I have a SCCM 2007 SP2 R3 server running on a Windows 2008 R2 Standard (SP1). The Database in on different server running SQL 2008 R2 on Windows 2008 R2. The SCCM server is generating errors 5480 and 5438. In troubleshooting these errors. 1. I have found that the groups SiteSystemToSQLConnection and SMS_SiteSystemToSQLConnection do not exist on the DBMS server. However, they do exist on the SCCM server. 2. The account used by the Management Point can access the Database. 3. The SQL server is running as an AD account that has the right to set its own SPN and it has done so. 4. The role SMS Management Point Role msdbrole_MP exists but will a different name. This seems to point to an issue with IIS. Therefore, my question is how do I verify IIS is configured correctly? SMS_MP_CONTROL_MANAGER Error 5480 MP Control Manager detected DMP is not responding to HTTP requests. The http status code and text is 404, Not Found. Possible cause: DMP encountered an error when connecting to SQL Server. Solution: Verify that the SQL server is properly configured to allow Device Management Point access. If using a standard SQL security account, verify that the SQL Server is configured to allow standard SQL Security; or configure the Device Management Point to use an NT integrated security account, with appropriate access. If using integrated security, verify the account used by the DMP to connect to the SQL server is a member of the SMS_SiteSystemToSQLConnection_<sitecode> group on the SQL server, that the account is not locked out, and that the account password is not expired. (In standard security, the default account is SMS_SQL_RX_<sitecode>.) Possible cause: The SQL server Service Principal Names (SPNs) are not registered correctly in Active Directory Solution: Ensure SQL server SPNs are correctly registered. Review Q829868. Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which SMS is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which SMS is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. Possible cause: The SMS ISAPI Application Identity does not have the requisite logon privileges. Solution: Verify that the account that the SMS ISAPI is configured to run under has not been denied batch logon rights through group policy. For more information, refer to Microsoft Knowledge Base article 838891. SMS_MP_CONTROL_MANAGER Error 5438 MP Control Manager detected management point is not responding to HTTP requests. The HTTP status code and text is 404, Not Found. Possible cause: Management point encountered an error when connecting to SQL Server. Solution: Verify that the SQL server is properly configured to allow Management Point access. Verify that management point computer account or the Management Point Database Connection Account is a member of SMS Management Point Role (msdbrole_MP) in the SQL Server database. Possible cause: The SQL Server Service Principal Names (SPNs) are not registered correctly in Active Directory Solution: Ensure SQL server SPNs are correctly registered. Review Q829868. Possible cause: Internet Information Services (IIS) isn't configured to listen on the ports over which SMS is configured to communicate. Solution: Verify that the designated Web Site is configured to use the same ports which SMS is configured to use. Possible cause: The designated Web Site is disabled in IIS. Solution: Verify that the designated Web Site is enabled, and functioning properly. Possible cause: The SMS ISAPI Application Identity does not have the requisite logon privileges. Solution: Verify that the account that the SMS ISAPI is configured to run under has not been denied batch logon rights through group policy. For more information, refer to Microsoft Knowledge Base article 838891.

Is this a new install, or has it suddenly stopped working? Have you tried reinstalling IIS? Cheers, Adrian.

Hello - I would suggest you to go through the below article. How to Configure Windows Server 2008 for Site Systems http://technet.microsoft.com/en-us/library/cc431377.aspx Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

The SCCM server has had this problem from the beginning. I have tried uninstalling and reinstalling IIS, the problem remained unchanged. IIS is configured as described in http://technet.microsoft.com/en-us/library/cc431377.aspx I do not know if this is an issue, this server also runs the below roles. ConfigMgr out of band service point ConfigMgr component server ConfigMgr device management point ConfigMgr distribution point ConfigMgr fallback status point ConfigMgr management point ConfigMgr reporting point ConfigMgr site server ConfigMgr site system ConfigMgr software update point

It looks like I did the IIS reinstall incorrectly. After reinstalling IIS correctly, everything is working except the Software Update Point. The Software Update Point was always generating Message ID 7000, SMS WSUS Configuration Manager failed to configure proxy settings on WSUS Server "servername". After enabling SSL, I get a lot of Message ID 7000 and 7003 SMS WSUS Configuration Manager failed to monitor WSUS Server "servername". WSUS has its own Web Site using ports 8530 and 8531. Based on what I found in the WSUSCtrl.log, I think this a certificate issue. Nevertheless, the certificate is valid. Does anyone have an idea? In the WSUSCtrl.log log I found this: Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.0.6000.273, Major Version = 0x30000, Minor Version = 0x17700111~ $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.062 2011 Central Daylight Time><thread=2820 (0xB04)> Found WSUS Admin dll of assembly version Microsoft.UpdateServices.Administration, Version=3.1.6001.1, Major Version = 0x30001, Minor Version = 0x17710001~ $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.062 2011 Central Daylight Time><thread=2820 (0xB04)> The installed WSUS build has the valid and supported WSUS Administration DLL assembly version (3.1.7600.226)~ $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.062 2011 Central Daylight Time><thread=2820 (0xB04)> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~ at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)~~ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)~~ at System.Net.TlsStream.CallProcessAuthentication(Object state)~~ at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)~~ at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)~~ at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.ConnectStream.WriteHeaders(Boolean async)~~ --- End of inner exception stack trace ---~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.078 2011 Central Daylight Time><thread=2820 (0xB04)> STATMSG: ID=7000 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONTROL_MANAGER" SYS=servername SITE=ABC PID=1540 TID=2820 GMTDATE=Thu Apr 21 00:06:16.078 2011 ISTR0="servername" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.078 2011 Central Daylight Time><thread=2820 (0xB04)> Failed to set WSUS Local Configuration. Will retry configuration in 1 minutes~ $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.078 2011 Central Daylight Time><thread=2820 (0xB04)> System.Net.WebException: The underlying connection was closed: Could not establish trust relationship for the SSL/TLS secure channel. ---> System.Security.Authentication.AuthenticationException: The remote certificate is invalid according to the validation procedure.~~ at System.Net.Security.SslState.StartSendAuthResetSignal(ProtocolToken message, AsyncProtocolRequest asyncRequest, Exception exception)~~ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ProcessReceivedBlob(Byte[] buffer, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReadFrame(Byte[] buffer, Int32 readBytes, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartReceiveBlob(Byte[] buffer, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.CheckCompletionBeforeNextReceive(ProtocolToken message, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.StartSendBlob(Byte[] incoming, Int32 count, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ForceAuthentication(Boolean receiveFirst, Byte[] buffer, AsyncProtocolRequest asyncRequest)~~ at System.Net.Security.SslState.ProcessAuthentication(LazyAsyncResult lazyResult)~~ at System.Net.TlsStream.CallProcessAuthentication(Object state)~~ at System.Threading.ExecutionContext.Run(ExecutionContext executionContext, ContextCallback callback, Object state)~~ at System.Net.TlsStream.ProcessAuthentication(LazyAsyncResult result)~~ at System.Net.TlsStream.Write(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.PooledStream.Write(Byte[] buffer, Int32 offset, Int32 size)~~ at System.Net.ConnectStream.WriteHeaders(Boolean async)~~ --- End of inner exception stack trace ---~~ at Microsoft.UpdateServices.Administration.AdminProxy.CreateUpdateServer(Object[] args)~~ at Microsoft.UpdateServices.Administration.AdminProxy.GetUpdateServer()~~ at Microsoft.SystemsManagementServer.WSUS.WSUSServer.ConnectToWSUSServer(String ServerName, Boolean UseSSL, Int32 PortNumber) $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.093 2011 Central Daylight Time><thread=2820 (0xB04)> STATMSG: ID=7003 SEV=E LEV=M SOURCE="SMS Server" COMP="SMS_WSUS_CONTROL_MANAGER" SYS=servername SITE=ABC PID=1540 TID=2820 GMTDATE=Thu Apr 21 00:06:16.093 2011 ISTR0="servername" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.093 2011 Central Daylight Time><thread=2820 (0xB04)> Failures reported during periodic health check by the WSUS Server servername. Will retry check in 1 minutes~ $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.093 2011 Central Daylight Time><thread=2820 (0xB04)> ~Waiting for changes for 1 minutes $$<SMS_WSUS_CONTROL_MANAGER><Wed Apr 20 19:06:16.109 2011 Central Daylight Time><thread=2820 (0xB04)>

Is the SUP(WSUS) installed on a separate server or is it on the primary itself? "netsh winhttp show proxy" might also help. Torsten Meringer | http://www.mssccmfaq.de

SUP is installed on the primary server, currently the only SCCM server. The netsh command returns Direct access (no proxy server). I am not sure how it should be configured.

Did you try to re install SUP?Anoop C Nair - This posting is provided "AS IS" with no warranties or guarantees, and confers no rights. |Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.

The original issue with errors 5480 and 5438 is resolved.

it will be nice if you can tell how you got it resolved?---Packie

The original issue with errors 5480 and 5438 is resolved. I second Patrick's statement. "Resolved" does not help others which might run into the same issue. So update this thread with details please.Torsten Meringer | http://www.mssccmfaq.de