Posts Tagged ‘SCCM 2012’

Capacity Planner for Hyper-V Replica; a long story from SCCM!

August 7, 2013 1 comment

Hi Geeks,

For a customer who has about 1500 users, I have designed a SCCM 2012 Platform using a single primary site since there is no a subordinate important site (to use it as secondary site or another primary site) with the these elements :

  1. A site server on a DL 360 G7
  2. A site system server with duplicated roles on a DL 360 G7
  3. 2 SQL Servers configured used Always On feature on 2 DL 360 G7

All right for 1500 users, the proposed architecture is highly available. However, the customer has changed his opinion: The SCCM Is so critical for him ans desires to get it on the Secondary site.

My challenge was with the same servers, I had to find a solution since SCCM 2012 does not support Disaster Recovery capabilities.

So I have thought a bout virtualization to offer :

  • High availability through a Hyper-V cluster
  • Disaster Recovery capabilities through Hyper-V Replica

The architecture has changed and the following schema describes the involved elements :


  • 2 servers used as Hyper-V Cluster Nodes. Each node can host two machines : SCCM (a primary site server), SQL ( configured also as a site server with some duplicated roles)
  • 1 server as SAN (Yes!). The cluster was based on SMB 3!
  • 1 server as Hyper-V replica

Very nice! The designed architecture was deployed successfully (ElhamdouliLLah). However, I have encountered some issues with the Hyper-V replication that works fine locally but with big disruptions over the WAN.

My problem is I was not able to estimate the necessary ressources (WAN bandwidth especially) for my workload.

Fortunatly, Microsoft has released this great tool ; Capacity Planner for Hyper-V that can be downloaded from this link.


After configuring and running the tool, it is possible to consult a rich report that covers (from the tool documentation) :

1)      Virtual Machine:

The table lists a set of VMs and VHDs which were considered for capacity planning guidance.

2)      Processor

The table captures the estimated CPU impact on the primary and replica servers, after enabling replication on the selected VMs.

3)      Memory

The table captures the estimates memory requirements on the primary and replica servers, by enabling replication on the selected VMs

4)      IOPS

There are two tables in this section – one for the primary storage subsystem and the other for the replica storage subsystem.  The attributes for the primary storage subsystem are:

a)      Write IOPS before enabling replication – This captures the write IOPS observed across all the selected VMs for the duration of the run

b)      Estimated additional IOPS during initial replication – Once replication is enabled, the VHD is transferred to the replica server/cluster as part of the ‘Initial Replication’ (IR) operation which can be completed over the network. The IOPS required during this duration is captured in this row.

c)       Estimated additional IOPS during delta replication – Once IR completes, Hyper-V Replica attempts to send the tracked changes every 5 minutes. The additional IOPS required during this operation is captured in this row.

The attributes for the replica storage subsystem are:

a)      Estimated IOPS during IR – During the course of IR, the IOPS impacts on the replica storage subsystem is captured in this row

b)      Estimated IOPS when only the latest point is preserved – While enabling replication, customers will have an option to store only the recovery point or upto 15 additional recovery points (which are spaced at a 1 hour granularity). This row captures the IOPS impact when storing only the latest recovery point.

c)       Estimated IOPS impact when multiple recovery points are used – This row captures the IOPS impact when replication is configured to store multiple recovery points. Hyper-V recovery snapshots are used to store each recovery point. The IOPS impact is independent of the number of points.

5)      Storage

This section captures the disk space requirements on the primary and replica storage. The first table which captures the primary storage subsystem contains the following details:

a)      Additional space required on the primary storage: Hyper-V Replica tracks the changes to the virtual machine in a log file. The size of the log file is proportional to the workload “churn”. When the log file is being transferred (at the end of a replication interval) from the primary to the replica server, the next set of “writes” to the virtual machine are captured in another log file. This row captures the space required across all the ‘replicating’ VMs

b)      Total churn in 5minutes: This row captures the workload “churn” (or the writes to the VM) across all the VMs on which replication will be enabled.

