut?mplist we get
You are not authorized to view this page
Looking at the the MPCONTROL.LOG file on these servers we see a lot of
Http verification .sms_aut (port 80) failed with status code 401, Access
Denied $$<SMS_MP_CONTROL_MANAGER><Sun Apr 22 12:33:52.437 2007 New Zealand
Standard Time><thread=3660 (0xE4C)>
This was not happening before the demotion. The servers that where not
demoted are fine. As I understand it when a DC uses IIS it has no local
accounts so it created domain account for things like ISUR_SERVER type
accounts. Now the servers are member servers it does seem to have created
these accounts locally.
I cant find anything on demoting a secondary server running as a DC (not
recommended I know but common enough).
Any ideas out there? I am not a SMS or IIS expert but I have an
understanding of the basics. Do we need to re-install IIS and SMS on these
servers? I am hoping there is a way to avoid re-distributing all that data
over our thin links.
Thanks in advance.
Bruce
.
- Prev by Date: Re: SMS Report?
- Next by Date: Re: Systems not showing in OU-based collections
- Previous by thread: Re: Management Points not working after domain controler demontion on
- Next by thread: Re: SMS 2003 Admin console in Vista over Wireless
- Index(es):
Relevant Pages
|
Loading
