Notice: This website is an unofficial Microsoft Knowledge Base (hereinafter KB) archive and is intended to provide a reliable access to deleted content from Microsoft KB. All KB articles are owned by Microsoft Corporation. Read full disclaimer for more details.

Error message after you install a BITS-enabled distribution point: "Failed to bind to virtual directory root"


View products that this article applies to.

Symptoms

After you create or update a package that targets a newly-enabled distribution point on a remote server that uses the Background Intelligent Transfer Service (BITS), you may receive the following error message. This error message may be logged in the Microsoft Configuration Manager\Logs\distmgr.log on the site server.
ERROR CreateVirtualDirectory: Failed to bind to virtual directory root IIS://ServerName/W3svc/1/ROOT. error = Access is denied. ERROR CheckDPforDrizzle: Could not find the desired DP ["Display=\\ORL40513\"]MSWNET:["SMS_SITE=SiteCode"]\\ORL40513\ in the SCF Cannot set the current Drizzle Role status for the DP. Performing error cleanup prior to returning.

↑ Back to the top


Cause

This problem occurs because the virtual directory for SMSPKGVolume$ was not created or cannot be accessed on the distribution point in Internet Information Service (IIS) Manager. This behavior can occur when certain conditions are true. These conditions include, but are not limited to, the following examples:
  • The default startup type for "COM+ System Application" is Manual.
  • The default startup type for "COM+ Event System" is Automatic.
  • IIS is not installed on the remote distribution point.
  • Incorrect IIS files and registry permissions exist on the remote distribution point.
  • There are various Domain Name System (DNS) problems.
  • The Microsoft Windows Server 2003 Security Configuration Wizard (SCW) has been run on the remote distribution point.

↑ Back to the top


Resolution

Follow the steps that apply to the problem that you are experiencing based on the conditions from the "Cause" section.

Important After you resolve the problem, you must remove the distribution point and then install it again to create the virtual directory.

Required services are not started on the remote distribution point

The following services must be running on the distribution point server for the distribution point installation to complete successfully. You must manually start these services if they are not running.
  • COM+ System Application on Windows Server 2003
    The default startup type is Automatic.
  • COM+ Event System
    The default startup type is Manual.
For more information about a possible a cause for these services not starting, click the following article number to view the article in the Microsoft Knowledge Base:

909444 You may experience various problems after you install the Microsoft Security Bulletin MS05-051 for COM+ and MS DTC

Internet Information Services (IIS) is not installed on the remote distribution point

IIS must be installed on any remote server that hosts a distribution point. The following list shows the required IIS components:
  • IIS Common Files
  • IIS Manager
  • W3SVC
  • Enable network COM+ access
Install IIS on the distribution point server. After you install IIS on the distribution point, you must stop and then start the SMS Executive service on the site server.

Note You must stop and then start the SMS Executive service on the distribution point if the distribution point server is also a site server.

Incorrect IIS file and registry permissions on the remote distribution point

In Microsoft Windows 2000, the IWAM_computername user account must have Read permissions to the HKLM\System\CurrentControlSet\Services\W3SVC registry subkey.

In Windows Server 2003, the IIS_WPG group must have Read permissions to the HKLM\System\CurrentControlSet\Services\W3SVC registry subkey.
For more information about IIS permissions, click the following article numbers to view the articles in the Microsoft Knowledge Base:

271071 How to set required NTFS permissions and user rights for an IIS 5.0 Web server

812614 Default permissions and user rights for IIS 6.0

To troubleshoot IIS permissions problems, you can use the Regmon and the Filemon third-party products from Sysinternals.

Run the Regmon utility and the Filemon utility when you install the distribution point. Then, search for ACCDENIED in the Regmon utility and FAILURE in the Filemon utility for the Dllhost.exe process.

For more information about the Regmon utility and the Filemon utility, and to download the utilities, see the following Microsoft Web site:Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.

There are various DNS problems

To resolve problems that deal with DNS, take the following measures:
  • Look for problems that occur because of a disjoined DNS namespace.
  • Verify that the domain that the site server is connecting to is listed at the top of the DNS suffix search order on the distribution point server. To change the suffix search list, follow these steps:
    1. Click Start, click Run, type ncpa.cpl, and then click OK.
    2. Right-click the connection that you want to change, and then click Properties.
    3. In the Connection Name Properties dialog box, select Internet Protocol (TCP/IP) under This connection uses the following items, and then click Properties.
    4. On the General tab, click Advanced.
    5. On the DNS tab, click Append these DNS suffixes (in order), click the target domain, and then move the target domain to the top of the list by clicking the UP ARROW key.
    6. Click OK two times, and then click Close.
  • To troubleshoot DNS problems, connect to the NetBIOS name and the fully qualified domain name (FQDN) of the distribution point server in the context of the site server computer account. To do this, follow these steps:
    1. Open a command prompt on the site server, type AT CurrentTime +2 minutes/interactive cmd.exe, and then press ENTER.
    2. A new command prompt opens after two minutes. At the new command prompt, type ping NetBIOSName.
    3. After the command is completed, type ping FQDN

      Note If the ping FQDN fails, there is a problem with the DNS configuration.
    You can also open the Internet Information Service (IIS) Manager (Inetmgr.exe) from the new command prompt and then try to connect to the Default Web Site on the distribution point server. You can do this manually or by using a script that calls the AdsGetObject function. The following sample script will list the IIS virtual directories on the target computer.

    Microsoft provides programming examples for illustration only, without warranty either expressed or implied. This includes, but is not limited to, the implied warranties of merchantability or fitness for a particular purpose. This article assumes that you are familiar with the programming language that is being demonstrated and with the tools that are used to create and to debug procedures. Microsoft support engineers can help explain the functionality of a particular procedure. However, they will not modify these examples to provide added functionality or construct procedures to meet your specific requirements.
    DsGetObject.vbs: 'Syntax: cscript.exe 
    ADsGetObject.vbs <FQDNofDP> 'Run from site server to DP, and make sure it's run under LOCAL SYSTEM
    On Error Resume Next
    Set objWeb = GetObject("IIS://" &WScript.Arguments(0)& "/w3svc/1/ROOT")
    If Err.Number <> 0 Then WScript.Echo "Failed to connect:" &Err.Number&":"&Err.Description WScript.Quit
    End If
    For each vDir in objWeb WScript.Echo vDir.Name
    Next 'End of script
    In this example script, <PathOf> is a placeholder for the path to the ADsGetObject.vbs file and <FQDN> is a placeholder for the FQDN of the distribution point server.

    Note This script must be run from the new command window that you created by using the AT command in the steps earlier in this section.

    For more information about the ADsGetObject function, visit the following Microsoft Developer Network (MSDN) Web site: For more information about how to troubleshoot DNS, visit the following Microsoft Web site:

The Windows Server 2003 Security Configuration Wizard (SCW) has been run on the remote distribution point

When you run the Windows Server 2003 SCW on a BITS-enabled distribution point, you must select Remote administration for IIS and related components on the Installed Options page of the SCW. If you do not enable remote administration for IIS and related components, the Windows Server 2003 SCW prevents the Configuration Manager 2007 Distribution Manager from creating virtual directories on the BITS-enabled distribution point.

The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, about the performance or reliability of these products.

↑ Back to the top


Keywords: kbsccm, kbtshoot, kbexpertiseadvanced, kbfix, kbsmsdistribution, kbentirenet, kbprb, kb

↑ Back to the top

Article Info
Article ID : 917485
Revision : 1
Created on : 1/7/2017
Published on : 9/11/2011
Exists online : False
Views : 802