SCCM 2012 - Error sending DAV request. HTTP code 401, status 'Unauthorized'
Hi everyone!
I have a SCCM 2012 install with SQL 2008 R2 RU6 on it. All roles on the same server.
Application deployment was working last week and suddently, today, it's not working anymore.
Client fail to download applications. When I see the log "dataTransfertService.log" I got:
<![LOG[Enumerating DTS jobs for logged on user 'S-1-5-21-3498061407-3801314532-3722532443-1799'.]LOG]!><time="16:45:51.388-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="3536" file="dtslogon.cpp:135">
<![LOG[Enumeration of DTS jobs for logged on user 'S-1-5-21-3498061407-3801314532-3722532443-1799' is complete.]LOG]!><time="16:45:51.878-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="3536" file="dtslogon.cpp:151">
<![LOG[Enumerating DTS jobs for helper user 'S-1-5-21-3498061407-3801314532-3722532443-1799'.]LOG]!><time="16:45:51.878-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="3536" file="dtslogon.cpp:154">
<![LOG[Enumeration of DTS jobs for helper user 'S-1-5-21-3498061407-3801314532-3722532443-1799' is complete.]LOG]!><time="16:45:51.939-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="3536" file="dtslogon.cpp:170">
<![LOG[UpdateURLWithTransportSettings(): OLD URL - http://xxx.com/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1]LOG]!><time="16:48:31.738-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="ccmutillib.cpp:3083">
<![LOG[UpdateURLWithTransportSettings(): NEW URL - http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1]LOG]!><time="16:48:31.738-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="ccmutillib.cpp:3095">
<![LOG[DTSJob {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} created to download from 'http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1' to 'C:\WINDOWS\ccmcache\3f'.]LOG]!><time="16:48:31.816-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="datatransferservice.cpp:186">
<![LOG[DTSJob {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} in state 'DownloadingManifest'.]LOG]!><time="16:48:31.816-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="2432" file="dtsjob.h:157">
<![LOG[[CCMHTTP] ERROR: URL=http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="16:48:32.281-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="ccmhttperror.cpp:291">
<![LOG[Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:4D48BE30-A5BE-40C1-A946-B0773DE7C060";
DateTime = "20120723144832.297000+000";
HostName = "xxx.com";
HRESULT = "0x87d0027e";
ProcessID = 2236;
StatusCode = 401;
ThreadID = 4204;
};
]LOG]!><time="16:48:32.297-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="event.cpp:729">
<![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="16:48:32.312-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="ccmhttperror.cpp:395">
<![LOG[Error sending DAV request. HTTP code 401, status 'Unauthorized']LOG]!><time="16:48:32.312-120" date="07-23-2012" component="DataTransferService" context="" type="3" thread="4204" file="util.cpp:629">
<![LOG[GetDirectoryList_HTTP('http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1') failed with code 0x80070005.]LOG]!><time="16:48:32.312-120" date="07-23-2012" component="DataTransferService" context="" type="3" thread="4204" file="util.cpp:688">
<![LOG[Job {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} impersonating Network Access Account.]LOG]!><time="16:48:32.825-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="netaccessaccount.cpp:429">
<![LOG[[CCMHTTP] ERROR: URL=http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="16:48:32.887-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="ccmhttperror.cpp:291">
<![LOG[Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:4D48BE30-A5BE-40C1-A946-B0773DE7C060";
DateTime = "20120723144832.887000+000";
HostName = "xxx.com";
HRESULT = "0x87d0027e";
ProcessID = 2236;
StatusCode = 401;
ThreadID = 4204;
};
]LOG]!><time="16:48:32.887-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="event.cpp:729">
<![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="16:48:32.902-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="ccmhttperror.cpp:395">
<![LOG[Error sending DAV request. HTTP code 401, status 'Unauthorized']LOG]!><time="16:48:32.902-120" date="07-23-2012" component="DataTransferService" context="" type="3" thread="4204" file="util.cpp:629">
<![LOG[GetDirectoryList_HTTP('http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1') failed with code 0x80070005.]LOG]!><time="16:48:32.902-120" date="07-23-2012" component="DataTransferService" context="" type="3" thread="4204" file="util.cpp:688">
<![LOG[Job {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} reverted impersonation.]LOG]!><time="16:48:32.902-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="netaccessaccount.h:93">
<![LOG[DTSJob {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} in state 'Cancelled'.]LOG]!><time="16:48:33.011-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="dtsjob.h:157">
<![LOG[DTSJob {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} cancelled by client.]LOG]!><time="16:48:33.011-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="dtsjob.cpp:2771">
I already verified every single permissions, NAA is configured and has correct rights. I really don't understand what has changed...
any suggestion???