The following metrics are reported on the replica storage:

a)      Estimated storage to store the initial copy: Irrespective of the replication configuration around additional points (latest vs storing more than one point), this row, captures the storage required to store the initial copy.

b)      Additional storage required on the replica server when only the latest recovery point is preserved: Over and above the storage required to store the initial copy, when replication is enabled with only the latest point, the tracked changes from the primary server are written to the replica VM directly. Storage (which is equal to the churn seen in a replication interval) is required to store the log file before writing to the replica VM.

c)       Additional storage required per recovery point on the replica server when multiple recovery points are preserved: Over and above the storage required to store the initial copy, each additional recovery point (which is stored as Hyper-V snapshot on the replica server) requires additional space which is captured in this row. This is an estimate based on the total VHD size across all the VMs and the final size is dependent on parameters such as write pattern.

6)      Network

The network parameters are captured in the table. These are:

a)      Estimated WAN bandwidth between the primary and replica site: This is the input provided to the capacity planning tool.

b)      Average network bandwidth required: Based on the workload churn observed during the duration of the run, this row captures the average network bandwidth required to meet Hyper-V Replica’s attempt at sending the tracked changes every 5 minutes. This is a rough estimate as factors (which are not accounted by this tool) such as compression of the payload, latencies in the network pipe etc could impact the results.

c)       MaximumActiveTransfers: In a multi-VM-replication scenario, if the log file for each of the replicating VM is transferred sequentially, this could starve or delay the transmission of the change log file of some other replicating VM. On the other hand, if the change log file for all the replicating VMs are transferred in parallel, it would affect the transfer time of all the VMs due to network resource contention. In either scenario, the Recovery Point Objective (RPO) of the replicating VMs is affected. An optimal value for the number of parallel transfers is got by dividing the available WAN bandwidth by the TCP throughput of your link. The tool calculates the TCP throughput by replicating the temporary VM which is created and makes a recommendation for a registry key which is taken into account by Hyper-V Replica. It is worth noting that the value captures the number of parallel network transfers and *not* the number of VMs which are enabled for replication.

A great tool really!




Resolving “RegTask: Failed to send registration request message. Error: 0x87d00231” by repairing the Management Point

November 15, 2012 26 comments

Hi again!

When you install a new SCCM 2012 agent you can easily be a victim of this well known error “RegTask: Failed to send registration request message. Error: 0x87d00231”.


So, the client is installed successfully, but no information is collected on the SCCM console. This problem can cause another issue; the inactivity of the agents that were installed previously.

Searching for the right solution is not a so easy way because it depends on your case. In some posts or forums, they are speaking about certificates. However, in my case, the MP is configured to communicate using HTTP protocol.

In this article, I will describe the steps to follow in order to solve the problem. In my case the windows authentication module used by the MP was my issue. This article is not just applied on the case of the windows authentication module, you can try it to ensure that your MP is repaired correctly.

First of all, you have to understand the protocol of registering a new client :

  • The new client performs a CCM_POST to CCM_System_WindowsAuth on the MP.
  • The MP responds with a 401 as the request is anonymous and contains no security data.
  • The client requests a Kerberos ticket for http://MP_FQDN from Active Directory (e.g.
  • On obtaining the Kerberos ticket, the client performs another CCM_POST including the security data.
  • If the MP accepts the ticket then the client is authenticated and is considered to be trusted.
  • Whether the client is trusted or not, the MP executes the spUpdateClientRegistration stored procedure to update the database. If the client has authenticated properly, both the @ApprovalMethod and @IsIntegratedAuth parameters will be set to 1. If not, they are both set to 0. 

All these steps were described in this great article.

So I have tried to test the following request  http://mysccmserver/ccm_system_windowsauth/request  and bingo 403 error!

To have more details, I have consulted the IIS logs at %systemdrive%\Inetpub\Logs\LogFiles\W3SVC1\.

I have consulted my IIS manager and the SMS_MP_WindowsAuth Application under the default site was corrupted. In my case, this application was not associated to an application pool. I have created a new one but that does not solve my problem.

So, I have tried to uninstall and reinstall my MP. Unfortunately, the problem is still existing and the application is not repaired.

How to repair an MP? that is the question. Here you are a method that worked for me:

  • On the SCCM console select Administration Section
  • Select Site Configuration Group
  • Select Servers and Site System Roles
  • Select your Site System containing the right MP
  • Right Click on the MP role and select Properties
  • On General Tab, Select HTTPS Client Connection

This action will reinstall the MP and repair it. Please check the right SMS_MP_CONTROL_MANAGER log to verify if it is successfully repaired. If it is done, you have to redo the above steps to select HTTP as the Client Connection Protocol. This action will also reinstall and repair the MP.

