ConfigMgr Console Cannot Connect To The Site
Background:
I was recently working with a customer that kept getting running into an issue after installing the ConfigMgr 2012 R2 console where it would fail to connect to the site with the following error.
This is obviously pretty generic error there could be many things. In my case, we where seeing some error in the SMSAdminUI.log as well as shown below.
[1, PID:4764][09/03/2014 15:01:12] :The performance counter '# images' was not found
[5, PID:4764][09/03/2014 15:01:18] :The performance counter '# result objects in memory' was not found
[5, PID:4764][09/03/2014 15:01:18] :The performance counter '# exceptions' was not found
Possible Fixes:
I’ve seen a few other post mention running a performance counter reset using LODCTR /R would fix this issue: https://thewindowsadmin.com/?p=56 & https://social.technet.microsoft.com/Forums/en-US/a224764a-8a41-40c5-baa8-3c6e8c40fd80/configuration-manager-cannot-connect-to-the-configuration-manager-site?forum=configmanagergeneral
In my case, we tried this and it did not resolve this issue. It was actually happening on multiple machines so I figured it wasn’t a performance counter issue.
After some troubleshooting we took a look at the Antivirus logs (MacAfee) in our case.
In the AccessProtection.txt log, we saw the following entries.
9/3/2014 4:07:36 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ConfigMgr 2012 Console\Performance Common Maximum Protection:Prevent programs registering as a service Action blocked : Create
9/3/2014 4:07:36 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ConfigMgr 2012 Console Common Maximum Protection:Prevent programs registering as a service Action blocked : Create
9/3/2014 4:07:39 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ConfigMgr 2012 Console - WMI Query Engine\Performance Common Maximum Protection:Prevent programs registering as a service Action blocked : Create
9/3/2014 4:07:39 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\windows\Microsoft.NET\Framework\v4.0.30319\InstallUtil.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ConfigMgr 2012 Console - WMI Query Engine Common Maximum Protection:Prevent programs registering as a service Action blocked : Create
9/3/2014 4:07:43 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ConfigMgr 2012 Console - WMI Query Engine\Performance Common Maximum Protection:Prevent programs registering as a service Action blocked : Create
9/3/2014 4:07:43 PM Blocked by Access Protection rule NT AUTHORITY\SYSTEM C:\windows\Microsoft.NET\Framework64\v4.0.30319\InstallUtil.exe \REGISTRY\MACHINE\SYSTEM\ControlSet001\services\ConfigMgr 2012 Console - WMI Query Engine Common Maximum Protection:Prevent programs registering as a service Action blocked : Create
The customer had a rule enabled to prevent programs from registering as a service. Apparently, during the installation of the console a .NET 4 component is used to register some services.
We added these machines into a staging group that didn’t block anything and the console installed and could connect just fine.