Thank you very much!
-
Moved by
Joyce Wang [MSFT]Microsoft employee
Monday, July 23, 2012 4:45 PM
(From:Configuration Manager 2012 - General)
July 23rd, 2012 3:04pm
Check in IIS that SMS_DP_SMSPKG$ have Windows Authentication Enabled.
July 23rd, 2012 3:20pm
I would check IIS log files too.
July 23rd, 2012 3:21pm
SMS_DP_SMSPKG$ has Windows Authentication Enabled.
IIS Logs:
2012-07-23 15:10:08 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.79 ccmhttp 200 0 0 339
2012-07-23 15:11:38 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.52 ccmhttp 200 0 0 38
2012-07-23 15:11:38 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.52 ccmhttp 200 0 0 166
2012-07-23 15:11:38 10.28.80.98 PROPFIND /SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1 - 80 - 10.28.81.52 SMS+CCM+5.0 401 2 5 1
2012-07-23 15:11:39 10.28.80.98 PROPFIND /SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1 - 80 - 10.28.81.52 SMS+CCM+5.0 401 2 5 0
2012-07-23 15:11:39 10.28.80.98 PROPFIND /SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1 - 80 - 10.28.81.52 SMS+CCM+5.0 401 1 3221225581 11
2012-07-23 15:11:39 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.52 ccmhttp 200 0 0 384
2012-07-23 15:13:01 fe80::31df:ba5:7c1:caf6%11 GET /SMS_MP/.sms_aut MPLIST 80 - fe80::31df:ba5:7c1:caf6%11 SMS_MP_CONTROL_MANAGER 200 0 0 4
2012-07-23 15:13:11 10.28.80.98 CCM_POST /ccm_system_windowsauth/request - 80 - 10.29.73.101 ccmhttp 401 2 5 6
2012-07-23 15:14:01 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.82.72 ccmhttp 200 0 0 23
2012-07-23 15:15:40 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.52 ccmhttp 200 0 0 348
2012-07-23 15:15:55 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.79 ccmhttp 200 0 0 363
2012-07-23 15:16:12 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.29.73.101 ccmhttp 200 0 0 393
2012-07-23 15:17:06 10.28.80.98 CCM_POST /ccm_system_windowsauth/request - 80 - 10.28.81.79 ccmhttp 401 2 5 0
In "ContentTransferManager.log" i see that error:
<![LOG[Starting CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89}.]LOG]!><time="17:11:38.999-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5400" file="ctmjob.cpp:2980">
<![LOG[Created CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} for user S-1-5-18]LOG]!><time="17:11:39.030-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5400" file="ctmanager.cpp:487">
<![LOG[Created and Sent Location Request '{996973D0-911C-4929-BE9D-39CB4D759265}' for package Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c]LOG]!><time="17:11:39.092-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5332"
file="ccmpkglocation.cpp:83">
<![LOG[CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA]LOG]!><time="17:11:39.092-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5332" file="ctmjob.cpp:1432">
<![LOG[Queued location request '{996973D0-911C-4929-BE9D-39CB4D759265}' for CTM job '{1C23F5FF-8ED3-43D2-91ED-169F82A24E89}'.]LOG]!><time="17:11:39.139-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5332" file="ctmjob.cpp:151">
<![LOG[Persisted locations for CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89}:
(LOCAL) <a href="http://xxx.com/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1]LOG]!><time="17:11:39.452-120">http://xxx.com/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1]LOG]!><time="17:11:39.452-120" date="07-23-2012"
component="ContentTransferManager" context="" type="1" thread="5392" file="ctmjob.cpp:1894">
<![LOG[CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} (corresponding DTS job {D22196C4-A803-42F4-B4FD-6F5FA777A778}) started download from 'http://xxx.com/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1' for full content download.]LOG]!><time="17:11:39.514-120"
date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5392" file="ctmjob.cpp:413">
<![LOG[CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA]LOG]!><time="17:11:39.577-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5188" file="ctmjob.cpp:1432">
<![LOG[CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} encountered error 0x80070005 during download ('Error processing manifest.')- The error maps to denied access.]LOG]!><time="17:11:40.217-120" date="07-23-2012" component="ContentTransferManager"
context="" type="3" thread="5400" file="ctmjob.cpp:2489">
July 23rd, 2012 3:28pm
Like i said SMS_DP_SMSPKG$ has Windows Authentication Enabled and that's the only authentication method configured for this virtual directory... i really don't understand where is the "access denied" comes from...
July 23rd, 2012 4:16pm
For testing, my Network Access Account is local admin of SCCM server and domain admin.
Still getting same errors...
Last week, it was working...
If anyway have some ideas, i will test anything.
July 23rd, 2012 5:33pm
Oh another point: could someone confirm me that WebDAV is not used anymore in SCCM 2012?
July 23rd, 2012 5:53pm
Webdav is not used any more in sccm 2012.
Sounds strange that it worked last week, no patching or other configuration has been made?
July 23rd, 2012 5:56pm
No change from what i know...
All errors seems to come from IIS. I have no errors in SCCM logs. Access denied with 0x80070005 error code or HTTP 401.2...
What do I need to verify?
July 23rd, 2012 6:20pm
Webdav is not used any more in sccm 2012.
That could be a very mis-leading statement depending on exactly what you are talking about.
WebDAV, the HTTP extension, is absolutely used in ConfigMgr 2012; however, WebDAV the Windows server component is not used. Essentially, the implementation of the WebDAV HTTP extension was directly incorporated into the ConfigMgr roles requiring it without
an dependancy on the Windows server component and thus no need to install it.
July 23rd, 2012 7:56pm
NAA is not used by clients unless they are untrusted so unless this is a workgroup system or one in an untrusted forest, it has nothing to do with the NAA.
Does this happen on all clients or just one?
Have you tried manually accesing the location listed in the log above via IE?
July 23rd, 2012 8:01pm
that's what I meant but expressed myself bad.
July 23rd, 2012 9:54pm
When I try to access the mentionned URL in IE from the client computer, I can see a link to the MSI file. When I click on the link, I get prompted for credentials. Is-it normal behavior?
(Im connected with a domain admin account on that computer, it-shouldn't prompt in my mind... and even if I type my admin credential, access is not granted...)
-
Edited by
Hammoudi SamirMicrosoft employee
Tuesday, July 24, 2012 6:59 AM
July 24th, 2012 6:26am
I have 2 primary sites on different networks. 1 is working fine with only Windows Authentication enabled, the other newly installed site had the same problem as you are experiencing:
encountered error 0x80070005 during download ('Error processing manifest.')
Fixed the problem by enabling "Allow clients to connect anonymously" on the site in the ConfigMgr management console: Administration -> Distribution Points
If someone finds the root cause of this problem please post.
July 24th, 2012 8:46am
Is the DP remote from the site server?
Was it a clean OS install on the system hosting the DP?
How did you configure IIS?
Are there any group policies being applied to the system hosting the DP?
Have you disabled any anti-malware software on the system hosting the DP?
The above are all pretty generic questions. Know that this is not normal or standard behavior and you should not have to configure anything special to make this work which means something unique to your environment or configuration is
probably causing it. Unless there's something that jumps out, I would recommend calling CSS as this is a very difficult issue to troubleshoot via the forums.
July 24th, 2012 1:41pm
No its a local DP on the primary site. Clean install of OS.
IIS has been configured with all SCCM 2012 prerequisites.
No specific GPO on the server.
I tried to deploy a DP on a new server and it works fine. So my concern is my primary site's DP.
I tried to uninstall the DP (deleted SCCMContentLib, SMSPKGE$ and SMSSIG$ folders) and reinstall it on the primary site but without success.
I know it's not easy to troubleshoot via a forum.
July 24th, 2012 5:26pm
Were you able to fix that Hammoudi? We're facing the same issue.
September 4th, 2012 10:26am
Hi,
I think Ive got the same issue but Im trying to install software updates during build & capture. If anybodys found a solution please post!
I can work around the problem it by setting the SMS_DP_SMSPKG$ site to allow anonymous access while I get a Build and Capture (SCCM kindly sets it back to Windows Auth only in case I forget). With anonymous access allowed my build and capture runs just like
Id expect but as soon as the site is back to Windows Auth I fail again.
My NAA is definitely correct and has domain and local admin rights. An oddity of my config is that my \SCCMContentLib folder is a separate LUN mounted in the \SCCMContentLib folder. Permissions are all correct as far as I can tell and software distribution
works just fine once clients are installed so I dont expect this to be related to the problem but until I find the solution who knows
<![LOG[[CCMHTTP] ERROR: URL=http://sccmser.dom.local:80/SMS_DP_SMSPKG$/9b7126b2-ad31-49f0-afc9-6d87e22b7999, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="20:15:30.515-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3660" file="ccmhttperror.cpp:291">
<![LOG[Raising event:
instance of CCM_CcmHttp_Status
{
ClientID = "GUID:EB59B772-9ED0-4F7F-B109-2B4EA1B38CF6";
DateTime = "20120911191530.515000+000";
HostName = "sccmser.dom.local";
HRESULT = "0x87d0027e";
ProcessID = 2932;
StatusCode = 401;
ThreadID = 3660;
};
]LOG]!><time="20:15:30.515-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3660" file="event.cpp:729">
<![LOG[DTSJob {FDF58917-1378-4A01-B7CC-7F2AC05616C8} in state 'Cancelled'.]LOG]!><time="20:15:30.531-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3644" file="dtsjob.h:157">
<![LOG[DTSJob {FDF58917-1378-4A01-B7CC-7F2AC05616C8} cancelled by client.]LOG]!><time="20:15:30.531-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3644" file="dtsjob.cpp:2771">
<![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="20:15:30.546-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3660" file="ccmhttperror.cpp:395">
<![LOG[Error sending DAV request. HTTP code 401, status 'Unauthorized']LOG]!><time="20:15:30.546-60" date="09-11-2012" component="DataTransferService" context="" type="3" thread="3660" file="util.cpp:629">
<![LOG[GetDirectoryList_HTTP('http://sccmser.dom.local:80/SMS_DP_SMSPKG$/9b7126b2-ad31-49f0-afc9-6d87e22b7999') failed with code 0x80070005.]LOG]!><time="20:15:30.546-60" date="09-11-2012" component="DataTransferService" context="" type="3" thread="3660" file="util.cpp:688">
<![LOG[Job {0AECCD3D-8CFD-4F4A-B683-719300273900} reverted impersonation.]LOG]!><time="20:15:30.546-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3660" file="netaccessaccount.h:93">
<![LOG[DTSJob {0AECCD3D-8CFD-4F4A-B683-719300273900} in state 'Cancelled'.]LOG]!><time="20:15:30.562-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="2868" file="dtsjob.h:157">
<![LOG[DTSJob {0AECCD3D-8CFD-4F4A-B683-719300273900} cancelled by client.]LOG]!><time="20:15:30.562-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="2868" file="dtsjob.cpp:2771">
September 11th, 2012 7:45pm
I followed your advice and enabled "Allow clients to connect anonymously" on the DP. That resolved the issue for me as well. I am now able to deploy OS\Apps via Task Sequence.
I have a support case open with Microsoft regarding this issue.
I'll post what i find out.
October 26th, 2012 8:10pm
Did you apply the hotfix mentioned in my below post to the client(s)?
October 27th, 2012 6:55pm
I have not applied the hotfix yet. Im currently waiting to hear back from Microsoft support.
October 31st, 2012 4:33pm
It's a client side hotfix. Why not apply it and test it yourself on a client?
October 31st, 2012 7:10pm
We are right in the middle of a hardware refresh this week. Enabling the "Allow clients to connect anonymously" setting on the DP was just a workaround to stay on schedule.
Following the refresh I'll disable setting on the DP and install the hotfix.
Thanks,
Mike
October 31st, 2012 7:50pm
Jason I took your advice.
I disabled the
"Allow clients to connect anonymously" setting on the DP and installed the hotfix... unfortunately it did not resolve the issue.
In the end MS support basically recommended enabling "Allow clients to connect anonymously" on the DP.
Is there any real risk in having that setting enabled?
Thanks,
Mike
November 6th, 2012 8:16pm
Webdav is not used any more in sccm 2012.
Sounds strange that it worked last week, no patching or other configuration has been made?
Is this actually correct. I was able to install SCCM properly without including this feature.
November 6th, 2012 8:22pm
Where did you install the hotfix? From the above text it sounds like you installed it on the DP which is incorrect since this is a client issue it should be installed on the clients.
November 7th, 2012 3:36am
Please re-read my answer about this above. The text of that statement is correct but the spirit of it is incorrect. The Windows Server WebDAV component is no longer used by ConfigMgr but WebDAV (which is merely an http protocol extension) is still used
-- the product team simply chose to implement this extension themselves instead of using the server component. Thus the server component is not needed (and not listed as a pre-req) but that in no way implies or says that WebDAV is
November 7th, 2012 3:39am
The hotfix was installed on the client.
November 8th, 2012 2:35pm
It's a client side hotfix. Why not apply it and test it yourself on
November 8th, 2012 8:59pm
My environment had the same problem. The problem appears to be happening even before the OS is loaded. So hotfix option might not have helped.
1 . Enabled Anonymous access in the Default Web page - Worked for a day. But after refreshing the package same downloading content issue came back
2. Enabled Anonymous access in the SMS_DP_SMSPKG$ - Worked for sometiem. But after modifying a TS steps same downlading content issue came back
3. Finally - Allow clients to connect anonymously resolved this issue.
This is not the case in CM07.
As asked earlier not sure what are the risks involed in this. We are planning for installing DP in the DMZ with internet facing for IBCM clients. Not sure how this setting will affect. Planning to open a case with MS.
November 23rd, 2012 7:50pm
We too are seeing this issue. The only fix was to enable "Allow clients to connect to anonymously". The hotfix applied to our Gold Image did not resolve this issue.
November 27th, 2012 3:13pm
Hi Matt
I also have this issue. As you said, The only fix was to enable "Allow clients to connect to anonymously".
Is there a fix for this?
Troy
http://www.silentcrash.com/
-
Proposed as answer by
InitechTech
Thursday, January 24, 2013 6:18 PM
-
Unproposed as answer by
InitechTech
Thursday, January 24, 2013 6:18 PM
December 2nd, 2012 9:29am
Hey Not sure if someone found a solution to this. I had the same problem and what I found was that you need to set the Network Access Account and then it seems to work. It users this account to try and access the packages and it fails because nothing is
supplied i guess. So try that out and let me know if works. It worked for me and i was getting the exact same logs as mentioned in this post. Use an account that has rights to the content, probally a admin account.
To set up the Network Access Account in SCCM 2012, go to the Administration pane, expand Site Operations and click on Sites
Then, right-click on the Site you want to set up the account for, and select Software Distribution"
Then, click on the Network Access Account tab and enter the details of an appropriate user account.
January 24th, 2013 6:26pm
Hi InitechTech, it seems you've had a different problem to the one on this thread. You hadn't finished configuring you site with the necessary credentials. The problem many of us have had is after we've completed configuration and in some case got everything
working, the problem then occurs with no obvious config change. Regards Rob
January 24th, 2013 8:52pm
We too are seeing this issue. The only fix was to enable "Allow clients to connect to anonymously". The hotfix applied to our Gold Image did not resolve this issue.
just had the same issue on a fresh server 2012 (used as secondary site server).
clients could not download packages until anonymous logon was enabled for SMSIG and SMSDPKG IIS folders.
April 10th, 2013 1:12pm
We too are seeing this issue. The only fix was to enable "Allow clients to connect to anonymously". The hotfix applied to our Gold Image did not resolve this issue.
I'm also experiencing the same issue with patches not installing during OSD build and capture and the SMSTS.log showing ~100 lines of
Update with CIID Site_{GUID}/SUM_{GUID} failed with hr = 0x80070005
The environment is 2012 SP1 CU1, Windows Server 2008 R2 SP1, and SQL 2008 R2 SP2 CU0. IIS shows Windows Authentication on SMS_DP_SMSPKG$, I've validated the Network Access Account, and I've installed KB2522623 early in the build task sequence.
