Welcome  |  Sign In
Skip Navigation Links
System Center Configuration Manager TechCenter
Click to Rate and Give Feedback
TechNet
TechNet Library
Systems Management
System Center
 Troubleshooting Management Point Co...
Troubleshooting Management Point Communication
[Topics referencing Configuration Manager 2007 R2 are pre-release documentation and are subject to change in future releases.]

Topic last updated—March 2008

The following are potential issues with Configuration Manager 2007 Management point site systems which provide client computers with installation prerequisites, client installation source files, configuration details, advertisements, and software distribution package source file locations. Additionally, management points receive inventory data, software metering information, and status and state messages from clients. If clients cannot access or communicate properly with a management point, they will be unmanaged.

Note
Regardless of the number of management point site system roles installed on site systems within a site, clients will only communicate with either the default management point (intranet clients) or their assigned management point (Internet-based clients).

Important
You must download, install, and configure WebDAV manually on management points running Windows Server 2008. For more information, see How to Configure Windows Server 2008 for Site System Roles.

For successful client computer installation and management, clients must be able to connect to the default or assigned management point computer.

Solution

To verify that a client can access the management point, use the Web browser installed on the client to connect to the management point list intranet address and verify that the list of installed management points for the site is displayed.

  • For mixed mode clients, use the following: http://<ServerName>/sms_mp/.sms_aut?mplist, where <ServerName> is the NetBIOS name for the management point computer.
  • For intranet-based, native mode clients, use the following: https://<ServerName>/sms_mp/.sms_aut?mplist, where <ServerName> is the FQDN for the management point computer if one has been specified in the site system properties or the short name if an FQDN has not been specified.
  • For Internet-based clients, use the following: https://<ServerName>/sms_mp/.sms_aut?mplist, where <ServerName> is the FQDN for the Internet-based management point computer.
    Important
    If a site is configured to use a custom Web site, the custom port must also be used, as in the following example: http://<ServerName>:<port>/sms_mp/.sms_aut?mplist.

For successful client computer installation and management, Configuration Manager 2007 clients must trust the management point computer. When clients communicate with a management point, the management point certificate is verified by clients to establish the trustworthiness of data sent by the site system to clients.

Note
In mixed mode sites, a management point signing certificate is created and signed by the site's trusted root key to enable clients to trust the management point site system. In native mode sites, the Web server signing certificate installed on the management point and signed by a Certificate Authority trusted by clients is used.

Solution

To verify that a client can view the management point certificate, connect to the management point certificate address and verify that the management point certificate information (a long list of numbers and letters) is displayed.

  • For mixed mode clients, use the following: http://<ServerName>/sms_mp/.sms_aut?mpcert, where <ServerName> is the NetBIOS name for the management point computer.
  • For intranet-based, native mode clients, use the following: https://<ServerName>/sms_mp/.sms_aut?mpcert, where <ServerName> is the FQDN for the management point computer if one has been specified in the site system properties or the short name if an FQDN has not been specified.
  • For Internet-based clients, use the following: https://<ServerName>/sms_mp/.sms_aut?mpcert, where <ServerName> is the FQDN for the Internet-based management point computer.
    Important
    If a site is configured to use a custom Web site, the custom port must also be used, as in the following example: http://<ServerName>:<port>/sms_mp/.sms_aut?mpcert.

When troubleshooting management point connectivity for sites configured to operate in native mode using the MPLIST and MPCERT management point communication troubleshooting Web addresses, you receive a Microsoft Internet Explorer error similar to the following:

  • Internet Explorer cannot download .sms_aut?/mplist from <management point name>
  • Internet Explorer was not able to open this Internet site. The requested site is either unavailable or cannot be found. Please try again later

Solution

Native mode client-to-server communication must be authenticated using computer PKI certificates. Therefore, a computer certificate trusted by the management point computer must be configured in the client's Web browser to authenticate communication with the management point when troubleshooting management point communication using the MPLIST and MPCERT management point communication troubleshooting Web addresses.

The following procedures can be used to import a computer certificate into the client computer Web browser if it is using Internet Explorer:

  • Export the client certificate.
  • Import the client certificate into the client computer's Internet Explorer personal certificate store.

To export the native mode client certificate from computers running Windows Vista

  1. Log in to the Windows Vista native mode client computer used to test management point communication as a local administrator, click Start, type MMC into the Search box, and then press Enter.

  2. In the empty console, click File, and then click Add/Remove Snap-in.

  3. In the Add/Remove Snap-in dialog box, select Certificates, and then click Add.

  4. On the Certificates snap-in page, select Computer account, and then click Next.

  5. On the Select Computer dialog box, ensure the option Local computer: (the computer this console is running on) is selected, and then click Finish.

  6. Click OK to close the Add Standalone Snap-in dialog box.

  7. In the console, double-click Certificates (Local Computer) and then expand Personal.

  8. Right-click the native mode computer certificate, click All Tasks, and then click Export to launch the Certificate Export Wizard.

  9. On the Certificate Export Wizard Welcome page, click Next.

  10. On the Export Private Key page, select Yes, export the private key, and then click Next.

    Note
    If this option is not available, the certificate has been created without the option to export the private key. In this scenario, you cannot export the certificate in the required format.

  11. On the Password page, specify a strong password to protect the exported certificate with its private key, and then click Next.

  12. On the Export File Format page, ensure that the following option is selected: Personal Information Exchange - PKCS #12 (.PFX).

  13. On the File to Export page, specify the name of the file that you want to export, and then click Next.

  14. Click Finish in the Certificate Export Wizard dialog box to close the wizard.

To export the native mode client certificate from computers running Windows XP Professional, or Windows Server 2003

  1. Log in to the Windows XP Professional or Windows Server 2003 native mode client computer used to test management point communication as a local administrator, click Start, click Run, type MMC in the Run dialog box, and then click OK.

  2. In the empty console, click File, and then click Add/Remove Snap-in.

  3. In the Add or Remove Snap-ins dialog box, click Add.

  4. Select Certificates from Available snap-ins, and then click Add.

  5. In the Certificates snap-in dialog box, click Computer account, and then click Next.

  6. In the Select Computer dialog box, ensure that the option Local computer: (the computer this console is running on) is selected, and then click Finish.

  7. In the Add or Remove Snap-ins dialog box, click OK.

  8. In the console, expand Certificates (Local Computer), expand Personal, and then click Certificates.

  9. Right-click the native mode computer certificate, click All Tasks, and then click Export to launch the Certificate Export Wizard.

  10. In the Certificate Export Wizard, click Next.

  11. On the Export Private Key page, select Yes, export the private key, and then click Next.

    Note
    If this option is not available, the certificate has been created without the option to export the private key. In this scenario, you cannot export the certificate in the required format.

  12. On the Password page, specify a strong password to protect the exported certificate with its private key, and then click Next.

  13. On the Export File Format page, ensure that the following option is selected: Personal Information Exchange - PKCS #12 (.PFX).

  14. On the File to Export page, specify the name of the file you want to export, and then click Next.

  15. Click OK in the Certificate Export Wizard dialog box to close the wizard.

To import the client computer certificate into the Internet Explorer personal Certificate Store

  1. On the native mode client computer that you will use to test management point communication using the exported certificate, open a new Internet Explorer browser window.

  2. On the Internet Explorer toolbar, click Tools, click Internet Options, and then click the Content tab.

  3. On the Content tab, click Certificates.

  4. With the Personal tab of the Certificates dialog selected, click Import.

  5. Click Next on the Certificate Import Wizard Welcome page.

  6. On the File to Import page, click Browse and select the certificate exported in the preceding procedure. and then click Next.

    Note
    To display the exported certificate, click the file extension drop-down list and select Personal Information Exchange (*.pfx,*.p12).

  7. Enter the password specified for the certificate when it was exported, and then click Next.

  8. On the Certificate Store page, accept the default location to store the certificate (Personal certificate store), and then click Next.

  9. Click Finish to close the Certificate Import Wizard.

  10. Click OK on the import confirmation dialog.

  11. Close all open dialog boxes and the Internet Explorer browser window.


© 2008 Microsoft Corporation. All rights reserved. Terms of Use  |  Trademarks  |  Privacy Statement
Page view tracker