Configuration Manager cannot connect to the site

SCCM Console cannot connect after server upgrade.

b

5/9/20243 min read

You ever have one of those days where you go to updates and servicing and this this will be a simple update and then things don't go as expected?

The server seemed to update just fine, but the remote consoles stopped connecting and you see the error shown above.

We go down the list.

  • This Computer has network connectivity to the SMS Provider computer.

    • Ping the sccm server worked and therefore network connectivity appears to have passed.

  • Your computer account has Remote Activation permission to the Configuration Manager site server and the SMS Provider computer.

    • my account is local admin to the machine I am working from and I am in the SMS Admins groups on the sccm server.

  • Configuration manager console version is supported by the site server.

    • I'll upgrade the console to the latest version manually from the file on the server.

    • for me it was located here

      • D:\Program Files\Microsoft Configuration Manager\EasySetupPayload\8bb2c449-84b7-4226-821b-2e7352b409b0\SMSSETUP\BIN\I386\adminconsole.msi

      • you can use orca or instaedit in order to validate the version matches your installed version.

  • You are assigned at least one role-based administrator security role.

    • I'm the sccm admin and this worked before the upgrade and I can log into the console on the sccm server, so i think we're good here as well.

  • You have the following WMI permissions to the Root\SMS\site_<site code> namespaces: Execute Methods, Provider Write, Enable Account, and Remote Enable.

    • This is where your typical SCCM Admin gets a little lost, but luckily I've been doing this a while. First I tested using WBEMtest.

      • Once open Click connect \\sccmserver\root\sms and hit connect. = access denied

    • then look at the log here "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\AdminUILog\SmsAdminUI.log"

    • then look at the log here "C:\Program Files (x86)\Microsoft Configuration Manager\AdminConsole\AdminUILog\SmsAdminUI.log"

    • notice this line. at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.Connect(String configMgrServerPath)

      • this portion tells me the issue is on the SCCM server and not the local machine i am using

        • configMgrServerPath

    • Now lets look on the SCCM Server.

    • run this command on the primary server : wmimgmt.msc

    • right-click on WMI Control (Local)

    • Click Security and scroll to SMS and click the security button.

    • for me SMS Admins was missing here. so I added it and all the security and it worked, but i knew I didn't need (or want it completely open, so I cheated and looked at my dev server's security)

      • Enable Account and remote enable need to be checked

      • applies to this namespace only

    • Then change the security for the sms\sms_sitecode wmi folder.

      • Execute Methods, Enable Account, Remote Enable, Provider Write all checked

      • Applies to this namespace only.

Test WMI = success

Test console = Success

Contact

i_am_b@bworldtools.com