Jump to content


  • 0
GopherRob

Deploying SCCM 2007 client using SUP?

Question

We recently installed a fresh SCCM 2007 site on our existing WSUS 3.0 SP1 server. To get SCCM to properly exist with WSUS, we also did a fresh install of WSUS 3.0 SP1 and cancelled at the config screen as instructed.

 

We don't want to disable the windows firewall or open a broad range of ports to install the new SCCM client, so we are having issues pushing the client. This caused me to look at deploying it through the SUP, but ever since performing the fresh install of WSUS on the SCCM server, client machines (with the old SMS 2003 client) are not commuticating with the WSUS portion of SCCM. On client machines I am seeing the following error messages in the Windowsupdate.log file.

 

2010-03-25 12:08:07:307 1164 780 PT WARNING: Cached cookie has expired or new PID is available

2010-03-25 12:08:07:307 1164 780 PT Initializing simple targeting cookie, clientId = 62cb241f-4ebb-4022-adb4-dae37fe97b7be, target group = , DNS name = testbox.domain.com

2010-03-25 12:08:07:307 1164 780 PT Server URL = http://WsusServerName/SimpleAuthWebService/SimpleAuth.asmx

2010-03-25 12:08:07:323 1164 780 PT WARNING: GetAuthorizationCookie failure, error = 0x80244019, soap client error = 10, soap error code = 0, HTTP status code = 404

2010-03-25 12:08:07:323 1164 780 PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80244019

2010-03-25 12:08:07:323 1164 780 PT WARNING: PopulateAuthCookies failed: 0x80244019

2010-03-25 12:08:07:323 1164 780 PT WARNING: RefreshCookie failed: 0x80244019

2010-03-25 12:08:07:323 1164 780 PT WARNING: RefreshPTState failed: 0x80244019

2010-03-25 12:08:07:323 1164 780 PT WARNING: PTError: 0x80244019

2010-03-25 12:08:07:323 1164 780 Report WARNING: Reporter failed to upload events with hr = 80244019.

 

I have changed our GPO for WSUS from http://WSUSServerName to http://WSUSServerName:8530 since port 8530 is what the SUP is configured to use, where our old WSUS was using 80.

 

Despite forcing a group policy update and running wuauclt.exe /detectnow, this error persists.

 

Any ideas and input would be appreciated, as we need to get the new sccm client out on the domain ASAP.

 

Thanks!

Share this post


Link to post
Share on other sites

Recommended Posts

  • 0

get rid of any wsus GPO's they will be handled by the SCCM site server hosting SUP,

open the required ports for SCCM traffic or things will not work, the clients need to talk to the server and vice versa

 

follow these posts to identify what to open.

 

http://technet.microsoft.com/en-us/library/bb632618.aspx

 

http://technet.microsoft.com/en-us/library/bb694088.aspx

Share this post


Link to post
Share on other sites

  • 0

get rid of any wsus GPO's they will be handled by the SCCM site server hosting SUP,

open the required ports for SCCM traffic or things will not work, the clients need to talk to the server and vice versa

 

follow these posts to identify what to open.

 

http://technet.microsoft.com/en-us/library/bb632618.aspx

 

http://technet.microsoft.com/en-us/library/bb694088.aspx

 

 

Allright. I disabled the old WSUS GPOs and opened the ports in the firewall that are needed. Hope this works.

 

On a side note, I also noticed that in IIS there is a "Default Website" as well as a "WSUS Administration WebSite". Should both of these be present? when I go to the default site in a browser at http://servername:80 it works and displays the general "IIS 7" page, but I get access denied when trying to go to http://servername:8530. Could this be the issue?

 

Under the "software update point" general tab, the port numbers are set to 8530 and 8531. Should those be changed to 80 and 443???

Share this post


Link to post
Share on other sites

  • 0

Ok, I did that and now it looks like the computer is looking towards microsoft updates to get updates. How do I get client machines to use the SUP?

 

I had the "Configure Automatic UPdates" specified to point to the server, but turned that off. Am I missing something here? The client machines don't have the SCCM 2007 client yet, so I am at a loss as to how they are pointed at the SUP to get the client and updates.

Share this post


Link to post
Share on other sites

  • 0

I changed the ports for the SUP in the general tab of the component config to 80 and 443 and it then causes the SMS_WSUS_CONFIGURATION_MANAGER to generate error ID 6600.

 

"SMS WSUS Configuration Manager failed to configure upstream server settings on WSUS Server "Servername".

Share this post


Link to post
Share on other sites

  • 0

the ports on the sup should be whatever you set wsus to during the wsus installation,

 

your clients will not get any windows updates from your sup until they have the ConfigMgr client installed and working properly with the SUP agent enabled

Share this post


Link to post
Share on other sites

  • 0

the ports on the sup should be whatever you set wsus to during the wsus installation,

 

your clients will not get any windows updates from your sup until they have the ConfigMgr client installed and working properly with the SUP agent enabled

And that's the problem, is getting the client out initially. Is that not possible to do with a software update point? Most of the machines have the old SMS 2003 client on them, but need to be upgraded and client push is not working, without taking the firewall down completely on XP client machines.

