SCCM 2012 – Web Redirect is evil

SCCM 2012 – Web Redirect is evil
Rate this post

Hi All,

recently i was at a customer site performing the Build & Capture and it was failing when the Install Application step was invoked.

Customer was running WS2012R2, SCCM 2012 R2 with CU3, so the latest updates 🙂

because we were doing the B&C for Windows 8.1, the hotfix for Windows 7 did not apply, so there problem had to be something else.

Looking at the client logs, I saw:

ClientLocation
[CCMHTTP] ERROR: URL=http://xxxxxx, PORT=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE

LocationServices
Workgroup Client is in unknown location
Failed to execute LSExecuteTask
[CCMHTTP] Error: URL=http://xxxxx, PORT=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE
Raising event: instance of CCM_CcmHttp_Status{ ………………..
Successfully sent location services HTTP failure message
Error sending HEAD request. HTTP code 401, status ‘Unauthorized’

CertificateMaintenance
MP xxxx does not allow client connections matching the client connection type

StatusAgent
HandleFSPCcmHttpStatus – Failed to retrieve assigned MP. Assuming ‘xxxxxx’ is not a relevant MP

So, looking at the IIS logs, I saw that before the setup windows the machine did connect properly to the MP folders (ie /SMS_MP/.sms_aut MPLOCATION, /ccm_system/request, SMS_MP/.sms_pol, etc) not once I see it connecting direct to the root /

However, once the client is installed, it start connecting to the root / and I see this as HEAD / and just after i was it being redirected to /CMApplicationCatalog with HTTP ID 302 but was getting HTTP error 401

Of course this is not normal, but this was happening because we did redirect the default IIS default website to /CMApplicationCatalog

This repeat few times per second, so at the end of the day, with 1 T&B TS, we got around 450MB of IIS log, not good, as this could fill up the drive quickly.

you may be asking, why this redirection? customer had a single server, single primary site. they have created a CNAME called InstallSoftware where the users could open the Internet and browse to http://InstallSoftware to get to the CMApplicationCatalog. as we don’t want users to see the IIS Default webpage and you know, users will not remember to add the /CMApplicationCatalog, we added the redirection…

Once we removed the redirection (that was done via a default.aspx file), it connects to the root / and get status 200, it them goes to ccm_system/request, sms_fsp, etc…fine

Speaking with MS, i asked why this request to the root / as this request doesn’t seem to be necessary and only cause extra network traffic (small, but extra…)

from the reply i’ve got, this behaviour was implemented on SP1 or R2 for specific workgroup scenarios to detect if the client is internet or intranet.

This still not make sense for me and i’ve submitted a DCR to have this behaviour changed, however, while speaking with MS, my fellow MVP Kim Oppalfens gave me the idea to test the IIS Url Rewrite module and i have to say that after testing it, this resolve the issue.

So, to get the redirection to the CMApplicationCatalog (or another website) without breaking your MP connection on a workgroup / OSD scenario, perform the following tasks:

1- Download the URL Rewrite (http://www.iis.net/downloads/microsoft/url-rewrite)
2- Install it (basic next-next-finish)
3- Open IIS and navigate to the default webiste
4- Select URL Re-write and add a new rule
4.1 – Under Match URL -> Using, change to Wildcards
4.2 – Under Match URL -> Pattern, type *
4.3 – Under Conditions, add:
4.3.1 – Condition Input -> {HTTP_USER_AGENT}, check if input string -> Does not match the pattern, Pattern -> SMS+CCM+5.0
4.3.2 – Condition Input -> {PATH_INFO}, check if input string -> Match the pattern, Pattern -> /
4.3.3 – Condition Input -> {REQUEST_METHOD}, check if input string -> Does not match the pattern, Pattern -> HEAD
4.4 – Under Action
4.4.1 – Action type -> Redirect
4.4.2 – Action Properties -> Redirect URL -> type /CMApplicationCatalog (or any other url you want)
4.4.3 – Action Properties -> check append query string
4.4.4 – Action Properties -> Redirection type -> Permanent (301)

02

once this has been done, i was able to use the TS Build & Capture with the redirection.

Tags:

Recent Posts

Comments are closed.
%d bloggers like this: