Troubleshooting Microsoft Provisioning Framework

What problem are you having?

How do I cleanup after a Setup failure or when running a previous version of Microsoft Provisioning Framework (MPF)?

Cause:  Previous local MPF accounts were not uninstalled.

Solution:   If your computer has a previous local installation of MPF, you can delete the accounts by following these steps:

  1. Right-click My Computer, and then click Manage
  2. The Computer Management console will start. In the console tree, double-click Local Users and Groups, and then click Users.
  3. In the details pane, select MPFClientAcct and MpfServiceAcct, right-click, and then click Delete. When prompted to confirm the deletion, click Yes.
  4. In the console tree, click Groups.
  5. In the details pane, select the MpfAdmins, MpfAuditors, MpfServiceAccts, and MPFTrustedUsers accounts, right-click, and then click Delete.

Cause:  Previous domain MPF accounts were not uninstalled.

Solution:  If your computer is a Domain Controller, you must remove the accounts from the Active Directory. To do so:

  1. Click Start, point to Programs, point to Administrative Tools. and then click Active Directory Users and Computers.
  2. The Active Directory Console will start. In the console tree, double-click the Users folder.
  3. Select MPFClientAcct, MPFAdmins, MPFAuditors, MPFServiceAcct, MPFTrustedUsers and MPFServiceAccts, right-click, and then click Delete.

After deleting the user accounts, remove the login accounts in SQL Server. To remove these accounts:

  1. Click Start, point to Programs, point to Microsoft SQL Server, and click Enterprise Manager.
  2. The SQL Server Enterprise Manager console will start. In the console tree, double-click Microsoft SQL Servers.
  3. Double-click SQL Server Group.
  4. Click the ServerName on which MPF is installed.
  5. In the details pane, double-click the Security folder.
  6. Double-click Logins.
  7. Select MpfAdmins and MpfServiceAccts, right-click, and then click Delete.

You must also remove accounts from your Documents and Settings folder. To do this:

  1. Open the drive where you installed MPF. For a default installation, this is the C: drive.
  2. Double-click the Documents and Settings folder.
  3. Right-click the MPFServiceAcct folder, and then click Delete.

Cause:  Setup did not complete successfully, leaving databases that must be removed.

Solution:  Remove the unnecessary databases.

To remove databases created during setup:

  1. Click Start, point to Programs, point to Microsoft SQL Server, and then click Enterprise Manager.
  2. The SQL Enterprise Server console starts. In the console tree, double-click Microsoft SQL Servers.
  3. Double-click SQL Server Group.
  4. Click the ServerName of the server on which you are installing MPF.
  5. In the details pane, double-click the Databases folder.
  6. Select the MpfAudit, MpfConfig, MpfTranslogdata, MPFSample and ResourceManager databases, right-click, and then click Delete.

An MPF installation failure related to SQL Server occurs.

Cause:  SQL Server was installed after uninstalling Microsoft Data Engine (MSDE).

The following sequence of events can cause an MPF installation to fail:

  1. You installed MPF on a system running MSDE.
  2. You uninstalled MPF and MSDE.
  3. You installed Microsoft SQL Server 2000.
  4. You attempted to install MPF.

If you have completed this sequence, the MPF installation will fail because database files have remained from the MSDE installation.

Solution:  It is recommended that you upgrade MSDE to SQL Server 2000 instead of uninstalling MSDE.

Error 1923 appears during Setup.

Cause:  While installing MPF, the following alert appears:

"Error 1923.Service 'Microsoft Provisioning Audit and Recovery Service' (MPFAuditAndRecovery) could not be installed. Verify that you have sufficient permissions to install system services."

Solution:  Cancel the installation and restart the system. You should then be able to install MPF.

Installation fails with SQL script errors reported.

Cause:  Databases that remain on your system from a previous installation of MPF are not attached to your current SQL Server.

Solution:  You must manually reattach the SQL databases for MPF to the current instance of SQL Server. The databases that must be attached are MPFAudit.mdf, MPFConfig.mdf, MPFSample.mdf, MPFTranLogData.mdf, and ResourceManager.mdf. For a default installation of SQL Server, these files should be in the folder C:\Program Files\Microsoft SQL Server\MSSQL\Data. To learn how to attach databases to SQL Server, consult your SQL Server documentation.

Local administrator is uninstalling MPF on a member server of a domain.

Cause:  If you run Uninstall by running setup.exe on a member server of a domain and you are a local administrator of the computer, the registry will still contain the parent provisioning key. It will also contain the first provisioning site designator within the parent.

Solution:  Leaving this key will not harm the system. If you want to remove the key, you must edit the registry manually.

Caution

  • Incorrectly editing the registry might severely damage your system. Before editing the registry and changing security settings, always be sure to back up any valued data on the computer. It is important to understand the possible consequences of editing the registry and changing security settings before you make such changes.

MPF displays a series of Microsoft Data Engine (MSDE) dialog boxes during installation or uninstallation.

Cause:  The current version of Microsoft Data Engine (MSDE) on your system is causing this problem.

Solution:  Apart from simply appearing on your screen, these dialog boxes do not affect MPF installation or uninstallation.

MPF stops working when administrator passwords expire or change.

Cause: Passwords are not synchronized.

Solution: Manually reset passwords as appropriate.

  • To change the passwords used in a domain installation, log on with domain administrator credentials and change the passwords for the Active Directory accounts as follows:
    1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Users and Computers.
    2. The Active Directory Users and Computers console starts. In the console tree, click Users.
    3. In the details pane, right-click MPFClientAcct, and then click Reset Password.
    4. In the Reset Password dialog box, type the password twice, and then click OK.
    5. In the details pane, right-click MPFServiceAcct, and then click Reset Password.
    6. In the Reset Password dialog box, type the password twice, and then click OK.
  • To change the passwords used in a local installation, log on with administrator credentials and change the passwords for the local computer accounts as follows:
    1. Right-click My Computer, and then click Manage.
    2. The Computer Management console will start. In the console tree, double-click Local Users and Groups, and then click Users.
    3. In the details pane, right-click MPFClientAcct, and then click Reset Password.
    4. In the Reset Password dialog box, type the password twice, and then click OK.
    5. In the details pane, right-click MPFServiceAcct, and then click Reset Password.
    6. In the Reset Password dialog box, type the password twice, and then click OK.
  • To change the password for the individual component, change it in Component Services as follows:
    1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
    2. The Component Services console will start. In the console tree, double-click Components Services, double-click Computers, double-click My Computer, and then click COM+ Applications.
    3. In the details pane, right-click Provisioning Engine, and then click Properties.
    4. On the Identity tab, type the password twice, and then click OK.
  • To change the password for MPF services, change it in the Services and Applications folder as follows:
    1. Right-click My Computer, and then click Manage
    2. The Computer Management console will start. In the console tree, double-click Local Users and Groups, double-click Services and Applications, and then click Services.
    3. In the details pane, right-click Provisioning Auditing and Recovery Service, and then click Properties.
    4. On the Log On tab, type the password twice, and then click OK.
    5. In the details pane, right-click Provisioning Queue Manager Service, and then click Properties.
    6. On the Log On tab, type the password twice, and then click OK.
  • To change the password for Internet Information Services (IIS), change it in the Services and Applications folder as follows:
    1. Right-click My Computer, and then click Manage
    2. The Computer Management console will start. In the console tree, double-click Local Users and Groups, double-click Services and Applications, double-click Internet Information Services, and then click Default Web Site.
    3. In the details pane, right-click MPF, and then click Properties.
    4. On the Directory Security tab, in Anonymous Access and Authentication Control, click Edit.
    5. If the Anonymous Access check box is selected, click Edit, type the password twice, and then click OK twice.

    6. Note

      • If the Anonymous Access check box is not selected, no action is required.

See also: Managing security.

MPF reports an error when I try to install an MPF component as part of an Active Directory domain installation.

Cause:  MPF account settings have not yet replicated through the system.

Solution:  Restart the computer on which you are installing MPF. Or, wait for approximately 15 minutes for Active Directory information to replicate throughout the Active Directory domain. You can also force immediate replication by doing the following:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services.
  2. The Active Directory Sites and Services console starts. In the console tree, double-click Sites, double-click Default-First-Site-Name, double-click Servers, double-click the domain controller that represents the site with the connection to which you want to replicate directory information, and then click NTDS Settings.
  3. In the details pane, right-click the connection over which you want to replicate directory information, and then click Replicate Now.

I do not know the recommended node order for a manual failover.

Cause:  You are failing over a group in a cluster manually where you have installed the transaction log databases.

Solution:  The recommended failover order should be Quorum Node, the TranLogGroup, and the Virtual Server Group.

The transaction log database does not automatically failover in a clustered scenario.

Cause:  In a clustered scenario, the transaction log database does not automatically failover.

Solution:  The Provisioning Audit and Recovery service might not be installed. Every node on which the transaction log database is installed must also have the Provisioning Audit and Recovery service installed. The failover should then occur automatically.

An XML request to the Simple Object Access Protocol (SOAP) Provider Request fails with the error "Cannot load certificate from the current user's store."

Cause:  This is a known issue.

Solution:  You can change the provisioning engine to run under the Domain Administrator account instead of MPFServiceAcct. To do so:

  1. Click Start, point to Programs, point to Administrative Tools, and then click Component Services.
  2. The Component Services console will start. In the console tree, double-click Component Services, double-click Computers, double click My Computer, and then click COM+ Applications.
  3. In the details pane, right-click Provisioning Engine, and then click Properties.
  4. On the Identity tab, ensure that This user: is selected.
  5. In the User: field, type the account name for the Domain Administrator, in the format Domain\Name.
  6. In Password: and Confirm Password:, type the correct password for the account.

After performing the above steps, the SOAP Provider should work correctly.

Domain Administrator is doing a local installation and MPF components on other computers in your domain will not communicate with MPF.

Cause:  The problem is caused by the difference between Domain Accounts and Local Accounts.

Solution:  To allow MPF components to communicate with other MPF components on the domain, during the installation, select Domain Install instead of Local Install.

When installing MPF on an Active Passive Cluster: The listener service is not automatically failing over.

Cause:  Every node that has the listener service installed must also have the transaction log database installed.

Solution:  The listener service will not be installed on a node unless the transaction log database is also installed on the same node. This will ensure successful automatic failovers.

MPF displays "Access Denied" errors when running Named Procedures that require Domain Administrator credentials.

Cause:  Delegation is not properly configured.

Solution:  Complete the following steps to configure delegation:

Client Configuration
  1. Open Provisioning Manager.
  2. The Provisioning Manager console opens. In the console tree, double-click Provisioning Servers, right-click Clients, and then click Properties.
  3. On the Provisioning Engine Clients tab, click Capabilities, and then click Edit.
  4. In Edit Property, in the Property value drop-down box, click Dynamic Cloaking, and then click OK.
  5. On the Provisioning Engine Clients tab, click Impersonation Level, and then click Edit.
  6. In Edit Property, in the Property value drop-down box, click Delegate, and then click OK.
  7. On the Queue Manager Clients tab, click Capabilities, and then click Edit.
  8. In Edit Property, in the Property value drop-down box, click Dynamic Cloaking, and then click OK.
  9. On the Queue Manager Clients tab, click Impersonation Level, and then click Edit.
  10. In Edit Property, in the Property value drop-down box, click Delegate, and then click OK.
Namespaces
  1. Open Provisioning Manager.
  2. The Provisioning Manager console opens. In the console tree, double-click Namespaces, double-click the namespace that contains the procedure that requires delegation, right-click the procedure, and then click Properties.
  3. On the XML tab, verify that the impersonate="1" element is specified.

    Note

    • If impersonation is not set correctly, it is recommended that you not change it while in production mode. Only the highest level procedure requires the impersonation setting. The lower levels inherit the setting when called through this procedure.

After changing the impersonation level of a procedure, be sure to recycle COM+ on the computer on which MPF is installed. To do this:

  1. Click Start, point to Programs, point to Administrative Tools, and and then click Component Services.
  2. The Component Services console will start. In the console tree, double-click Component Services, double-click Computers, double-click My Computer, and then click COM+ Applications.
  3. Right-click Provisioning Engine, and then click Shut Down.
  4. To restart the service, right-click Provisioning Engine, and then click Start.
Active Directory configuration
  1. In Active Directory Users and Computers, open the MPFServiceAcct property page.
  2. .
  3. Select Trusted for Delegation.

After making these changes, restart the MPF client and MPF engine computers.

I am unable to provision File Transfer Protocol (FTP) sites

Cause: This can occur if the FTP service was not installed and running on the Internet Information Services (IIS) server before registering its resources with the Resource Manager. It is not possible to add additional services to an IIS server, such as FTP, after its resources have been registered.

Solution: Restore the version of the IIS metabase that was backed up before attempting to add the FTP service. You will still be unable to install the FTP service or provision FTP sites on the server. For more information about restoring the IIS metabase, see article Q302573, "HOW TO: Backup and Restore IIS" in the Microsoft Knowledge Base.

MPF installation fails with the following error message:
"SQL 2000 SP1 or MSDE 2000 SP1 or greater is not started or is not installed."

Cause: A non-default instance of SQL Server is installed.

Solution: If you have a non-default instance of SQL Server 2000 installed, you have the following options:

  • Install a default instance of SQL Server.
  • Use the command-line setup to perform an unattended installation. For more information about doing a command-line installation of Microsoft Provisioning Framework (MPF), see the MPF installation instructions (install_single.htm or install_multi.htm) located on the Microsoft Provisioning System CD-ROM..