September 15 2011

SCCM clients not downloading content from DPs

I’d been looking at an issue where SCCM clients were constantly waiting for content from a local DP even though I had confirmed the content was present and accounted for on the local DP disk (my DP are running Windows Server 2008 R2 which is IIS 7.5). I checked the IIS logs on the local DP and found an interesting line, something like:

HEAD /SMS_DP_SMSPKGD$/APH000CC//filename.config - 80 - Microsoft+BITS/7.0 404 7 0 15

The ‘404 7’ section was interesting because this is a HTTP status code for ‘404.7 – File extension denied’ – according to http://support.microsoft.com/kb/943891.

I found a few articles via Google mentioning this problem and that I should edit the %windir%System32inetsrvconfigapplicationHost.config file to allow the .config file type. This didn’t seem to fix the problem for me. After adjusting this and restarting IIS, when I looked in the IIS management GUI in the Request Filtering section, the .config extension was still blocked. I needed to change the HTTP request filters because by default in IIS 7.5 there are a list of file extensions that IIS will not provide to clients via WebDav. This included the ‘.config’ file type which I needed to deploy as part of an application package.

I didn’t want to manually do this via the GUI on all of my DPs so I used the appcmd.exe command and then restarted IIS:

%WinDir%System32InetSrvappcmd.exe set config "Default Web Site" -section:system.webServer/security/requestFiltering /-"fileExtensions.[fileExtension='.config']"

This did the trick – my clients then downloaded the content from their local DP including the previously problematic .config files.

For more info see some of these links:

 
 



----------------------------------------------------------------------------
I use a maximum of one Google Ad per post to help offset some of my blog hosting costs.

----------------------------------------------------------------------------

August 4 2011

Automate WebDAV configuration for SCCM site systems

This article here – http://technet.microsoft.com/en-us/library/cc431377.aspx – outlines how to configure IIS WebDAV for SCCM site systems. This is very fiddly manual process so I’ve created a small batch file to automate this. This is for Windows Server 2008 R2 with the correct IIS components already installed:


REM http://technet.microsoft.com/en-us/library/cc431377.aspx

REM Enable WebDav
%WinDir%System32InetSrvAppCmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /enabled:true /commit:apphost

REM Set authoring rule to allow all users read access
%WinDir%System32InetSrvAppCmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoringRules /+[users='*',path='*',access='Read'] /commit:apphost

REM Adjust WebDav settings

REM Hidden files
%WinDir%System32InetSrvAppCmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /fileSystem.allowHiddenFiles:true /commit:apphost

REM Anonymous properties
%WinDir%System32InetSrvAppCmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowAnonymousPropfind:true /commit:apphost

REM Custom properties
%WinDir%System32InetSrvAppCmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowCustomProperties:false /commit:apphost

REM Infinite depth
%WinDir%System32InetSrvAppCmd.exe set config "Default Web Site/" /section:system.webServer/webdav/authoring /properties.allowInfinitePropfindDepth:true /commit:apphost