Client failed to register with WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED

ISSUE

Client failed to register with WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED

LOGS

You can see similar exceptions in CcmMessaging.log, ClientLocation.log, LocationServices.log

[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
[CCMHTTP] AsyncCallback(): WINHTTP_CALLBACK_STATUS_SECURE_FAILURE Encountered
[CCMHTTP]                : dwStatusInformationLength is 4
[CCMHTTP]                : *lpvStatusInformation is 0x1
[CCMHTTP]            : WINHTTP_CALLBACK_STATUS_FLAG_CERT_REV_FAILED is set
[CCMHTTP] AsyncCallback(): -----------------------------------------------------------------
Failed in WinHttpSendRequest API, ErrorCode = 0x2f8f

In ClientIDManagerStartup.log:

ClientIDManagerStartup    8080 (0x1f90)    [RegTask] - Executing registration task synchronously.
ClientIDManagerStartup    8080 (0x1f90)    RegTask: Failed to refresh MP. Error: 0x80004005

REASON

Site server requires “Clients check the certificate revocation list (CRL) for site systems” but the client computer failed to visit the CRL URL link.

SOLUTION

Either you uncheck “Clients check the certificate revocation list (CRL) for site systems” or fix the CRL URL link which the client should be able to access.

Dedicated SQL Server instance prerequisite check failed

ISSUE

Configuration Manager prerequisite refuses to pass due to Dedicated SQL Server instance prerequisite check failure.

Configuration Manager Prereq    4332 (0x10ec)    INFO: Checking for to see if SQL instance SITEDB.LAB.LOCAL\ is used by another SCCM installation.
Configuration Manager Prereq    4332 (0x10ec)    ERROR: SQL instance SITEDB.LAB.LOCAL\ is used by another SCCM installation.
Configuration Manager Prereq    4332 (0x10ec)    PSSITE.LAB.LOCAL;    Dedicated SQL Server instance;    Error;    Configuration Manager requires a dedicated SQL Server instance to host its site database.

Configuration Manager requires a dedicated SQL Server instance to host its site database. You selected a SQL Server instance that hosts the site database for another Configuration Manager site. Select a different SQL Server instance for this new site to use, or resolve the conflict by uninstalling the other site or moving its database to a different SQL Server instance.

REASON

You can come across this issue if you are using a server for sql server which had once been used for Configuration Manager.

This is usually caused by two reasons:

• Remnants in registry: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]
• Stale Configuration Manager entries in the master.sys.service_broker_endpoints table

Solution

• Delete [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS]
• Remove the stale entries in master.sys.service_broker_endpoints: DROP ENDPOINT [Endpoint-Name-Like-ConfigMgrEndpoint];

References

• https://docs.microsoft.com/en-us/mem/configmgr/core/servers/deploy/install/list-of-prerequisite-checks#dedicated-sql-server-instance

Uninstallation of Asset Intelligence synchronization point role failed with “Child process exited with non-zero code 102”

ISSUE

Uninstallation of Asset Intelligence synchronization point role failed

LOGS

sitecomp.log:

SMS_SITE_COMPONENT_MANAGER    24880 (0x6130)            Starting service SMS_SERVER_BOOTSTRAP_SGKOMTASCCM01 for executing files with command-line arguments "CN1 D:\Program Files\Microsoft Configuration Manager /deinstall D:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe AIUS "...
SMS_SITE_COMPONENT_MANAGER    24880 (0x6130)              Execution of "D:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /deinstall /siteserver:CONTOSO.LAB.COM" on server CONTOSO.LAB.COM failed: Child process exited with non-zero code 102.
SMS_SITE_COMPONENT_MANAGER    24880 (0x6130)              "D:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /deinstall /siteserver:CONTOSO.LAB.COM" executed successfully on server CONTOSO.LAB.COM.
SMS_SITE_COMPONENT_MANAGER    24880 (0x6130)            Deinstalled service SMS_SERVER_BOOTSTRAP_SGKOMTASCCM01.
SMS_SITE_COMPONENT_MANAGER    24880 (0x6130)          Bootstrap operations aborted.
SMS_SITE_COMPONENT_MANAGER    24880 (0x6130)        Deinstallation failed and will be retried in the next polling cycle.

AIUSSetup.log:

AIUS Setup Started....
Parameters: D:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /deinstall /siteserver:SGKOMTASCCM01 AIUS 0
Deinstalling the AIUS
Enabling MSI logging.  AIUS.msi will log to D:\Program Files\Microsoft Configuration Manager\logs\AIUSMSI.log
Deinstalling AIUS, with product code {AB6BADC1-FF52-49E0-B878-66ED86767F43}
AIUS deinstall exited with return code: 1612
Backing up D:\Program Files\Microsoft Configuration Manager\logs\AIUSMSI.log to D:\Program Files\Microsoft Configuration Manager\logs\AIUSMSI.log.LastError
Removing AIUS Registry.

AIUSMSI.log: This log contains key information “Source is invalid due to invalid package code (product code doesn’t match).“. That is to say there is something wrong with the product to uninstall.

 ******* Product: {AB6BADC1-FF52-49E0-B878-66ED86767F43}
 MSI (s)    144 (0x90)    SOURCEMGMT: Media enabled only if package is safe.
 MSI (s)    144 (0x90)    SOURCEMGMT: Looking for sourcelist for product {AB6BADC1-FF52-49E0-B878-66ED86767F43}
 MSI (s)    144 (0x90)    SOURCEMGMT: Adding {AB6BADC1-FF52-49E0-B878-66ED86767F43}; to potential sourcelist list (pcode;disk;relpath).
 MSI (s)    144 (0x90)    SOURCEMGMT: Now checking product {AB6BADC1-FF52-49E0-B878-66ED86767F43}
 MSI (s)    144 (0x90)    SOURCEMGMT: Media is enabled for product.
 MSI (s)    144 (0x90)    SOURCEMGMT: Attempting to use LastUsedSource from source list.
 MSI (s)    144 (0x90)    SOURCEMGMT: Trying source D:\Program Files\Microsoft Configuration Manager\bin\x64\.
 MSI (s)    144 (0x90)    SOURCEMGMT: Source is invalid due to invalid package code (product code doesn't match).
 MSI (s)    144 (0x90)    Note: 1: 1706 2: -2147483646 3: aius.msi
 MSI (s)    144 (0x90)    SOURCEMGMT: Processing net source list.
 MSI (s)    144 (0x90)    Note: 1: 1706 2: -2147483647 3: aius.msi
 MSI (s)    144 (0x90)    SOURCEMGMT: Source is invalid due to missing/inaccessible package.
 MSI (s)    144 (0x90)    Note: 1: 1706 2: -2147483647 3: aius.msi
 MSI (s)    144 (0x90)    SOURCEMGMT: Processing URL source list.
 MSI (s)    144 (0x90)    Note: 1: 1402 2: UNKNOWN\URL 3: 2
 MSI (s)    144 (0x90)    Note: 1: 1706 2: -2147483647 3: aius.msi
 MSI (s)    144 (0x90)    Note: 1: 1706 2:  3: aius.msi
 MSI (s)    144 (0x90)    SOURCEMGMT: Failed to resolve source
 MSI (c)    72 (0x48)    MainEngineThread is returning 1612

ANALYSIS

Verify the product installed on the role point server.

Open PowerShell as Admin and run:

New-PSDrive -PSProvider registry -Root HKEY_CLASSES_ROOT -Name HKCR
Get-ChildItem "Registry::HKCR\Installer\Products" | Where-Object{$_.GetValue("ProductName") -Match "Asset"}

Here is what we got. There are two entries exactly the same returned while only one entry is expected!

SOLUTION

The SCCM version is 2111. So we deleted the first entry from the registry which is undesired in this scenario. After that, the role got uninstalled successfully.

SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)        Deinstalling component AI_UPDATE_SERVICE_POINT...
SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)          Already deinstalled.
SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)            Installed service SMS_SERVER_BOOTSTRAP_SGKOMTASCCM01.
SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)            Starting service SMS_SERVER_BOOTSTRAP_SGKOMTASCCM01 for executing files with command-line arguments "CN1 D:\Program Files\Microsoft Configuration Manager /deinstall D:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe AIUS "...
SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)              "D:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /deinstall /siteserver:CONTOSO.LAB.COM" executed successfully on server CONTOSO.LAB.COM.
SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)            Bootstrap operation successful.
SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)            Deinstalled service SMS_SERVER_BOOTSTRAP_SGKOMTASCCM01.
SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)          Bootstrap operations completed.
SMS_SITE_COMPONENT_MANAGER    29504 (0x7340)        Deinstallation successful.

Windows Server 2012 R2 Standard with TPM 2.0 – Client certificate shows None with error “Failed to set ACL to key, 0x80090029″

ISSUE

Windows Server 2012 R2 Standard with TPM 2.0 – Client certificate shows None

Started since SCCM upgraded from 2103 to SCCM 2111

Actions tab has only two actions

LOG

CertificateMaintenance    2576 (0xa10)    The primary key is not found from provider Microsoft Platform Crypto Provider
CertificateMaintenance    2576 (0xa10)    Primary key not found in the key storage. Will create the key and the certs.
CertificateMaintenance    2576 (0xa10)    Deleted key ConfigMgrPrimaryKey from provider Microsoft Software Key Storage Provider
CertificateMaintenance    2576 (0xa10)    Failed to set ACL to key, 0x80090029
CertificateMaintenance    2576 (0xa10)    CCMDoCertificateMaintenance() failed (0x80090029).

REASON

This originates from a change to SCCM since 2107:

“Configuration Manager uses self-signed certificates for client identity and to help protect communication between the client and site systems. When you update the site and clients to version 2107, the client stores its certificate from the site in a hardware-bound key storage provider (KSP). This KSP is typically the trusted platform module (TPM) at least version 2.0. The certificate is also marked non-exportable.

If the client also has a PKI-based certificate, it continues to use that certificate for TLS HTTPS communication. It uses its self-signed certificate for signing messages with the site.”

Refer to – https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/whats-new-in-version-2107#clients-store-configuration-manager-self-signed-certificates-in-hardware-tpm

As confirmed with Microsoft, this is an issue with Windows Server 2012 R2. Windows Server 2016 does not have such an issue. Microsoft is not planning to make any changes to Windows Server 2012 R2.

Note that this happens also to Windows 8.1.

Solution

Force client computer to use Software KSP by adding one registry entry: 

HKLM\Software\Microsoft\CCM\DWORD:UseSoftwareKSP=1

References

• https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/whats-new-in-version-2107#clients-store-configuration-manager-self-signed-certificates-in-hardware-tpm
• Certificate issue since 2107
• https://www.windows-noob.com/forums/topic/22779-win-81-failed-to-get-certificate-since-2107-upgrade/

SCCM client installation fails with 0x800713ec on Windows Server 2012 R2

ISSUE

SCCM client installation fails with 0x800713ec on Windows Server 2012 R2

LOGS

ccmsetup    5836 (0x16cc)    C:\Windows\ccmsetup\NDP462-KB3151800-x86-x64-AllOS-ENU.exe is Microsoft trusted.
ccmsetup    5836 (0x16cc)    Installing file 'C:\Windows\ccmsetup\NDP462-KB3151800-x86-x64-AllOS-ENU.exe' with options '/q /norestart /log %windir%\ccmsetup\logs\dotNetFx462_Setup.log'.
ccmsetup    5836 (0x16cc)    File 'C:\Windows\ccmsetup\NDP462-KB3151800-x86-x64-AllOS-ENU.exe' returned failure exit code 5100. Fail the installation.
ccmsetup    5836 (0x16cc)    InstallFromManifest failed 0x800713ec

You will find dotNetFx462_Setup.log.html in C:\Windows\ccmsetup\logs directory. That file contains the following:

Installation Blockers:
The update corresponding to KB2919355 needs to be installed before you can install this product on Windows 8.1 or Windows Server 2012 R2.

Final Result: Installation failed with error code: (0x000013EC), "A StopBlock was hit or a System Requirement was not met." (Elapsed time: 0 00:00:07).
OS Version = 6.3.9600, SP = 0.0, Platform 2
OS Description = Win2k12R2 - x64 Standard Edition
MSI = 5.0.9600.16384
Windows servicing = 6.3.9600.16384
CommandLine = C:\336d1103f15f1c70bedda0b3\\Setup.exe /q /norestart /log C:\Windows\ccmsetup\logs\dotNetFx462_Setup.log /x86 /x64 /redist
Using Simultaneous Download and Install mechanism
Operation: Installing
Package Name = Microsoft .NET Framework 4.6.2 Setup
Package Version = 4.6.01590
User Experience Data Collection Policy: Disabled
Logging all the global blocks

You will just need to follow the instructions. General install instructions:

1. To start the download, click the Download button and then do one of the following, or select another language from Change Language and then click Change.
   • Click Run to start the installation immediately.
   • Click Save to copy the download to your computer for installation at a later time.
2. These KB’s must be installed in the following order: clearcompressionflag.exe, KB2919355, KB2932046, KB2959977, KB2937592, KB2938439, and KB2934018.
3. KB2919442 is a prerequisite for Windows Server 2012 R2 Update and should be installed before attempting to install KB2919355

References

• https://support.microsoft.com/en-us/topic/windows-rt-8-1-windows-8-1-and-windows-server-2012-r2-update-april-2014-3c9d820b-7079-359d-8660-21de648fa31d

SCCM Agent has only two actions after installation with “CCMVerifyMsgSignature failed”

ISSUE

ConfigMgr Agent has only two actions in Actions tab after installation

• Machine Policy Retrieval & Evaluation Cycle
• User Policy Retrieval & Evaluation Cycle

CCM Notification Agent component is also in Disabled state.

LOGS

CertificateMaintenance.log:

CertificateMaintenance    800 (0x320)    Failed to verify signature of message received from MP using name 'contosomp01.lab.com'
CertificateMaintenance    800 (0x320)    Failed to verify signature of message received from MP using name 'contosomp02.lab.com'

ClentIDManagerStartup.log:

ClientIDManagerStartup    800 (0x320)    RegTask: Failed to refresh site code. Error: 0x8000ffff

LocationServices.log

LocationServices    800 (0x320)    Signature verification using hash algorithm 32772 failed with 0x80090006.
LocationServices    800 (0x320)    CCMVerifyMsgSignature failed.
LocationServices    800 (0x320)    Failed to verify received message 0x80090006
LocationServices    800 (0x320)    CCMVerify failed with 0x80090006
LocationServices    800 (0x320)    Failed to verify message. Could not retrieve certificate from MPCERT.
LocationServices    800 (0x320)    MPCERT requests are throttled for 00:00:00

There was no CcmNotificationAgent.log.

PolicyAgent.log shows nothing helpful but the following:

PolicyAgent_RequestAssignments    2284 (0x8ec)    PolicyEvaluatorSystemTask::Execute, szEvent = PreShutdown
PolicyAgent_RequestAssignments    2284 (0x8ec)    Processing PreShutdown event

ANALYSIS

I had a hunch that it should have something to do with certificates of management points the client computer received because the LocationServices.log implied that the messages coming from the management points could not be verified. It was obviously that the client computer failed to decrypt the messages from the management points.

To get management points information in WMI on the client computer, I ran the following PowerShell queries.

-- This query returned complete information about the management points
Get-WmiObject -Namespace "ROOT\ccm\LocationServices" -Class SMS_MPInformation 

-- This query returned empty
Get-WmiObject -Namespace "ROOT\ccm\LocationServices" -Class SMS_MPInformationEx

-- This query returned complete information about the management points
Get-WmiObject -Namespace "ROOT\ccm\LocationServices" -Class SMS_MPList

-- This query returned empty
Get-WmiObject -Namespace "ROOT\ccm\LocationServices" -Class SMS_MPListEx

As you can see, the client computer failed to fill the WMI class instances of SMS_MPInformationEx and SMS_MPListEx. This behaviour corresponded to the error messages in LocationServices.log.

The AD publishing status in \Administration\Overview\Hierarchy Configuration\Active Directory Forests also shows Success. However, while verifying the System Container in AD, I was told that there was much obsolete information about some management points and sites that had been deleted, as the customer put it. That caught my attention in that those obsolete information should have been deleted and disappeared since the old management points and sites did not exist in the environment any longer.

I suggested them to delete all the entries in System Container and restart SMS_EXECUTIVE service of the primary site. But the publishing failed due to insufficient permissions. It was found that the publishing account used in SCCM for AD publishing has only “This object only” permission which was not enough. I changed it to “This object and all descendant objects“. Bingo, the issue was gone and the client computer ended up showing online in SCCM console.

SOLUTION

1. Delete all the entries in System Container
2. Make sure that the publishing account used in SCCM for AD publishing has “This object and all descendant objects” permission to System Container
3. Restart SMS_EXECUTIVE service of the primary site

References

• https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/schema-extensions

Client deployment cannot be fulfilled since use of metered network is not allowed

Though not commonly seen, you may run into SMS Agent Host client installation failure on metered network. ccmsetup.log shows messages like the following.

03-25-2022 12:33:56.196    ccmsetup    8828 (0x227c)    Client deployment cannot be fulfilled since use of metered network is not allowed.
03-25-2022 12:33:56.196    ccmsetup    8828 (0x227c)    Failed to parse 'C:\WINDOWS\ccmsetup\ccmsetup.exe /ignoreskipupgrade /config:MobileClient.tcf         /RetryWinTask:9' with error 0x87d00227

0x87d00227 means functionality disabled.

Error Code:	0x87D00227 (2278556199)
Error Name:	CCM_E_DISABLED
Error Source:	Configuration Manager
Error Message:	Functionality disabled

This happened because “Client communication on metered internet connections” in Metered Internet Connections in Client settings is set to Block.

When the device is on a metered internet connection, the Configuration Manager client doesn’t try to communicate with the site. This option is the default.

Metered Internet Connections

SOLUTION

Set “Client communication on metered internet connections” to Allow in Metered Internet Connections in Client settings

If you are using manual installation method, you can also add /AllowMetered to workaround this issue.

When you allow client communication on a metered network for ccmsetup, it downloads the content, registers with the site, and downloads the initial policy. Any further client communication follows the configuration of the client setting from that policy. 

AllowMetered

You may also think of disabling metered internet connection settings for client network adapters, but that can be difficult in an enterprise environment where policies are applied strictly. To disable metered internet connection, refer to –

https://support.microsoft.com/en-us/windows/metered-connections-in-windows-7b33928f-a144-b265-97b6-f2e95a87c408

References

• https://docs.microsoft.com/en-us/mem/configmgr/core/clients/deploy/about-client-settings#metered-internet-connections
• https://docs.microsoft.com/en-us/mem/configmgr/core/clients/deploy/about-client-installation-properties#allowmetered

SCCM client always reports to old site and management point after client installation

ISSUE

SCCM client always reports to old site and management point after client installation

The background is the I was doing a migration and was moving clients from the old sccm to their new sccm. I adopted manual sccm client installation.

In the very beginning, I used the following command to install sccm client –

ccmsetup.exe /mp:newsccm.contoso.lab /forceinstall FSP=newsccm.contoso.lab SMSMP=newsccm.contoso.lab SMSSITECODE=CON

But the client still reported to the old site. The reason is that the previous trusted key of the client still points to the one coming from the old site. This situation may occur when you move a client from one site hierarchy to another.  Thus, to update the trusted root key, I added the switch RESETKEYINFORMATION=TRUE to the ccmsetup.exe command –

cmsetup.exe /mp:newsccm.contoso.lab /forceinstall FSP=newsccm.contoso.lab SMSMP=newsccm.contoso.lab SMSSITECODE=CON RESETKEYINFORMATION=TRUE

However, the client still reports the old site. Th site code still shows OOE instead of CON and the assignment management point the old one instead of the assigned one in the command.

LOGS

LocationServices.log says a group policy updated the assigned site code to OOE, which is the old sccm site code.

01-28-2022 13:45:57.930    LocationServices    3632 (0xe30)    LSRefreshSiteCode: Group Policy Updated the assigned site code <OOE>, which is different than the existing assigned site code <>. Will attempt re-assignment.
01-28-2022 13:45:57.992    LocationServices    3632 (0xe30)    Sending Fallback Status Point message, STATEID='500'.
01-28-2022 13:45:58.195    LocationServices    3632 (0xe30)    Processing GroupPolicy site assignment.
01-28-2022 13:45:58.195    LocationServices    3632 (0xe30)    Assigning to site 'VN1'
01-28-2022 13:45:58.195    LocationServices    3632 (0xe30)    LSIsSiteCompatible : Verifying Site Compatibility for <OOE>
01-28-2022 13:45:58.211    LocationServices    4104 (0x1008)    Failed to execute task 'LSSiteRoleCycleTask'. Error 0x80004005
01-28-2022 13:45:58.211    LocationServices    4104 (0x1008)    CSiteRoleCycleTask::Execute failed (0x80004005).

The resultant group policy retrieved by running gpresult /h c:\res.html has no group policies about assigning site code. After a moment of struggling, I found it related to a registry value in the following path –

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client: GPRequestedSiteAssignmentCode

SOLUTION

Delete the registry value and reinstall sccm client.

reg delete "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SMS\Mobile Client" /v GPRequestedSiteAssignmentCode /f
ccmsetup.exe /mp:newsccm.contoso.lab /forceinstall FSP=newsccm.contoso.lab SMSMP=newsccm.contoso.lab SMSSITECODE=CON RESETKEYINFORMATION=TRUE

After that, the issue was gone.

References

• https://docs.microsoft.com/en-us/mem/configmgr/core/clients/deploy/about-client-installation-properties#resetkeyinformation
• https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/security/plan-for-security#the-trusted-root-key

SCCM client installation failed with error 0x87d0027e

Issue

Client installation failed with error 0x87d0027e

Errors

08-17-2021 16:32:01.277 ccmsetup 14136 (0x3738) [CCMHTTP] ERROR: URL=HTTP://contoso.com/CCM_Client, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
08-17-2021 16:32:01.277 ccmsetup 14136 (0x3738) [CCMHTTP] ERROR INFO: StatusCode=405 StatusText=Method Not Allowed
08-17-2021 16:32:01.278 ccmsetup 14136 (0x3738) GetDirectoryList failed with a non-recoverable failure, 0x87d0027e
08-17-2021 16:32:01.278 ccmsetup 14136 (0x3738) Failed to get directory list from 'HTTP://contoso.com/CCM_Client'. Error 0x87d0027e
08-17-2021 16:32:01.278 ccmsetup 14136 (0x3738) Failed to correctly receive a WEBDAV HTTP request.. (StatusCode at WinHttpQueryHeaders: 405) and StatusText: 'Method Not Allowed'
08-17-2021 16:32:01.278 ccmsetup 14136 (0x3738) Failed to check url HTTP://contoso.com/CCM_Client/ccmsetup.cab. Error 0x80004005
08-17-2021 16:32:01.278 ccmsetup 14136 (0x3738) Accessing the URL 'HTTP://contoso.com/CCM_Client/ccmsetup.cab' failed with 80004005

Solution

Install with ccmsetup.exe from the ClientUpgrade directory on the primary site server

Management point role installation fails on the primary site with “Child process exited with non-zero code 102”

Issue

Management point role installation fails on the primary site with “Child process exited with non-zero code 102”

09-27-2021 11:02:01.440    SMS_SITE_COMPONENT_MANAGER    23296 (0x5b00)            Starting service SMS_SERVER_BOOTSTRAP_WXSCCM with command-line arguments "WX1 C:\Program Files\Microsoft Configuration Manager /install C:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe SMSMP "...
09-27-2021 11:02:08.489    SMS_SITE_COMPONENT_MANAGER    23296 (0x5b00)              Execution of "C:\Program Files\Microsoft Configuration Manager\bin\x64\rolesetup.exe /install /siteserver:WXSCCM.HYNIX-CN.COM" on server WXSCCM.HYNIX-CN.COM failed: Child process exited with non-zero code 102.

Analysis

Reviewing the mpMSI.log, I found the following:

09-27-2021 11:02:06.791    Action start    CcmValidateCustomWebSite.
09-27-2021 11:02:06.791    [11:02:06] Found 3 web site(s).
09-27-2021 11:02:06.791    [11:02:06] WARNING: Could not find site with name 'SMSWeb'
09-27-2021 11:02:06.791    [11:02:06] @@ERR:25001
09-27-2021 11:02:06.864    MSI (s)    192 (0xc0)    Product: ConfigMgr Management Point -- Error 25001. Setup failed due to unexpected circumstances
09-27-2021 11:02:06.864    The error code is 87D00215
09-27-2021 11:02:06.864    
09-27-2021 11:02:06.864    Error 25001. Setup failed due to unexpected circumstances
09-27-2021 11:02:06.864    The error code is 87D00215
09-27-2021 11:02:06.864    CustomAction CcmValidateCustomWebSite returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)

87D00215 refers to –

Error Code: 0x87D00215 (2278556181)
Error Name: CCM_E_ITEMNOTFOUND
Error Source: Configuration Manager
Error Message: Item not found

Solution

The customer does not have any custom site. So, the solution is:

1. Go to \Administration\Overview\Site Configuration\Sites
2. Select the target site, then Properties
3. Go to the tab Ports
4. Uncheck Use custom web site
5. The roles will get reinstalled accordingly

References

• https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/network/websites-for-site-system-servers#choosing-to-use-custom-websites