SMS 2003 security templates, MP functionality

  • Article

I was troubleshooting a problem with a MP today.  I ran the MP Troubleshooter - Pre-Install and everything applicable passed.  I had already installed SQL 2005 SP2 Standard, running under the context of a domain user account, sms_sql_user (nothing fancy, just a domain user).  I manually set both FQDN and NetBIOS SQL SPNs on the user account and all other MP prerequisites were met.  I installed the MP (on the site server) and there were no errors in the setup log.  Great, right?

I ran the MP Troubleshooter - Post-Install and there were two similar errors: "Failed to query web site: https:// sms2003:80/SMS_MP/.sms_aut?MPLIST (Exception: The remote server returned an error: (401) Unauthorized.)"

C:\Windows\System32\LogFiles\W3SVC1\ex070712.log contained multiple lines similar to the following:
2007-07-12 18:03:20 W3SVC1 192.168.100.52 GET /SMS_MP/.sms_aut MPCERT 80 - 192.168.100.52 - 401 1 0

HTTP Error 401.1 - Unauthorized: Access is denied due to invalid credentials.

I was able to successfully query the SLP (e.g., https://sms2003/sms_slp/slp.dll?site&ad=Default-First-Site) so I knew IIS was functioning ok.

Manually attempting the MP query (e.g., https://sms2003/sms_mp/.sms_aut?MPLIST) returned the error: "Internet Explorer cannot download .sms_aut?MPLIST from localhost. Internet Explorer was not able to open this Internet site.  The requested site is either unavailable or cannot be found.  Please try again later."

I assumed it had something to do with the fact that SQL was running under the context of a domain user account and not the local system account, so that consumed most of my troubleshooting effort.  Just as I was ready to wipe and reload, it occurred to me that I was using the customer's server image which may have a security template applied.  Upon further investigation, it had a custom template based upon the high-security template.  D'oh!

I applied C:\Program Files\SMS 2003 Toolkit 2\Security Template\HighSecurity_SMSServer.inf and all was well.

Disclaimer: The information on this site is provided "AS IS" with no warranties, confers no rights, and is not supported by the authors or Microsoft Corporation. Use of included script samples are subject to the terms specified in the Terms of Use .