SCCM 2012 - Error sending DAV request. HTTP code 401, status 'Unauthorized'

Hi everyone!

I have a SCCM 2012 install with SQL 2008 R2 RU6 on it. All roles on the same server.

Application deployment was working last week and suddently, today, it's not working anymore.

Client fail to download applications. When I see the log "dataTransfertService.log" I got:

<![LOG[Enumerating DTS jobs for logged on user 'S-1-5-21-3498061407-3801314532-3722532443-1799'.]LOG]!><time="16:45:51.388-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="3536" file="dtslogon.cpp:135">
<![LOG[Enumeration of DTS jobs for logged on user 'S-1-5-21-3498061407-3801314532-3722532443-1799' is complete.]LOG]!><time="16:45:51.878-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="3536" file="dtslogon.cpp:151">
<![LOG[Enumerating DTS jobs for helper user 'S-1-5-21-3498061407-3801314532-3722532443-1799'.]LOG]!><time="16:45:51.878-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="3536" file="dtslogon.cpp:154">
<![LOG[Enumeration of DTS jobs for helper user 'S-1-5-21-3498061407-3801314532-3722532443-1799' is complete.]LOG]!><time="16:45:51.939-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="3536" file="dtslogon.cpp:170">
<![LOG[UpdateURLWithTransportSettings(): OLD URL - http://xxx.com/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1]LOG]!><time="16:48:31.738-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="ccmutillib.cpp:3083">
<![LOG[UpdateURLWithTransportSettings(): NEW URL - http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1]LOG]!><time="16:48:31.738-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="ccmutillib.cpp:3095">
<![LOG[DTSJob {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} created to download from 'http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1' to 'C:\WINDOWS\ccmcache\3f'.]LOG]!><time="16:48:31.816-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="datatransferservice.cpp:186">
<![LOG[DTSJob {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} in state 'DownloadingManifest'.]LOG]!><time="16:48:31.816-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="2432" file="dtsjob.h:157">
<![LOG[[CCMHTTP] ERROR: URL=http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="16:48:32.281-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="ccmhttperror.cpp:291">
<![LOG[Raising event:
instance of CCM_CcmHttp_Status
{
	ClientID = "GUID:4D48BE30-A5BE-40C1-A946-B0773DE7C060";
	DateTime = "20120723144832.297000+000";
	HostName = "xxx.com";
	HRESULT = "0x87d0027e";
	ProcessID = 2236;
	StatusCode = 401;
	ThreadID = 4204;
};
]LOG]!><time="16:48:32.297-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="event.cpp:729">
<![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="16:48:32.312-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="ccmhttperror.cpp:395">
<![LOG[Error sending DAV request. HTTP code 401, status 'Unauthorized']LOG]!><time="16:48:32.312-120" date="07-23-2012" component="DataTransferService" context="" type="3" thread="4204" file="util.cpp:629">
<![LOG[GetDirectoryList_HTTP('http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1') failed with code 0x80070005.]LOG]!><time="16:48:32.312-120" date="07-23-2012" component="DataTransferService" context="" type="3" thread="4204" file="util.cpp:688">
<![LOG[Job {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} impersonating Network Access Account.]LOG]!><time="16:48:32.825-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="netaccessaccount.cpp:429">
<![LOG[[CCMHTTP] ERROR: URL=http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="16:48:32.887-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="ccmhttperror.cpp:291">
<![LOG[Raising event:
instance of CCM_CcmHttp_Status
{
	ClientID = "GUID:4D48BE30-A5BE-40C1-A946-B0773DE7C060";
	DateTime = "20120723144832.887000+000";
	HostName = "xxx.com";
	HRESULT = "0x87d0027e";
	ProcessID = 2236;
	StatusCode = 401;
	ThreadID = 4204;
};
]LOG]!><time="16:48:32.887-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="event.cpp:729">
<![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="16:48:32.902-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="ccmhttperror.cpp:395">
<![LOG[Error sending DAV request. HTTP code 401, status 'Unauthorized']LOG]!><time="16:48:32.902-120" date="07-23-2012" component="DataTransferService" context="" type="3" thread="4204" file="util.cpp:629">
<![LOG[GetDirectoryList_HTTP('http://xxx.com:80/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1') failed with code 0x80070005.]LOG]!><time="16:48:32.902-120" date="07-23-2012" component="DataTransferService" context="" type="3" thread="4204" file="util.cpp:688">
<![LOG[Job {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} reverted impersonation.]LOG]!><time="16:48:32.902-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="4204" file="netaccessaccount.h:93">
<![LOG[DTSJob {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} in state 'Cancelled'.]LOG]!><time="16:48:33.011-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="dtsjob.h:157">
<![LOG[DTSJob {451ACA72-8FCC-4083-B7B5-C4C68D5E5786} cancelled by client.]LOG]!><time="16:48:33.011-120" date="07-23-2012" component="DataTransferService" context="" type="1" thread="5616" file="dtsjob.cpp:2771">

I already verified every single permissions, NAA is configured and has correct rights. I really don't understand what has changed...

any suggestion???

Thank you very much!

July 23rd, 2012 3:04pm

Check in IIS that SMS_DP_SMSPKG$ have Windows Authentication Enabled.
Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2012 3:20pm

 I would check IIS log files too.
July 23rd, 2012 3:21pm

SMS_DP_SMSPKG$ has Windows Authentication Enabled.

IIS Logs:

2012-07-23 15:10:08 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.79 ccmhttp 200 0 0 339
2012-07-23 15:11:38 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.52 ccmhttp 200 0 0 38
2012-07-23 15:11:38 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.52 ccmhttp 200 0 0 166
2012-07-23 15:11:38 10.28.80.98 PROPFIND /SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1 - 80 - 10.28.81.52 SMS+CCM+5.0 401 2 5 1
2012-07-23 15:11:39 10.28.80.98 PROPFIND /SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1 - 80 - 10.28.81.52 SMS+CCM+5.0 401 2 5 0
2012-07-23 15:11:39 10.28.80.98 PROPFIND /SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1 - 80 - 10.28.81.52 SMS+CCM+5.0 401 1 3221225581 11
2012-07-23 15:11:39 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.52 ccmhttp 200 0 0 384
2012-07-23 15:13:01 fe80::31df:ba5:7c1:caf6%11 GET /SMS_MP/.sms_aut MPLIST 80 - fe80::31df:ba5:7c1:caf6%11 SMS_MP_CONTROL_MANAGER 200 0 0 4
2012-07-23 15:13:11 10.28.80.98 CCM_POST /ccm_system_windowsauth/request - 80 - 10.29.73.101 ccmhttp 401 2 5 6
2012-07-23 15:14:01 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.82.72 ccmhttp 200 0 0 23
2012-07-23 15:15:40 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.52 ccmhttp 200 0 0 348
2012-07-23 15:15:55 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.28.81.79 ccmhttp 200 0 0 363
2012-07-23 15:16:12 10.28.80.98 CCM_POST /ccm_system/request - 80 - 10.29.73.101 ccmhttp 200 0 0 393
2012-07-23 15:17:06 10.28.80.98 CCM_POST /ccm_system_windowsauth/request - 80 - 10.28.81.79 ccmhttp 401 2 5 0

In "ContentTransferManager.log" i see that error:

<![LOG[Starting CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89}.]LOG]!><time="17:11:38.999-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5400" file="ctmjob.cpp:2980">
<![LOG[Created CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} for user S-1-5-18]LOG]!><time="17:11:39.030-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5400" file="ctmanager.cpp:487">
<![LOG[Created and Sent Location Request '{996973D0-911C-4929-BE9D-39CB4D759265}' for package Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c]LOG]!><time="17:11:39.092-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5332" file="ccmpkglocation.cpp:83">
<![LOG[CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA]LOG]!><time="17:11:39.092-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5332" file="ctmjob.cpp:1432">
<![LOG[Queued location request '{996973D0-911C-4929-BE9D-39CB4D759265}' for CTM job '{1C23F5FF-8ED3-43D2-91ED-169F82A24E89}'.]LOG]!><time="17:11:39.139-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5332" file="ctmjob.cpp:151">
<![LOG[Persisted locations for CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89}:
 (LOCAL) <a href="http://xxx.com/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1]LOG]!><time="17:11:39.452-120">http://xxx.com/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1]LOG]!><time="17:11:39.452-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5392" file="ctmjob.cpp:1894">
<![LOG[CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} (corresponding DTS job {D22196C4-A803-42F4-B4FD-6F5FA777A778}) started download from 'http://xxx.com/SMS_DP_SMSPKG$/Content_1173b7a8-9bbf-42cc-8b0f-abd1c3f3065c.1' for full content download.]LOG]!><time="17:11:39.514-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5392" file="ctmjob.cpp:413">
<![LOG[CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA]LOG]!><time="17:11:39.577-120" date="07-23-2012" component="ContentTransferManager" context="" type="1" thread="5188" file="ctmjob.cpp:1432">
<![LOG[CTM job {1C23F5FF-8ED3-43D2-91ED-169F82A24E89} encountered error 0x80070005 during download ('Error processing manifest.')- The error maps to denied access.]LOG]!><time="17:11:40.217-120" date="07-23-2012" component="ContentTransferManager" context="" type="3" thread="5400" file="ctmjob.cpp:2489">

Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2012 3:28pm

IIS error 401.2 Denied by server configuration

http://support.microsoft.com/kb/253667

July 23rd, 2012 3:57pm

Like i said SMS_DP_SMSPKG$ has Windows Authentication Enabled and that's the only authentication method configured for this virtual directory... i really don't understand where is the "access denied" comes from...

Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2012 4:16pm

For testing, my Network Access Account is local admin of SCCM server and domain admin.

Still getting same errors...

Last week, it was working...

If anyway have some ideas, i will test anything.

July 23rd, 2012 5:33pm

Oh another point: could someone confirm me that WebDAV is not used anymore in SCCM 2012?

Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2012 5:53pm

Webdav is not used any more in sccm 2012.

Sounds strange that it worked last week, no patching or other configuration has been made?

July 23rd, 2012 5:56pm

No change from what i know...

All errors seems to come from IIS. I have no errors in SCCM logs. Access denied with 0x80070005 error code or HTTP 401.2...

What do I need to verify?

Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2012 6:20pm

Webdav is not used any more in sccm 2012.

That could be a very mis-leading statement depending on exactly what you are talking about.

WebDAV, the HTTP extension, is absolutely used in ConfigMgr 2012; however, WebDAV the Windows server component is not used. Essentially, the implementation of the WebDAV HTTP extension was directly incorporated into the ConfigMgr roles requiring it without an dependancy on the Windows server component and thus no need to install it.

July 23rd, 2012 7:56pm

NAA is not used by clients unless they are untrusted so unless this is a workgroup system or one in an untrusted forest, it has nothing to do with the NAA.

Does this happen on all clients or just one?

Have you tried manually accesing the location listed in the log above via IE?

Free Windows Admin Tool Kit Click here and download it now
July 23rd, 2012 8:01pm

that's what I meant but expressed myself bad.
July 23rd, 2012 9:54pm

When I try to access the mentionned URL in IE from the client computer, I can see a link to the MSI file. When I click on the link, I get prompted for credentials. Is-it normal behavior?

(Im connected with a domain admin account on that computer, it-shouldn't prompt in my mind... and even if I type my admin credential, access is not granted...)

Free Windows Admin Tool Kit Click here and download it now
July 24th, 2012 6:26am

I have 2 primary sites on different networks. 1 is working fine with only Windows Authentication enabled, the other newly installed site had the same problem as you are experiencing: encountered error 0x80070005 during download ('Error processing manifest.')

Fixed the problem by enabling "Allow clients to connect anonymously" on the site in the ConfigMgr management console: Administration -> Distribution Points

If someone finds the root cause of this problem please post.

July 24th, 2012 8:46am

Is the DP remote from the site server?

Was it a clean OS install on the system hosting the DP?

How did you configure IIS?

Are there any group policies being applied to the system hosting the DP?

Have you disabled any anti-malware software on the system hosting the DP?

The above are all pretty generic questions. Know that this is not normal or standard behavior and you should not have to configure anything special to make this work which means something unique to your environment or configuration is probably causing it. Unless there's something that jumps out, I would recommend calling CSS as this is a very difficult issue to troubleshoot via the forums.

Free Windows Admin Tool Kit Click here and download it now
July 24th, 2012 1:41pm

No its a local DP on the primary site. Clean install of OS.

IIS has been configured with all SCCM 2012 prerequisites.

No specific GPO on the server.

I tried to deploy a DP on a new server and it works fine. So my concern is my primary site's DP.

I tried to uninstall the DP (deleted SCCMContentLib, SMSPKGE$ and SMSSIG$ folders) and reinstall it on the primary site but without success.

I know it's not easy to troubleshoot via a forum.

July 24th, 2012 5:26pm

Were you able to fix that Hammoudi? We're facing the same issue.
Free Windows Admin Tool Kit Click here and download it now
September 4th, 2012 10:26am

Have you tried applying the hotfix described in KB2522623 to your clients: http://support.microsoft.com/kb/2522623 ?
September 4th, 2012 1:11pm

Hi,

I think Ive got the same issue but Im trying to install software updates during build & capture. If anybodys found a solution please post!

I can work around the problem it by setting the SMS_DP_SMSPKG$ site to allow anonymous access while I get a Build and Capture (SCCM kindly sets it back to Windows Auth only in case I forget). With anonymous access allowed my build and capture runs just like Id expect but as soon as the site is back to Windows Auth I fail again.

My NAA is definitely correct and has domain and local admin rights. An oddity of my config is that my \SCCMContentLib folder is a separate LUN mounted in the \SCCMContentLib folder. Permissions are all correct as far as I can tell and software distribution works just fine once clients are installed so I dont expect this to be related to the problem but until I find the solution who knows

<![LOG[[CCMHTTP] ERROR: URL=http://sccmser.dom.local:80/SMS_DP_SMSPKG$/9b7126b2-ad31-49f0-afc9-6d87e22b7999, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="20:15:30.515-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3660" file="ccmhttperror.cpp:291">
 <![LOG[Raising event:
 
instance of CCM_CcmHttp_Status
 {
             ClientID = "GUID:EB59B772-9ED0-4F7F-B109-2B4EA1B38CF6";
             DateTime = "20120911191530.515000+000";
             HostName = "sccmser.dom.local";
             HRESULT = "0x87d0027e";
             ProcessID = 2932;
             StatusCode = 401;
             ThreadID = 3660;
 };
 ]LOG]!><time="20:15:30.515-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3660" file="event.cpp:729">
 <![LOG[DTSJob {FDF58917-1378-4A01-B7CC-7F2AC05616C8} in state 'Cancelled'.]LOG]!><time="20:15:30.531-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3644" file="dtsjob.h:157">
 <![LOG[DTSJob {FDF58917-1378-4A01-B7CC-7F2AC05616C8} cancelled by client.]LOG]!><time="20:15:30.531-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3644" file="dtsjob.cpp:2771">
 <![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="20:15:30.546-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3660" file="ccmhttperror.cpp:395">
 <![LOG[Error sending DAV request. HTTP code 401, status 'Unauthorized']LOG]!><time="20:15:30.546-60" date="09-11-2012" component="DataTransferService" context="" type="3" thread="3660" file="util.cpp:629">
 <![LOG[GetDirectoryList_HTTP('http://sccmser.dom.local:80/SMS_DP_SMSPKG$/9b7126b2-ad31-49f0-afc9-6d87e22b7999') failed with code 0x80070005.]LOG]!><time="20:15:30.546-60" date="09-11-2012" component="DataTransferService" context="" type="3" thread="3660" file="util.cpp:688">
 <![LOG[Job {0AECCD3D-8CFD-4F4A-B683-719300273900} reverted impersonation.]LOG]!><time="20:15:30.546-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="3660" file="netaccessaccount.h:93">
 <![LOG[DTSJob {0AECCD3D-8CFD-4F4A-B683-719300273900} in state 'Cancelled'.]LOG]!><time="20:15:30.562-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="2868" file="dtsjob.h:157">
 <![LOG[DTSJob {0AECCD3D-8CFD-4F4A-B683-719300273900} cancelled by client.]LOG]!><time="20:15:30.562-60" date="09-11-2012" component="DataTransferService" context="" type="1" thread="2868" file="dtsjob.cpp:2771">
 

Free Windows Admin Tool Kit Click here and download it now
September 11th, 2012 7:45pm

Are you installing the hotfix mentioned above to your build and capture?

http://blog.configmgrftw.com/?p=490

http://blog.configmgrftw.com/?p=505

September 12th, 2012 12:59am

I followed your advice and enabled "Allow clients to connect anonymously" on the DP. That resolved the issue for me as well.  I am now able to deploy OS\Apps via Task Sequence.

I have a support case open with Microsoft regarding this issue.

I'll post what i find out.

Free Windows Admin Tool Kit Click here and download it now
October 26th, 2012 8:10pm

Did you apply the hotfix mentioned in my below post to the client(s)?
October 27th, 2012 6:55pm

I have not applied the hotfix yet. Im currently waiting to hear back from Microsoft support. 
Free Windows Admin Tool Kit Click here and download it now
October 31st, 2012 4:33pm

It's a client side hotfix. Why not apply it and test it yourself on a client?
October 31st, 2012 7:10pm

We are right in the middle of a hardware refresh this week. Enabling the "Allow clients to connect anonymously" setting on the DP was just a workaround to stay on schedule.

Following the refresh I'll disable setting on the DP and install the hotfix.

Thanks,

Mike

Free Windows Admin Tool Kit Click here and download it now
October 31st, 2012 7:50pm

Jason I took your advice.

I disabled the "Allow clients to connect anonymously" setting on the DP and installed the hotfix... unfortunately it did not resolve the issue.

In the end MS support basically recommended enabling "Allow clients to connect anonymously" on the DP.

Is there any real risk in having that setting enabled?

Thanks,

Mike

November 6th, 2012 8:16pm

Webdav is not used any more in sccm 2012.

Sounds strange that it worked last week, no patching or other configuration has been made?


Is this actually correct. I was able to install SCCM properly without including this feature.
Free Windows Admin Tool Kit Click here and download it now
November 6th, 2012 8:22pm

Where did you install the hotfix? From the above text it sounds like you installed it on the DP which is incorrect since this is a client issue it should be installed on the clients.
November 7th, 2012 3:36am

Please re-read my answer about this above. The text of that statement is correct but the spirit of it is incorrect. The Windows Server WebDAV component is no longer used by ConfigMgr but WebDAV (which is merely an http protocol extension) is still used -- the product team simply chose to implement this extension themselves instead of using the server component. Thus the server component is not needed (and not listed as a pre-req) but that in no way implies or says that WebDAV is
Free Windows Admin Tool Kit Click here and download it now
November 7th, 2012 3:39am

The hotfix was installed on the client.

November 8th, 2012 2:35pm

It's a client side hotfix. Why not apply it and test it yourself on
Free Windows Admin Tool Kit Click here and download it now
November 8th, 2012 8:59pm

My environment had the same problem. The problem appears to be happening even before the OS is loaded. So hotfix option might not have helped.

