cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
KB: Configuration Manager 2007 client operations fail after you install a May 2017 security update for Windows Server 2008 R2
By
System-Center-Team
Published Feb 16 2019 04:24 AM 2,165 Views
System-Center-Team
Microsoft
‎Feb 16 2019 04:24 AM

KB: Configuration Manager 2007 client operations fail after you install a May 2017 security update for Windows Serv...

‎Feb 16 2019 04:24 AM
First published on TECHNET on Jul 08, 2017

We have released a new KB article Configuration Manager 2007 client operations fail after you install a May 2017 security update ... which contains a solution to the following issue:


Client-related operations fail in an installation of Microsoft System Center Configuration Manager 2007 that has the server locator point (SLP) role after you install one of the following May 2017 security updates for Windows Server 2008:


4018556 Security update for the Windows COM Elevation of Privilege Vulnerability in Windows Server 2008: May 9, 2017


4019263 May 9, 2017—KB4019263 (Security-only update)


4019264 May 9, 2017—KB4019264 (Monthly Rollup)


Note This problem does not affect System Center Configuration Manager 2012 or the current branch version of the program.


This problem can affect the following operations:




  • New client registrations

  • Client assignments to new sites

  • Client reinstallations


Also, you receive a "Could Not Initialize" error message if you browse to the following location:


http://localhost/sms_slp/SLP.dll?site&SC= < sitecode >


Note In this message, < sitecode > represents your actual site code. This error message resembles the following screen shot:




Cause










The worker process typically runs under the LOCAL SERVICE account. However, after you apply one of the updates that are mentioned in the "Symptoms" section, the LOCAL SERVICE account is removed. This causes the worker process to be moved to the System account, and the SLP becomes inaccessible.

















Workaround











The worker process typically runs under the LOCAL SERVICE account. However, after you apply one of the updates that are mentioned in the "Symptoms" section, the LOCAL SERVICE account is removed. This causes the worker process to be moved to the System account, and the SLP becomes inaccessible.




  1. Open the Properties window of the SLPExec.exe file. by default, this file is located in the following folder:
    c:\SMS\SMS_SLP

    Note If you don't know where the SLPExec.exe file is located, go to IIS, browse to the default website, and then look under SMS_SLP and content view. Click View Permissions to see the full path.

  2. In the Group or user names area, add LOCAL SERVICE .

  3. Grant the Read & execute permission for LOCAL SERVICE




After you grant the permission, try again to access the URL that generated the error. If the XML information is displayed, the problem is temporarily resolved.



For the official KB article see https://support.microsoft.com/help/4035047 .






0 Likes
Like
Version history
Last update:
‎Mar 11 2019 10:35 AM
Updated by:
Labels