An old topic, revisited; This is just a quick blog post to inform any in the same situation as myself where a customer had some issues setting up 5 MP’s at a customer. Now we all know that when setting up an new MP, or over time we may get some errors returned to us in one of the many log files monitoring the Management Point service in ConfigMgr. This is because MPs has quite a few prerequisites that either needs to be in place before it functions properly or needs TLC over time.

The other day I was at a customer where they had some issues setting up new MPs. They got the following error code in mpcontrol.log

  • call to httpsendrequestsync failed for port 80 with status code 404 text not found

After investigating, it turned out to be the Service Principal Name (SPN) that caused the issue. And I quickly saw why. The issue was that the SPN’s was created on the wrong Domain Service Account. If you are running the SQL Service (MSSQLSvc) with local computers system account, the SPN’s are registered automatically and you should not see these types of errors. But if you are running the SQL Service (MSSQLSvc) account with a domain account, then you have to do this manually:

From Microsoft doc:
You can choose the account that runs SQL Services for the site database:

  • When the services run with the computers system account, the SPN is automatically registered for you.
  • When the services run with a domain local user account, you must manually register the SPN to ensure SQL clients and other site system can perform Kerberos authentication. Without Kerberos authentication, communication to the database might fail.

From <https://docs.microsoft.com/en-us/sccm/core/servers/manage/modify-your-infrastructure>  


So I ran the following commands the clean up it up. You could see the same error being reported when no SPN is registered, if so, you do not have to delete anything, you simply need to register the SPN’s:

!!IMPORTANT!!: All environments are different and the steps below may not apply to yours. Make sure you review your Site, SQL and domain environment so you do not interrupt with any other services. I have attached links below for more information about the topic!

With the necessary permissions open a PowerShell prompt and type the follow:

To delete existing SPNs from wrong service account:

  • setspn -D MSSQLSvc/<SQL Server computer name>:1433 <Domain\Account>
  • setspn -D MSSQLSvc/<SQL Server FQDN>:1433 <Domain\Account>

 To add new SPNs the correct service account:

  • setspn -A MSSQLSvc/<SQL Server computer name>:1433 <Domain\Account>
  • setspn -A MSSQLSvc/<SQL Server FQDN>:1433 <Domain\Account>  

Voila there you go, after a couple of minutes the new installed MP’s reported back successfully

  • Call to HttpSendRequestSync succeeded for port 80 with status code 200

Stay tuned. And do not forget to leave a comment if you have any questions!