SCCM – IBCM – MP control down -ERROR: Cannot access the destination inbox path- server.com\SMS_PVI\inboxes\auth\ddm.box, Win32 Error = 71
please help to sort issue, we facing issue with IBCM server.
we using ssl certificate 443- on sccm primary server – IBCM MP status down.
with error code -ERROR: Cannot access the destination inbox path \server.comSMS_PVIinboxesauthddm.box, Win32 Error = 71.
we checked Mpcontrol logs- status okay – 443 with 200 status okay.
also verfied – digicert – able to telnet 443 / certicate vaildate upto 2021.
binding also okay.
but when im checking default IIS – browse – http80/ 443 – getting
Opps page not accessible.
also tried open web.config – getting error –
HTTP Error 404.8 – Not Found
The request filtering module is configured to deny a path in the URL that contains a hiddenSegment section.
please suggest & help.
Answers ( 13 )
Are you able to open the default website, ideally the public DNS name of the IBCM server from the internet connected machine ?
Are you able to telnet to public DNS of IBCM server from internet connected machine on port 80 and 443 ?
Do you have any reverse proxy like F5 in between from internet connected machine and your IBCM server ? If so hope you have all the required ports opened and config done on F5 too
on F5 configuration is depends on SSL bridging or Tunneling methods
I think you need to check all these aspects additionally on IIS there are some specific settings :
ENUSRE SMS_MP, SMS_DP_PKG$ AND CCM_CLIENT ARE CONFIGURED FOR “REQUIRE SSL” AND FURTHER CONFIGURED TO “ACCEPT”. THE WORKING CAN BE CHECKED BY BROWSING THE VIRTUAL DIRECTORIES BY CLICKING “BROWSE:443 (HTTPS)
Ensure SMS_MP, SMS_DP_PKG$ and CCM_CLIENT are configured for “REQUIRE SSL” and further configured to “ACCEPT”.
This can be checked by browsing the virtual directoies by clicking “BROWSE:443” (HTTPS)
when open default site – http80- getting message Opps! page can not accessible
where we bind ssl certifcate – https443 – there also opps page can not accessible
but from open internet cross checked – telnet 443 & nslookup happen resolving public dns – where we netted
for which virtual directory are you seeing failure in IIS and what is the IIS failure code along with sub code?
If client connections are passing through the IIS with status code 200 then you may need to check the inbox folder permission and few other MP logs to understand further.
Yes sir, i have checked IIS logs nothing showing log saying all okay
2020-05-09 18:29:59 10.94.64.71 CCM_POST /ccm_system/request – 443 – 188.8.131.52 ccmhttp – 200 0 0 4693 546
2020-05-09 18:29:59 10.94.64.71 CCM_POST /ccm_system/request – 443 – 184.108.40.206 ccmhttp – 200 0 0 4709 2093
2020-05-09 18:29:59 10.94.64.71 CCM_POST /ccm_system/request – 443 – 220.127.116.11 ccmhttp – 200 0 64 4110 656.
MP logs 443 with 200 status okay ..
but in MPfdm logs saying.
ERROR: Cannot access the destination inbox path \\primaryserver.com\SMS_PVI\inboxes\auth\statesys.box\incoming, Win32 Error = 71
my primary server application install directory is D drive able to access –
where we get SMS_PVI folder exact.?
in SMS/MP/OUTBOX/stat.box – there are more 5lakh file- continusly cominng .- ?
and also from open internet – able to telnet 443 (public URL – which was public ip nated ) and also nslookup happing from open internet .
when im browsing site – 443 where ssl certificate bind -landing at default.htm.
page shown like – Opps! page can not accessible. like that.
on my primary SQL culster getting error –
Message : SSPI handshake failed with error code 0x8009030c, state 14 while establishing a connection with integrated security; the connection has been closed. Reason: AcceptSecurityContext failed. The Windows error code indicates the cause of failure. The logon attempt failed [CLIENT: 10.94.00.00] – this IBCM server ips..
Id : 17806
please help so much confusion to sort this issue.
ok, Dont do anything with the IIS settings. It looks normal and the issue you have is with the file transfer from MP to Primary site and that is why you are seeing errors in MPFDM (MP File Dispatch Manager).
Is your site in Pull mode or push more? If its pull mode then change it to push mode or vice versa. This can be done by enabling a checkmark on site system properties which says site initiates the connection(dont remember the exact wording)
we are using Push mechanism, here from Primary unchecked client push setting because client installation Happing my org from secondary site..
Please guide me step by step.
we have one 1 primary and 24 secondary site..
on IBCM – we installed DP,MP, SUP only.
suddenly issues came nothing changes with existing setup.
I am not talking about the client push installation. The files from MP inbox is moved to primary inbox either using a push mechanism or pull mechanism.
You need to go to your MP Site system properties
There will be a checkbox for “Require the site server to initiate a connection to this site system”.
If that is not ticked then you can tick that and watch the MPFDM log. This will change the MP from Push mode to Pull mode. We change this to recover the corruption that happened on your MP File Dispatch Manager. Once the mode is changed and visible in the log file and everything started working you can remove the checkbox and the site will change back to push mode.
Note:- Please take an appropriate backup before making any changes.
Yes require port open ! able to telnet xx.com 443 by open internet – no issue with external –
issue with internal server ! exactly unable identify- just want to cross check.
in IIS – C:\inetpub\temp\appPools\SMS Management Point Pool.config – file
when im trying to open getting access denind.
C:\inetpub\temp- subfolder – all folder require permission ?
This issue is only for few clients or only for specific set clients..
Also, it never worked before?
Issue with ALL clients which are client cconnected over the internet, after MP down patching happen through IBCM SERVER on.
You shouldn’t be messing around with the files and folders in c:\inetpub\.
Use IIS Manager to manage things.
If you can help answer all the questions asked in detail and try the things suggested, not the things you have tried, and let us know, that would be much appreciated and help us to help you better.
Do you have port TCP/10123 open in your firewalls? You also need this one for IBCM.
Are you sure ports 80 and 443 are open? Download and use the Portquery UI tool and verify these ports can be accessed from the Internet to your FQDN.
Are you able to resolve your FQDN server url?
If you have CRL check enabled in your Site, uncheck that.
What do the LocationServices and CCMmessaging logs say?