Finally, I have Checked all Web Applications and the issue is solved. The Clients are registered and the inactive clients become active.

A nice document for SCCM Clients Troubleshooting

November 15, 2012 Leave a comment

Hi SCCM Geeks,

I have encountered recently a serious problem with my MP (Management Point) in the primary site. You can find some solutions like uninstalling IIS and reinstalling it with the MP.

But I have found during my search this great paper that learns us how to troubleshoot SCCM Clients. This nice present is offered by SolarWinds and developed by Matthew Hudson.

The big points treated are as follows:

  1. How to Telnet to the Ports
  2. Using Policy Spy and Client Spy
  3. WMI Errors Resolved
  4. Key Error Codes Defined
  5. Using Logs for Troubleshooting – How and Where to Find Relevant Data
  6. Top 5 Patch Downloading Issues Resolved
  7. WMI from Primary to Machine to Ensure Connection
  8. Certificate Errors Resolved
  9. Signature Verification Failure

I have really appreciated this document. You can download it form this link.

Categories: SCCM Tags: ,

SCCM 2012 : “A communication error has been detected between the specified site system and the site database computer”

September 28, 2012 2 comments


Currently, I am working on an important System Center project. During SCCM 2012 installation, I have encountered this error in the pre requisites checking step :

“Site System to SQL Server Communication;    Warning;    A communication error has been detected between the specified site system and the site database computer. This error can occur when the site database server is offline or if a valid SPN has not been registered in Active Directory Domain Services for the SQL Server instance hosting the site database. Setup cannot continue.”

In my case, the database server is hosted on a remote server. I have done all the necessary configurations. But this error occurred. I have applied consequently the suggestion of registering the SPN of the SQL instance. That did not solve my issue. Don’t forget of course to fix the SQL communication ports, because the dynamic ports when you have more than one instance cause many problems.

So I consulted the log file to analyze the issue and surprise ! I got these wonderful lines :

<09-16-2012 15:27:25> ERROR: Connected to SQL Server but failed to execute query IF NOT EXISTS (select * from master.sys.server_principals where name=’DOMAIN\SCCMCOMPUTERACCOUNT$’) BEGIN CREATE LOGIN [DOMAIN\SCCMCOMPUTERACCOUNT$] FROM WINDOWS; SELECT 1; END ELSE SELECT 0
<09-16-2012 15:27:25> save to ini file SQLCONNECT:DatabaseServerAccount\cmsql.
<09-16-2012 15:27:31> ERROR: Failed to connect to SQL Server SCCMCOMPUTERName.

So I have verified the logins section in my SQL Server and really the account was not created. What’s the matter?

To understand the issue, try to execute the T-SQL query and bingo! this account cannot be retrieved and verified.

In my case, the NetBios domain name is different from the domain name without DNS suffix. The wizard detects the domain name and simply extracts the NetBios name by removing the DNS suffix like .com for example.

Let us suppose that your domain name is CONTOSO.COM. the SCCM wizard just extracts CONTOSO and considers it as the NetBios name, even it is different. After that, an account name is generated for your SCCM computer account using the extracted NetBios name. if the real NetBios name is different so the generated account is false and does not exist.

What to do?

Simply execute the SQL request by putting the real account name. you will notice that the request is executed successfully. Don’t attribute privileges, the wizard does it for you.

Now, when you relaunch the wizard the error sill exists but don’t worry, you can continue without any problem.

You will also have the following AD container errors even you have configured the necessary settings :

<09-16-2012 15:27:14> ERROR: Site server does not have create child permission on AD ‘System Management’
<09-16-2012 15:27:14> WARN: Site server does not have delete child permission on AD ‘System Management’
<09-16-2012 15:27:16> SCCMComputerName; Verify site server permissions to publish to Active Directory.; Warning; The site server might be unable to publish to Active Directory. The computer account for the site server must have Full Control permissions to the System Management container in its Active Directory domain. You can ignore this warning if you have manually verified these permissions. For more information about your options to configure required permissions, see

Don’t worry, the error is due to the same reason and you can install the SCCM without any problem.

After installation please check your SQL server to verify the database creation and that the account you have created previously is attributed the right rights. Please check also the System management container in the AD and verify the information publication.

Categories: MS Technologies, SCCM Tags: