SCCM 5.00.9068.1000 - Clients not detecting a distribution point for software install

Robert Meany 1 Reputation point
2022-04-26T19:18:48.777+00:00

Out of the blue as of this week, our clients are unable to install application packages. They see the software as required for install in the software center, but wait constantly for a distribution point to advertise that it has the software available for download.

This is a single-site SCCM deployment with only one distribution point. Boundaries are setup such that all clients connect to this distribution point, and I do allow fallback to default distribution point group if none are available, which also includes this same distribution point... This has worked fine for years until just now.

I tried removing content and re-distributing it, which did not work. I've tried disabling content validation (as well as performing manual validation) which passes. I do not see any errors being reported in component status.

I'd include log files, but not sure which ones are best to help diagnose this. On the client end, the ccmexec.log files show a bunch of "GetAppGroupAssignment failed with (0x86d00215)" which just implies it is not getting a reply from a distribution point.

Trying to think of what may have changed recently and the only two things I can think of are:

  1. I added an active directory site in prep for hosting a cloud-based domain controller. I did add this site to the boundary group. None of our clients would fall under this site anyway.
  2. This server is setup to automatically run windows updates. So a recent windows update could have potentially done something?

Would appreciate some assistance with this. Let me know what else you need. Thanks.

Microsoft Security | Intune | Configuration Manager | Application
Microsoft Security | Intune | Configuration Manager | Other
0 comments No comments
{count} votes

2 answers

Sort by: Most helpful
  1. AllenLiu-MSFT 49,316 Reputation points Microsoft External Staff
    2022-04-27T02:44:24.437+00:00

    Hi, @Robert Meany

    Thank you for posting in Microsoft Q&A forum.

    We may start from checking the distmgr.log on the Site server.
    The SCCM server log files are located in DRIVE-Letter:\Program Files\Microsoft Configuration Manager\Logs.


    If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
    Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.


  2. Robert Meany 1 Reputation point
    2022-04-27T15:55:53.503+00:00

    It is looking like it was one of two things.. Unfortunately I did both things at once, so I am not sure which actually fixed it..

    1. I noticed that IIS did not have basic/windows/digest/forms authentication features enabled. Perhaps a recent windows update uninstalled them? After enabling the features and rebooting, I noted that the SMS_DP_SMSPKG$ site had windows authentication 'enabled' as an option. That said, I do have my DP configured to allow anonymous access in SCCM.
    2. I was reading about using subnets as boundaries being a potential issue. I had configured all our local networks to be in our boundary group (10.0.0.0/8) .. In the past this wasn't a problem. The recommendation was to change this to an IP address range, which I did.

    I'm inclined to think item #1 was the problem, because the boundary group was never an issue in the past, but who knows...


Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.