SCCM MP is not working properly, unable to get to http://server/SMS_MP/.sms_aut?MPLIST

Chris 221 Reputation points
2021-08-31T16:18:46.337+00:00

I started noticing this when our computers were no longer able to PXE boot so I check SMSPXE.log and found several errors, but reinstalling PXE and WDS did not resolve the error. I then moved onto the MP which is our SCCM Primary server and also has SQL installed on it. Our setup is 1 SCCM Primary server and 4 DPs. Everything is installed on the Primary server as far as WSUS and SQL go and it is also the MP, SUP, and reporting server and all that.

I am unable to get to below sites:
http://servername/SMS_MP/.sms_aut?MPLIST
http://servername/SMS_MP/.SMS_AUT?MPCERT

They both show the same error, unauthorized with error code: 0x80070005 so I am leaning towards some kind of permissions issue, but this SCCM setup has been running without issue since 2017 so this is not some new MP and the permissions have not been changed to my knowledge.
I am running CongiMgr v2010.

127936-6.jpg

Below are the errors I am receiving in the MPCONTROL.LOG file (servername omitted):

128013-7.jpg

Here is error from ConfigMgr > Monitoring > System Status > Site Status and the management point error, remember the sql server is on the MP:
128003-3.jpg

Someone mentioned to make sure the websites in IIS were not using port 80 and only the default website is using port 80 and that is how it is setup. We only have the default website using port 80 and 443 and then WSUS site using 8530 and 8531

127950-5.jpg

I have the IIS logs open, but I'm honestly not sure what I'm looking for as I do not see much description like you would see in an SCCM log..

127959-8.jpg

Hoping someone can assist and give me some advice on where I should look for permissions issues or what exactly I should look for in IIS, maybe it is a certificate that is out of date, but which certificate should I be looking at? I see a certificate issued to my primary server issued by "SMS Issuing" that expired 8/12/2021 located in Certificates - Local Computer > SMS > Certificates but I'm not sure how that cert gets re-issued because there are several expired certs issued by "SMS Issuing" and I am not issuing them.

Let me know if you need any additional information to assist, I tried to provide a good picture of what I am facing.

Microsoft Configuration Manager
0 comments No comments
{count} votes

Accepted answer
  1. Chris 221 Reputation points
    2021-09-03T20:17:09.463+00:00

    Thank you. I check my SMS_CCM folder and the SMS_MP within and I cannot get the MP to function properly with IUSR only having list folder contents or even full control.
    As soon as I give Everyone read permissions to SMS_CCM and all subfolders it starts working and I can get to MPCERT and MPLIST and the below error in mpcontrol.log goes away. Other than having read access for Everyone on SMS_CCM, my permissions are identical to yours.

    129190-10.jpg


1 additional answer

Sort by: Most helpful
  1. Amandayou-MSFT 11,051 Reputation points
    2021-09-01T07:53:17.857+00:00

    Hi @Chris ,

    According to the information, the error status error 500 shows that there seems something wring with MP server. Please check ccmisapi.log to see if there is error in this log, it records client messaging activity on the endpoint.

    Besides, here is the similar post, we could refer to it:
    https://social.technet.microsoft.com/Forums/ie/en-US/66f3f171-0303-4007-b8b0-9a78a43e165a/solution-call-to-httpsendrequestsync-failed-for-port-80-with-status-code-500-text-internal?forum=ConfigMgrDeployment


    If the response is helpful, please click "Accept Answer" and upvote it.
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.