 

As for the WSUS install, I believe that was 8530 and 8531. Is it normal for there to be 2 websites as follows? I know Default Website always exists, but it seems to have alot of the SCCM related materials under it. That one is port 80 and 443, and the "WSUS Administration" site that I can't really browse is 8530 and 8531.

 

iiswsusserver.JPG

Share this post


Link to post
Share on other sites

  • 0

So I pointed the intranet location in the windows update GPO to the correct site, http://WSUSServerName:8530, and now it seems to see the site, but the install of the client fails.

 

2010-03-25 17:14:20:063 1188 2b4 Agent *************

2010-03-25 17:14:20:063 1188 2b4 Agent ** START ** Agent: Installing updates [CallerId = AutomaticUpdates]

2010-03-25 17:14:20:063 1188 2b4 Agent *********

2010-03-25 17:14:20:063 1188 2b4 Agent * Updates to install = 1

2010-03-25 17:14:20:063 1188 2b4 Agent * Title = Configuration Manager Client Installation

2010-03-25 17:14:20:063 1188 2b4 Agent * UpdateId = {A331D4C8-8BA4-4791-A35F-9FA475A7A0D4}.1

2010-03-25 17:14:22:734 1188 2b4 DnldMgr Preparing update for install, updateId = {A331D4C8-8BA4-4791-A35F-9FA475A7A0D4}.1.

2010-03-25 17:14:22:781 1444 12c Misc =========== Logging initialized (build: 7.4.7600.226, tz: -0400) ===========

2010-03-25 17:14:22:781 1444 12c Misc = Process: C:\WINDOWS\system32\wuauclt.exe

2010-03-25 17:14:22:781 1444 12c Misc = Module: C:\WINDOWS\system32\wuaueng.dll

2010-03-25 17:14:22:781 1444 12c Handler :::::::::::::

2010-03-25 17:14:22:781 1444 12c Handler :: START :: Handler: Command Line Install

2010-03-25 17:14:22:781 1444 12c Handler :::::::::

2010-03-25 17:14:22:781 1444 12c Handler : Updates to install = 1

2010-03-25 17:14:23:359 1444 12c Handler : WARNING: Command line install completed. Return code = 0x00000001, Result = Failed, Reboot required = false

2010-03-25 17:14:23:359 1444 12c Handler : WARNING: Exit code = 0x8024200B

2010-03-25 17:14:23:359 1444 12c Handler :::::::::

2010-03-25 17:14:23:359 1188 7c4 AU >>## RESUMED ## AU: Installing update [updateId = {A331D4C8-8BA4-4791-A35F-9FA475A7A0D4}]

2010-03-25 17:14:23:359 1444 12c Handler :: END :: Handler: Command Line Install

2010-03-25 17:14:23:359 1188 7c4 AU # WARNING: Install failed, error = 0x80070643 / 0x00000001

2010-03-25 17:14:23:359 1444 12c Handler :::::::::::::

Share this post


Link to post
Share on other sites

  • 0

After checking out the ccmsetup log, it gives me this. Notice the port numbers for CCMport are 80 and 443...I am thinking that is why it isn't installing, since originally I did not have the port numbers correct. How can that package be updated?

 

 

<![LOG[==========[ ccmsetup started in process 2872 ]==========]LOG]!><time="18:01:14.635+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:8849">

<![LOG[Version: 4.0.6221.1000]LOG]!><time="18:01:14.635+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:1907">

<![LOG[GetAdaptersAddressess entry point is supported.]LOG]!><time="18:01:14.651+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="ccmiputil.cpp:118">

<![LOG[DhcpGetOriginalSubnetMask entry point not supported.]LOG]!><time="18:01:14.651+240" date="03-25-2010" component="ccmsetup" context="" type="2" thread="3096" file="ccmiputil.cpp:169">

<![LOG[Adapter {08232EFD-60A5-4CBF-BD26-615B9EC29DC9} is DHCP enabled. Checking quarantine status.]LOG]!><time="18:01:14.651+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="ccmiputil.cpp:509">

<![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="18:01:14.760+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="lsad.cpp:457">

<![LOG[Attempting to query AD for assigned site code]LOG]!><time="18:01:14.760+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="lsad.cpp:1766">

<![LOG[Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=169871576)(MSSMSRangedIPHigh>=169871576))))]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="lsad.cpp:1801">

<![LOG[Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.32.8.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="lsad.cpp:1862">

<![LOG[Command line: "C:\WINDOWS\SoftwareDistribution\Download\Install\ccmsetup.exe" ]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:3941">

<![LOG[Ccmsetup was run without any user parameters specified. Assume AUTO sitecode and run without registering ccmsetup as a service.]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:3959">

<![LOG[CCMHTTPPORT: 80]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:7847">

<![LOG[CCMHTTPSPORT: 443]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:7862">

<![LOG[CCMHTTPSSTATE: 2147483648]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:7880">

<![LOG[CCMHTTPSCERTNAME: ]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:7908">

<![LOG[FSP: ]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:7923">

<![LOG[No MP or source location has been explicitly specified. Trying to discover a valid content location...]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:4271">

<![LOG[Current directory is not a valid source location.]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:4288">

<![LOG[Looking for an MP source through SLP...]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:4303">

<![LOG[iPv6 entry points already initialized.]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="ccmiputil.cpp:75">

<![LOG[DHCP entry points already initialized.]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="ccmiputil.cpp:139">

<![LOG[Adapter {08232EFD-60A5-4CBF-BD26-615B9EC29DC9} is DHCP enabled. Checking quarantine status.]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="ccmiputil.cpp:509">

<![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="lsad.cpp:457">

<![LOG[Attempting to query AD for assigned site code]LOG]!><time="18:01:15.057+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="lsad.cpp:1766">

<![LOG[Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=169871576)(MSSMSRangedIPHigh>=169871576))))]LOG]!><time="18:01:15.073+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="lsad.cpp:1801">

<![LOG[Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.32.8.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))]LOG]!><time="18:01:15.073+240" date="03-25-2010" component="ccmsetup" context="" type="0" thread="3096" file="lsad.cpp:1862">

<![LOG[Couldn't find an MP source through SLP.]LOG]!><time="18:01:15.073+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:4315">

<![LOG[No valid source or MP locations could be indentified to download content from.Ccmsetup.exe cannot continue.]LOG]!><time="18:01:15.073+240" date="03-25-2010" component="ccmsetup" context="" type="3" thread="3096" file="ccmsetup.cpp:4326">

<![LOG[invalid ccmsetup command line: "C:\WINDOWS\SoftwareDistribution\Download\Install\ccmsetup.exe" ]LOG]!><time="18:01:15.073+240" date="03-25-2010" component="ccmsetup" context="" type="3" thread="3096" file="ccmsetup.cpp:4405">

<![LOG[A Fallback Status Point has not been specified. Message with STATEID='100' will not be sent.]LOG]!><time="18:01:15.073+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:9169">

<![LOG[A Fallback Status Point has not been specified. Message with STATEID='307' will not be sent.]LOG]!><time="18:01:15.073+240" date="03-25-2010" component="ccmsetup" context="" type="1" thread="3096" file="ccmsetup.cpp:9169">

Share this post


Link to post
Share on other sites

  • 0

go into your Site settings, Component Configuration, Software Update Point, what is it set to there ?

 

also why use this method to deploy the client ?

 

have your researched the following links ?

 

Configuring Configuration Manager Client Deployment

 

How to Configure the Configuration Manager Client Push Installation Account

Specifies how to configure the account used during Client Push if you are using this method of client deployment.

 

How to Configure Request Ports for the Configuration Manager Client

Specifies how to configure the ports used by clients to communicate with the site.

 

How to Provision Configuration Manager Client Installation Properties using Group Policy

Specifies how to provision client computers with installation properties using Windows Group Policy.

 

 

How to Prevent the Configuration Manager Client Software from Being Installed on Specific Computers

Specifies how to prevent the Configuration Manager 2007 client being installed on computers you identify that should not have the client software installed.

 

How to Configure the Configuration Manager Computer Client Agent

Specifies how to configure general settings for all client computers in your Configuration Manager 2007 site.

Share this post


Link to post
Share on other sites

  • 0

go into your Site settings, Component Configuration, Software Update Point, what is it set to there ?

 

also why use this method to deploy the client ?

 

have your researched the following links ?

 

Configuring Configuration Manager Client Deployment

 

How to Configure the Configuration Manager Client Push Installation Account

Specifies how to configure the account used during Client Push if you are using this method of client deployment.

 

How to Configure Request Ports for the Configuration Manager Client

Specifies how to configure the ports used by clients to communicate with the site.

 

How to Provision Configuration Manager Client Installation Properties using Group Policy

Specifies how to provision client computers with installation properties using Windows Group Policy.

 

 

How to Prevent the Configuration Manager Client Software from Being Installed on Specific Computers

Specifies how to prevent the Configuration Manager 2007 client being installed on computers you identify that should not have the client software installed.

 

How to Configure the Configuration Manager Computer Client Agent

Specifies how to configure general settings for all client computers in your Configuration Manager 2007 site.

 

I think I have hit all of those pages along the way except for the one about configuring ports. As for configuring the SCCM client install policies via Group policy, I didn't think that was necessary since we already extended the AD schema. I thought since that was done, we didn't need to use a the template, but I haven't seen where else I could specify the installation settings.

 

What other methods would you advise for deploying the client? I tried client push, but could only get it to work by disabling the firewall on client machines, which is not an option for us. That is why we are attempting to use the SUP method, which I think we are close to getting working, except for I made some port changes and the WSUS component completely stopped working last night, so I am reinstalling that now, using the default website, which I think may have been an issue initially, because I chose custom and then had the incorrect ports. Hoping this sorts it out, but we'll see.

 

As a side note, it is beyond ridiculous that client push won't work without taking the firewall down on clients.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...



×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.