1 . Enabled Anonymous access in the Default Web page - Worked for a day. But after refreshing the package same downloading content issue came back

2. Enabled Anonymous access in the SMS_DP_SMSPKG$ - Worked for sometiem. But after modifying a TS steps same downlading content issue came back

3. Finally - Allow clients to connect anonymously resolved this issue.

This is not the case in CM07.

As asked earlier not sure what are the risks involed in this. We are planning for installing DP in the DMZ with internet facing for IBCM clients. Not sure how this setting will affect. Planning to open a case with MS.



November 23rd, 2012 7:50pm

We too are seeing this issue.  The only fix was to enable "Allow clients to connect to anonymously".  The hotfix applied to our Gold Image did not resolve this issue. 
Free Windows Admin Tool Kit Click here and download it now
November 27th, 2012 3:13pm

Hi Matt

I also have this issue. As you said, The only fix was to enable "Allow clients to connect to anonymously". 

Is there a fix for this?

Troy

http://www.silentcrash.com/

  • Proposed as answer by InitechTech Thursday, January 24, 2013 6:18 PM
  • Unproposed as answer by InitechTech Thursday, January 24, 2013 6:18 PM
December 2nd, 2012 9:29am

Hey Not sure if someone found a solution to this. I had the same problem and what I found was that you need to set the Network Access Account and then it seems to work. It users this account to try and access the packages and it fails because nothing is supplied i guess. So try that out and let me know if works. It worked for me and i was getting the exact same logs as mentioned in this post. Use an account that has rights to the content, probally a admin account.

To set up the Network Access Account in SCCM 2012, go to the Administration pane, expand Site Operations and click on Sites

Then, right-click on the Site you want to set up the account for, and select Software Distribution"

Then, click on the Network Access Account tab and enter the details of an appropriate user account.

Free Windows Admin Tool Kit Click here and download it now
January 24th, 2013 6:26pm

Hi InitechTech, it seems you've had a different problem to the one on this thread. You hadn't finished configuring you site with the necessary credentials. The problem many of us have had is after we've completed configuration and in some case got everything working, the problem then occurs with no obvious config change. Regards Rob
January 24th, 2013 8:52pm

We too are seeing this issue.  The only fix was to enable "Allow clients to connect to anonymously".  The hotfix applied to our Gold Image did not resolve this issue. 

just had the same issue on a fresh server 2012 (used as secondary site server).

clients could not download packages until anonymous logon was enabled for SMSIG and SMSDPKG IIS folders.

Free Windows Admin Tool Kit Click here and download it now
April 10th, 2013 1:12pm

We too are seeing this issue.  The only fix was to enable "Allow clients to connect to anonymously".  The hotfix applied to our Gold Image did not resolve this issue. 

I'm also experiencing the same issue with patches not installing during OSD build and capture and the SMSTS.log showing ~100 lines of Update with CIID Site_{GUID}/SUM_{GUID} failed with hr = 0x80070005

The environment is 2012 SP1 CU1, Windows Server 2008 R2 SP1, and SQL 2008 R2 SP2 CU0.  IIS shows Windows Authentication on SMS_DP_SMSPKG$, I've validated the Network Access Account, and I've installed KB2522623 early in the build task sequence.

The only resolution thus far has been to enable "Allow clients to connect to anonymously".

June 29th, 2013 3:04am

Hi,

We had the same problem downloading content from untrusted forests too, and the hotfix resolved it for us.  Thanks!

One odd thing is that the clients that were in the same physical site had no issues, it was only clients across a WAN which had an problem downloading the content.

Free Windows Admin Tool Kit Click here and download it now
July 5th, 2013 2:26pm

Also fighting with this issue on Server 2012 platform. None of packages or apps are distributable. Site server has been recovered, after that the issue arised. In IIS, Windows Authorization is enable, and NAA account is set. I also cannot validate the content, it always fails on any package. Maybe it has something to do with it.
August 19th, 2013 2:28pm

Hi,

I would suggest enabling Windows Authentication in IIS on the distribution points that are being affected.

For example <![LOG[GetDirectoryList_HTTP('http://xxx.com:80

  • Open IIS Manager and navigate to the level you want to manage.

  • In Features View, double-click Authentication.

  • On the Authentication page, select Windows Authentication.

  • In the Actions pane, click Enable to use Windows authentication.

Jon

Free Windows Admin Tool Kit Click here and download it now
September 24th, 2013 9:38am

Hi all,

i have the same Situation with CM 2012 R2 CU1 and Server 2012. Worked since months without any Problem.

I confirmed that NAA is correct and IIS authentication is also correct. When i Switch on anonymous Access i can get all back to work but this cant be the solution. Was there ever a solution for this issue ?

thanks a lot

Oliver 

Free Windows Admin Tool Kit Click here and download it now
June 29th, 2014 7:49am

i have the same Situation with CM 2012 R2 CU1 and Server 2012. Worked since months without any Problem.


So the question is: what has changed?
June 30th, 2014 6:49am

the question is why is it not working even everything is correct configured . No changes made to the System and a second identical DP works fine. If i enable anonymous acces it works. So for me it looks like IIS is not responding to Windows authentication.


  • Edited by SoftD Monday, June 30, 2014 10:48 PM
Free Windows Admin Tool Kit Click here and download it now
June 30th, 2014 10:46pm

We too had the same problem with Configuration Manager 2012 R2 CU1 and 2012 Server.

When we select the "Allow clients to connect Anonymously" it's working fine and when we remove the check mark, it fails to authenticate. Re-installing IIS didn't work.

So worked with Bippen(MSFT) from development team and as a last step, deleted the SMSPKG$ and SMSSIG$ virtual directory from IIS. Then removed the Anonymous access check mark from the DP properties, which triggered a reconfigure of the DP and after that clients were able to connect without any problem. Not sure if this will work for others.

July 10th, 2014 11:17pm

Hi,

meanwhile i figured out what was the Problem for me. The reason was that i configured a SPN for my MBAM application pool account on that Server. It is not MBAM specific the problem is the http SPN for a user account.

After removing the MBAM role from this Server a deleting the SPN the problem was solved. A Post in the MBAM forum pointed my into the direction.

/Oliver 

Free Windows Admin Tool Kit Click here and download it now
July 11th, 2014 6:08am

Has been quite some time since you folk posted and discussed this issue, did you get to the bottom of it, if so can you post the solution I you can recall it, or mark one of these comments as the answer, or turn this thread into a discussion? Thanks!
August 25th, 2014 1:48pm

I can concur that on Windows Server 2008 R2, this is an OS bug (not SCCM).

I just got off the phone with MS, and had all Server 2008 R2 machines, in a separate AD Forest/Domain, would not connect.

We applied the hotfix in the KB article 2522623, and that fixed the issue.

This would be for all Windows 7 and Server 2008 R2 machines.

Cheers!
Ed

Free Windows Admin Tool Kit Click here and download it now
September 4th, 2014 5:25pm

Two years later and I find the same problem at a new customer; however, this time the KB2522623 hotfix DID resolve the problem.

Raphael Perez [MVP] wrote an article on this at http://myitforum.com/myitforumwp/2013/09/24/error-401-while-connecting-to-dp/ and the scenario matched my new situation exactly.  Notably, the Network Access Account was never even attempted, only the SYSTEM context which was confirmed on both the client logs and IIS logs.

If the KB does resolve your issue you'll need to plan for deploying it either via a scripted solution during the ConfigMgr client install or via a Distribution Point that is configured for Anonymous Access.  If you have issues with all of your DPs allowing Anonymous Access, consider setting up a DP with only content that needs Anonymous Access such as this KB.

July 6th, 2015 5:51pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics