Strange Socket and Winhttp Failures

I recently have been getting socket and winhttp failures in our task sequences. Its weird because it will keep retrying and eventually go through but later fail at some point just from so many retries. I can ping the FQDN of the MP and also nslookup to resolve dns so that seems to be ok. I check the Certs and those also seem ok just not sure where to start looking.

I attached my smsts.log

https://drive.google.com/file/d/0B_l67BLA36vyWUxMRG9uMWdwODQ/view?usp=sharing

July 29th, 2015 7:20am

Are you sure the certificate are all ok.

Can you make sure on the DP in under general tab that you have the valid certificate. Because the client and the MP are trying to talk together and no certificate are available "In SSL, but with no client cert". The only way to provide the PXE boot client with the certificate is to have it in the DP option can you validate it please.



If you are using a media and the cert as change you would need to remake the media.

Free Windows Admin Tool Kit Click here and download it now
July 29th, 2015 7:50am

Yes everything in the DP is setup properly and same with IIS from what I can tell.  Nothing has changed.  Also the cert is not expired.  I am using offline media and has worked in the past so not really sure what happened.

We did have some problems a couple days ago where we had to uninstall the MP and then reinstall it and I had to reimport the Cert to the DP.  does that create another thumbprint that I have to recreate the drives?

Its just weird that it eventually does go through.  It just seems to get that HTTP error a couple times before it does work.

Is there any way I can test to make sure the certs are good?

 
July 29th, 2015 8:13am

Did you remake the Media after the mp/dp rebuild ?

Because the error In SSL, but with no client cert mean that the WINPE doesnt have a certificate and the only way for him to get one is during the PXE boot using the value provided in the DP general tab or when building the media you can inject it into the media Ensure that Import PKI Certificate is selected this will be found in the security section of the media creation.

Maybe you where not using HTTPS before for the pxe boot part ?

Free Windows Admin Tool Kit Click here and download it now
July 29th, 2015 8:24am

See I always had it injected into the offline installer.  The cert never changed but I did do the MP rebuild.  So do I still need to remake the offline installers even know the cert is the same?

I am actually not using pxe so that wouldnt be affected

July 29th, 2015 8:28am

The certificate inside the installer is still valid?

If so just redo the media and test it.

If all of these are ok and you still get the error after did you change anything on the firewall side might be revocation list issue or something like this.The 

error: 80072ee2 = The operation timed out

Error: 8007274c = A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.


Free Windows Admin Tool Kit Click here and download it now
July 29th, 2015 8:35am

Socket and winhttp errors are indicative of transportation issues in the network layer. The network layer spans a lot of things so could be anything related to the network including the drivers on the server, a firewall, an application proxy, a network security device, a bad switch, a bad port, a bad NIC. There are many more possibilities also though.

Pinging only proves the path is these, it doesn't prove that sustained TCP application traffic will be successful. Also, nslookup does not prove anything about name resolution as it is a simple query to the dns servers. If you can successfully ping the MP by name, using nslookup adds zero additional value.

Are you perhaps hosting the MP (or DP) on VMWare as a guest VM?

 
July 29th, 2015 9:28am

Funny you say that I check with our VMWare admin he saw we were spiking the cpu and maxed out.  He gave the VM more cores and boom everything has been kicking off smooth this morning. Not sure what changed or why but for now its working.

Anything we need to watch out for running sccm on VMware?

Free Windows Admin Tool Kit Click here and download it now
July 29th, 2015 10:27am

I've seen lots of folks have issues with the vmxnet3 NICs. And of course simple resource over-subscription or under-assignment can also cause issues (as was hopefully the case here). The VMWare gang scheduler is also quite inefficient and could cause you issues depending upon how you've assigned resources to the VMs.
July 29th, 2015 10:38am

Thanks for the heads up, if I continue to see errors I will def let our Vmware admin know some of those things.
Free Windows Admin Tool Kit Click here and download it now
July 29th, 2015 1:34pm

When you see something like this in the log, what is happening is that the TS client tries to talk to the server using the WinHTTP library. When the WinHTTP library returns an error, the TS client will try to connect directly using WinSock.

In your case, the initial 'connect' fails. This is when the client sends a TCP connect packet and does not get back and ACK (and just times out after 20 seconds).

I can think of a few possible reaons.

1. The DNS returned the wrong host IP. The client ended-up talking to the wrong machine, and there is no service there.

2. The packets are getting lost.

3. The ISS service on the server is down.

For (2), you would need to do a network trace to see what is happening with your packets.

For (3), you need to look at the IIS logs. It could be that the service is getting reset.

<![LOG[Error. Received 0x80072ee2 from WinHttpSendRequest.]LOG]!><time="21:50:54.417+240" date="07-28-2015" component="TSMBootstrap" context="" type="1" thread="1944" file="libsmsmessaging.cpp:8870">
<![LOG[connect (sock, (struct sockaddr *) &SockAddrIn, sizeof (struct sockaddr_in)) == 0, HRESULT=8007274c (e:\qfe\nts\sms\framework\osdmessaging\libsmsmessaging.cpp,728)]LOG]!><time="21:51:15.426+240" date="07-28-2015" component="TSMBootstrap" context="" type="0" thread="1944" file="libsmsmessaging.cpp:728">
<![LOG[socket 'connect' failed; 8007274c]LOG]!><time="21:51:15.426+240" date="07-28-2015" component="TSMBootstrap" context="" type="3" thread="1944" file="libsmsmessaging.cpp:728">


July 29th, 2015 7:57pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics