SCCM 1906 (TP) onwards, administration service helps SCCM console to communicate with the SMS Provider over HTTPS (instead WMI). In this video post, you will see an issue with SCCM 1906 Technical Preview version “Configuration Manager Can’t connect to the administration Service.”
Log file AdminService.log
Introduction
You can now enable some nodes of the SCCM console to use the administration service. This change allows the console to communicate with the SMS Provider over HTTPS instead of via WMI. This change is only applicable to the following nodes:
- Administrative Users
- Security Roles
- Security Scopes
- Console Connections
Note! – You can read more details about SCCM Administration Service from here.
The Issue
I upgraded to SCCM 1906 technical preview, and since then, I was not able to access four (4) nodes mentioned above.
Whenever I try to access Administrative Users node from SCCM console, it gave me the following error.
“Configuration Manager can’t connect to the administration service. The configuration manager console can’t connect to the site database through the administration service on SCCMTP2.intune.com.”
FIX – Administration Service Issue
You need to enable the following configuration/checkbox to get the SCCM console for Administrative users, Security Scopes, and security roles nodes.
- In the SCCM console, go to the Administration workspace, expand Site Configuration, and select the Sites node. In the ribbon, select Hierarchy Settings.
- On the General page, select the option to Enable the Configuration Manager console to use the administration service.
Above Fix – Didn’t Work?
As Mentioned in the above video, you need to make sure you have enabled the following settings. Also, it’s worth restarting the SCCM Console.
- Enable “Use Configuration Manager generated certificates for HTTP site systems.“
- Make sure – SMS Issuing certificate is not BLOCKED
- Restart the SCCM console and check the SCCM console nodes
Resource
- SCCM Console Debugger – Show SCCM Object Details Option
- Improvements to Configuration Manager console with HTTPS services
- Microsoft Intune for SCCM Admins Part 1
I am missing the administration service completely upon updating to 1906. Any thoughts or logs that may help? (the webpage for it gives back 404 even in the administration.log).
Have you followed steps which I mentioned in the blog ? SMS provider log might help as well?
It’s all about enabling that properties and allowing the self signed cert … restart the console
Thanks Anoop!
Your instructions worked for me directly on the site server.
However, when I try the SCCM console on a remote computer, I get the error again.
I am wondering if this is by design or is there more configuration to get at the 4 SCCM security nodes on a remote computer?
Thanks again sir.
Thanks for the assist.. worked like a charm after the 1906 update.
Hi, I just followed your guide but it still doesn’t work. Do you have an idea what could be the problem?
What s the error you are getting … and more details on the error would be helpful
Thanks for the fast response. On Component Status -> SMS_REST_PROVIDER it says “Administration service process failed to bind or unbind SSL certificate. ”
The SMS_REST_PROVIDER.log on the server says “Failed to add binding ‘https’ with port 443. Error 0x8007000d”
Did you check the certificate node to confirm whether all the appropriate certificates are approved.
Well there is the “SMS Issuing” and the status is “Unblocked”
On the SMS Provider:
Add-WindowsFeature -Name Web-Server, Web-Mgmt-Console
Then either bind a custom cert trough IIS console or enable ‘Use Configuration Manager-generated certificates for HTTP site systems’
I have tried all the above steps and no luck…
Failed to get a response for OData query: https://AdminService/wmi/SMS_Admin?$orderby='LogonName‘.
Hi Anoop Sir,
In my SCCM 1910 environment, I noticed that the SMS Issuing certificate is missing in the Certificates tab in SCCM console.
Is there any way to import into the server again.
Thanks,
Deepak
Can you try enable and disable the setting as I mentioned in the blog ? Pls test this in pre production before trying this out in production pls
Hi Anoop Sir,
I have installed sccm 1910, follow above guide but get following error in smsadminui.log
at System.Net.ServicePoint.ConnectSocketInternal(Boolean connectFailure, Socket s4, Socket s6, Socket& socket, IPAddress& address, ConnectSocketState state, IAsyncResult asyncResult, Exception& exception)
Can we use forum.howtomanagedevices.com to discuss errors and troubleshooting pls
When I am selecting Hierarchy settings, I am getting the below error. Also, I can not see SMS service in Services.
“ConfigMgr Error Object:
instance of SMS_ExtendedStatus
{
Description = “Error retrieving object FileType=2”;
ErrorCode = 2151811598;
File = “e:\\cm1606_rtm\\sms\\siteserver\\sdk_provider\\smsprov\\SspInterface.h”;
Line = 1198;
Operation = “GetObject”;
ParameterInfo = “SMS_SCI_Component.FileType=2,ItemName=\”SMS_SITE_COMPONENT_MANAGER|npsccm001.pens.com\”,ItemType=\”Component\”,SiteCode=\”NP1\””;
ProviderName = “ExtnProv”;
StatusCode = 2147749890;
};
——————————-
Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlQueryException
The SMS Provider reported an error.
Stack Trace:
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.GetInstance(String objectPath)
at Microsoft.ConfigurationManagement.AdminConsole.SmsPageControl.GetPropertyManagerOverride(ConnectionManagerBase connectionManager, String objectPath)
at Microsoft.ConfigurationManagement.AdminConsole.SiteHierarchy.GlobalConflictionPageControl.InitializePageControl()
at Microsoft.ConfigurationManagement.AdminConsole.SmsPropertyPage.OnInitialize()
——————————-
System.Management.ManagementException
Not found
Stack Trace:
at Microsoft.ConfigurationManagement.ManagementProvider.WqlQueryEngine.WqlConnectionManager.GetInstance(String objectPath)
at Microsoft.ConfigurationManagement.AdminConsole.SmsPageControl.GetPropertyManagerOverride(ConnectionManagerBase connectionManager, String objectPath)
at Microsoft.ConfigurationManagement.AdminConsole.SiteHierarchy.GlobalConflictionPageControl.InitializePageControl()
at Microsoft.ConfigurationManagement.AdminConsole.SmsPropertyPage.OnInitialize()
——————————-
I cannot see anyone with the solution here.
If running the console on a remote computer, open IIS on the site server and export the SMS Token Certificate from the default web site.
Using certlm.msc, import both the SMS Token Signing certificate and the SMS Issuing certificate.
I have done all these steps but still cannot access the nodes remotely. Also cant access console extensions node.
Imported certs to local pc and have all the settings correct. The error in the smsadminui log is [24, PID:8004][09/23/2021 11:39:33] :Error getting custom console extension GUIDs using Admin Service: System error.
[16, PID:8004][09/23/2021 11:39:37] :Local User Settings: File not found:
This fixed my issue
https://learn.microsoft.com/en-gb/mem/configmgr/core/plan-design/network/proxy-server-support#configuration-manager-console
after also using:
\bin\\\UpdDwnldCfg /clean
as I had set user and proxy earlier.