SCCM 2007 Cross Forest Client can’t connect to SCCM

We had a very odd issue reported this week in regards to all SCCM 2007 client installations not being able to connect to the SCCM server management point correctly and pulling down the relevant policies.

In the Location Services log on the CCM client we could see that there were a number of errors in regards to Service Locator Point (SLP). The one we focused our attention on was “No Site Version Returned from SLP for Site”

At this point we started to look at the SCCM server that hosted the SLP role. Upon checking IIS logs on the server, we could see clients connecting to the SLP client with no issues.

Out of interest we browsed to the URL the CCM clients were going to Http://CCMServername.domain.com/SMS_SLP/SLP.dll. Interestingly when browsing to this we got the error “could not initialize” , the message you should receive is “Bad Query String”.

So we focused out attention on the SLP. We then ran a ProcMon trace on the CCM server while the clients were accessing the SLP and spotted an Access Denied on the following file “SLPExec.exe”.

This is typically located in C:\SMS\SMS_SLP depending on the drive CCM was installed on. It turned out that the Permission for Local Service was missing. To resolve we added Read and Execute Permission to the Local Service account on the SLPEXEC.exe file and everything instantly started working. Clients that weren’t reporting correctly now were and all new client installations worked fine ?

About the author