The only resolution thus far has been to enable "Allow clients to connect to anonymously".
June 29th, 2013 3:04am
Hi,
We had the same problem downloading content from untrusted forests too, and the hotfix resolved it for us. Thanks!
One odd thing is that the clients that were in the same physical site had no issues, it was only clients across a WAN which had an problem downloading the content.
July 5th, 2013 2:26pm
Also fighting with this issue on Server 2012 platform. None of packages or apps are distributable. Site server has been recovered, after that the issue arised. In IIS, Windows Authorization is enable, and NAA account is set. I also cannot validate the
content, it always fails on any package. Maybe it has something to do with it.
August 19th, 2013 2:28pm
Hi,
I would suggest enabling Windows Authentication in IIS on the distribution points that are being affected.
For example <![LOG[GetDirectoryList_HTTP('http://xxx.com:80
-
Open IIS Manager and navigate to the level you want to manage.
-
In Features View, double-click Authentication.
-
On the Authentication page, select Windows Authentication.
-
In the Actions pane, click Enable to use Windows authentication.
Jon
September 24th, 2013 9:38am
Hi all,
i have the same Situation with CM 2012 R2 CU1 and Server 2012. Worked since months without any Problem.
I confirmed that NAA is correct and IIS authentication is also correct. When i Switch on anonymous Access i can get all back to work but this cant be the solution. Was there ever a solution for this issue ?
thanks a lot
Oliver
June 29th, 2014 7:49am
i have the same Situation with CM 2012 R2 CU1 and Server 2012. Worked since months without any Problem.
So the question is: what has changed?
June 30th, 2014 6:49am
the question is why is it not working even everything is correct configured . No changes made to the System and a second identical DP works fine. If i enable anonymous acces it works. So for me it looks like IIS is not responding to Windows authentication.
-
Edited by
SoftD
Monday, June 30, 2014 10:48 PM
June 30th, 2014 10:46pm
We too had the same problem with Configuration Manager 2012 R2 CU1 and 2012 Server.
When we select the "Allow clients to connect Anonymously" it's working fine and when we remove the check mark, it fails to authenticate. Re-installing IIS didn't work.
So worked with Bippen(MSFT) from development team and as a last step, deleted the SMSPKG$ and SMSSIG$ virtual directory from IIS. Then removed the Anonymous access check mark from the DP properties, which triggered a reconfigure of the DP and after that
clients were able to connect without any problem. Not sure if this will work for others.
July 10th, 2014 11:17pm
Hi,
meanwhile i figured out what was the Problem for me. The reason was that i configured a SPN for my MBAM application pool account on that Server. It is not MBAM specific the problem is the http SPN for a user account.
After removing the MBAM role from this Server a deleting the SPN the problem was solved. A Post in the MBAM forum pointed my into the direction.
/Oliver
July 11th, 2014 6:08am
Has been quite some time since you folk posted and discussed this issue, did you get to the bottom of it, if so can you post the solution I you can recall it, or mark one of these comments as the answer, or turn this thread into a discussion? Thanks!
August 25th, 2014 1:48pm
I can concur that on Windows Server 2008 R2, this is an OS bug (not SCCM).
I just got off the phone with MS, and had all Server 2008 R2 machines, in a separate AD Forest/Domain, would not connect.
We applied the hotfix in the KB article 2522623, and that fixed the issue.
This would be for all Windows 7 and Server 2008 R2 machines.
Cheers!
Ed
September 4th, 2014 5:25pm
Two years later and I find the same problem at a new customer; however, this time the KB2522623 hotfix DID resolve the problem.
Raphael Perez [MVP] wrote an article on this at http://myitforum.com/myitforumwp/2013/09/24/error-401-while-connecting-to-dp/ and the scenario matched my new situation exactly. Notably, the Network Access Account was never even attempted, only
the SYSTEM context which was confirmed on both the client logs and IIS logs.
If the KB does resolve your issue you'll need to plan for deploying it either via a scripted solution during the ConfigMgr client install or via a Distribution Point that is configured for Anonymous Access. If you have issues with all of your DPs allowing
Anonymous Access, consider setting up a DP with only content that needs Anonymous Access such as this KB.
July 6th, 2015 5:51pm