4 Oct 2012

SCCM 2012 Application Catalog - Login Prompt (Multiple Domains)

In a AD Multi Domain environment, I've found that even after following the guidance from Microsoft regarding delegating permissions to the relevant web application folders (found here) I've still encountered prompts for credentials when accessing the web based Application catalogue which is by default http://servername.domain.com/CMApplicationCatalog.

Based on some research and also backed up by Chris Bradford's blog post, it appears that the problem can be caused by the 'Add default Application Catalog website to Internet Explorer trusted sites zone' option in the SCCM Client Settings. I've found it best to set this to 'False' and fallback on our internal namespace being registered via other means in the correct IE Security Zone.

To ensure that the NTLM credentials are passed through when accessing internal namespace addressed resources either add your domain with a wildcard (*.domain.com) or your server name to your IE Intranet Zone. This can be done via manually or by script but certainly appears to produce better results than using the SCCM Client option.

3 Oct 2012

Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests. The http status code and text is 401, Unauthorized.

I've found the message "Portal Web Site Control Manager detected PORTALWEB is not responding to HTTP requests.  The http status code and text is 401, Unauthorized." in the logs of the server which hosts our SCCM 2012 Application Catalog, when diagnosing the issues with the 'SCCM Software Center' failing to display available software showing a message of "Loading Software Center returned error code 0x80041001(-2147217407)". Also when browsing to the Application Catalog it displays a "Server Error in '/' Application" error. Googling the issue, it appears to be widespread with SCCM 2012 and related to WCF Activation.

The resolution can be found in the following MS KB - http://support.microsoft.com/kb/2015129

I would also recommend testing any Application Catalog related issues experienced on a client by accessing the Catalog via other clients. I have found clients can be at fault more times than the server.