Obscure SCCM Client agent problem on legacy server

A colleague of mine came across a very obscure SCCM client problem that I thought I’d share with you all….enjoy!

Just sharing a scenario I’ve just dealt with, in case anybody has to deal with similar on some of the weird and wonderful stuff we are welcoming to our SCCM environment.

Scenario:
Windows 2000 SP4 server, SCCM agent is installed, but object does not appear in database and SCCM components do not install.  CCMEXEC.log consistantly shows errors:

[CCMHTTP] HTTP ERROR: URL=http://xxxxx.client.xxxxxxx.com/ccm_system_windowsauth/request, Port=80, Protocol=http, SSLOptions=0, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE              CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

Raising event:
instance of CCM_CcmHttp_Status

{

                DateTime = “20111010163127.872000+000”;

                HostName = “xxxxxx.client.xxxxxxx.com”;

                HRESULT = “0x8004027e”;

                ProcessID = 2336;

                StatusCode = 500;

                ThreadID = 3256;

};

                CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

HandleRemoteSyncSend failed (0x80040231).  CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

CForwarder_Sync::Send failed (0x80040231).   CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

CForwarder_Base::Send failed (0x80040231).   CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

IIS log on Management Point shows this:

2011-10-10 16:31:08 W3SVC1 35.98.24.11 CCM_POST /ccm_system_windowsauth/request – 80 – 35.49.28.99 ccmhttp 401 2 2148074254
2011-10-10 16:31:08 W3SVC1 35.98.24.11 CCM_POST /ccm_system_windowsauth/request – 80 – 35.49.28.99 ccmhttp 401 1 0
2011-10-10 16:31:08 W3SVC1 35.98.24.11 CCM_POST /ccm_system_windowsauth/request – 80 – 35.49.28.99 ccmhttp 401 1 5

Cause:
The server had at some point in its long and sordid history had the following registry value set:

Key name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Value name = lmcompatibilitylevel

Value type = REG_DWORD

Value data = 0

Solution:
This value controls how the computer attempts to authenticate with network resources (i.e. which to use of LM, NTLM, NTLMv2).

We set this value to 3, restarted the box and the agent was then able to communicate with the management point and functioned normally.