Microsoft KB Archive/917485

= Error message after you install a BITS-enabled distribution point: &quot;Failed to bind to virtual directory root&quot; =

Article ID: 917485

Article Last Modified on 11/27/2007

-

APPLIES TO


 * Microsoft Systems Management Server 2003

-



SYMPTOMS
After you create or update a package that targets a newly-enabled distribution point on a remote server that uses the Background Intelligent Transfer Service (BITS), you may receive the following error message. This error message may be logged in the SMS\Logs\distmgr.log file on the site server.

ERROR CreateVirtualDirectory: Failed to bind to virtual directory root IIS:// /W3svc/1/ROOT. error = Access is denied. ERROR CheckDPforDrizzle: Could not find the desired DP [&quot;Display=\\ORL40513\&quot;]MSWNET:[&quot;SMS_SITE= &quot;]\\ORL40513\ in the SCF Cannot set the current Drizzle Role status for the DP. Performing error cleanup prior to returning.



CAUSE
This problem occurs because the virtual directory for SMSPKG $ was not created or cannot be accessed on the distribution point in Internet Information Service (IIS) Manager. This behavior can occur when certain conditions are true. These conditions include, but are not limited to, the following examples:
 * Required services are not started on the remote distribution point.
 * IIS is not installed on the remote distribution point.
 * Incorrect IIS files and registry permissions exist on the remote distribution point.
 * There are various Domain Name System (DNS) problems.
 * The Microsoft Windows Server 2003 Security Configuration Wizard (SCW) has been run on the remote distribution point.



RESOLUTION
Follow the steps that apply to the problem that you are experiencing based on the conditions from the &quot;Cause&quot; section.

Important After you resolve the problem, you must remove the distribution point and then install it again to create the virtual directory.

Required services are not started on the remote distribution point
The following services must be running on the distribution point server for the distribution point installation to complete successfully. You must manually start these services if they are not running.
 * COM+ System Application on Windows Server 2003

The default startup type is Automatic.
 * COM+ Event System

The default startup type is Manual.

For more information about a possible a cause for these services not starting, click the following article number to view the article in the Microsoft Knowledge Base:

909444 Systems that have changed the default Access Control List permissions on the %windir%\registration directory may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC

Internet Information Services (IIS) is not installed on the remote distribution point
IIS must be installed on any remote server that hosts a distribution point. The following list shows the required IIS components:
 * IIS Common Files
 * IIS Manager
 * W3SVC
 * Enable network COM+ access

Install IIS on the distribution point server. After you install IIS on the distribution point, you must stop and then start the SMS Executive service on the site server.

Note You must stop and then start the SMS Executive service on the distribution point if the distribution point server is also a site server.

Incorrect IIS file and registry permissions on the remote distribution point
In Microsoft Windows 2000, the IWAM_ user account must have Read permissions to the   registry subkey.

In Windows Server 2003, the IIS_WPG group must have Read permissions to the  registry subkey.

For more information about IIS permissions, click the following article numbers to view the articles in the Microsoft Knowledge Base:

271071 How to set required NTFS permissions and user rights for an IIS 5.0 Web server

812614 Default permissions and user rights for IIS 6.0

To troubleshoot IIS permissions problems, you can use the Regmon and the Filemon third-party products from Sysinternals.

Run the Regmon utility and the Filemon utility when you install the distribution point. Then, search for ACCDENIED in the Regmon utility and FAILURE in the Filemon utility for the Dllhost.exe process.

For more information about the Regmon utility and the Filemon utility, and to download the utilities, see the following Microsoft Web site:

http://www.microsoft.com/technet/sysinternals/default.mspx

Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

There are various DNS problems
To resolve problems that deal with DNS, take the following measures:  Look for problems that occur because of a disjoined DNS namespace. Verify that the domain that the site server is connecting to is listed at the top of the DNS suffix search order on the distribution point server. To change the suffix search list, follow these steps:  Click Start, click Run, type ncpa.cpl, and then click OK. Right-click the connection that you want to change, and then click Properties. In the  Properties dialog box, select Internet Protocol (TCP/IP) under This connection uses the following items, and then click Properties. On the General tab, click Advanced. On the DNS tab, click Append these DNS suffixes (in order), click the target domain, and then move the target domain to the top of the list by clicking the UP ARROW key.</li> Click OK two times, and then click Close.</li></ol> </li>  To troubleshoot DNS problems, connect to the NetBIOS name and the fully qualified domain name (FQDN) of the distribution point server in the context of the site server computer account. To do this, follow these steps: <ol> Open a command prompt on the site server, type AT /interactive cmd.exe, and then press ENTER.</li> A new command prompt opens after two minutes. At the new command prompt, type ping .</li> After the command is completed, type ping

Note If the ping FQDN fails, there is a problem with the DNS configuration.</li></ol>

You can also open the Internet Information Service (IIS) Manager (Inetmgr.exe) from the new command prompt and then try to connect to the Default Web Site on the distribution point server. You can do this manually or by using a script that calls the AdsGetObject function. The following sample script will list the IIS virtual directories on the target computer.

Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure, but they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements. DsGetObject.vbs: 'Syntax: cscript.exe ADsGetObject.vbs <FQDNofDP> 'Run from site server to DP, and make sure it's run under LOCAL SYSTEM On Error Resume Next Set objWeb = GetObject(&quot;IIS://&quot; &WScript.Arguments(0)& &quot;/w3svc/1/ROOT&quot;) If Err.Number <> 0 Then WScript.Echo &quot;Failed to connect:&quot; &Err.Number&&quot;:&quot;&Err.Description WScript.Quit End If For each vDir in objWeb WScript.Echo vDir.Name Next 'End of script In this example script, <PathOf> is a placeholder for the path to the ADsGetObject.vbs file and <FQDN> is a placeholder for the FQDN of the distribution point server.

Note This script must be run from the new command window that you created by using the AT command in the steps earlier in this section.

For more information about the ADsGetObject function, visit the following Microsoft Developer Network (MSDN) Web site:

http://msdn2.microsoft.com/en-us/library/aa772184.aspx

For more information about how to troubleshoot DNS, visit the following Microsoft Web site:

http://technet.microsoft.com/en-us/library/bb726934.aspx

</li></ul>

The Windows Server 2003 Security Configuration Wizard (SCW) has been run on the remote distribution point
When you run the Windows Server 2003 SCW on a BITS-enabled distribution point, you must select Remote administration for IIS and related components on the Installed Options page of the SCW. If you do not enable remote administration for IIS and related components, the Windows Server 2003 SCW prevents the SMS Distribution Manager from creating virtual directories on the BITS-enabled distribution point.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Keywords: kbtshoot kbexpertiseadvanced kbfix kbsmsdistribution kbprb KB917485

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.