Re: "Error 70: Permission Denied" trying to trigger Adv Client fun

Tech Tip: Click here to run a free scan for Windows Errors and optimize PC performance



First of all,

Again sms is pull based, even for software distribution. The only thing
that is push based in sms is client deployment (if you choose to use the
client push installation method).

Normal software distribution cycle:
1) CLient asks management point for new advertisement (on a recurring
schedule default 1 hour).
2) Clients ask management for a distribution point that holds the
package sources for new advertisements it received.
3) Client connects to distribution point & starts installation.
Nothing push about it. Which is great, otherwise we would be dependent
on the clients running file & print sharing.

On to the issue at hand, the most likely reason why they don't execute
any advertisements is because they can't access the distribution point.

In system status, advertisement status, do you see them as having
received the advertisement?

Advanced clients as already mentioned use their computer account to
connect to the distriubtion point. Computer account authentication
unfortunately doesnot work accross an external trust like a trust
between an nt4 domain and a windows 2000/2003 domain.
By consequence the client can't connect, if the computer acount fails
then the client will try and use the advanced client network access
account if one is configured. (Site Settings; component configuration;
Advanced client network access account).

Kim Oppalfens
MVP SMS


In article <FF904181-0516-46D3-9064-E1F6A3B91F14@xxxxxxxxxxxxx>,
MikeP@xxxxxxxxxxxxxxxxxxxxxxxxx says...
> Thanks for the response Kim... I see where I was going about this completely
> backwards and treating it like a legacy client issue. I was indeed looking
> at it from the perspective of not being able to hit the target machine from
> the server whereas I should have been trying to hit the server from the
> target machine.
>
> What I'm still confused on is why, from the server, I get the permission
> denied error hitting the client in almost any capacity short of remote tools
> working via the advanced client. I understand Software Distribution is a
> "pull based" mechanism, but advertisements are "push based", and it's the
> push that's hitting the permission denied issue. Maybe because the NT
> domains are different as are the administrative domain users, my problem's
> fix is as simple as adding the 2nd domain administrative account to the
> workstation in the local administrators group.
>
>
> "Kim Oppalfens" wrote:
>
> >
> > First of all, advanced clients do not use a client connection account,
> > they use their computer account to connect to the sms infrastructure.
> >
> > Secondly, testing whether you can access the shares on the client is
> > kind off irrelevant. SMS Software distribution is actually a pull based
> > mechanism, so you should be testing whether you can map the distribution
> > point share from the client using his computer account.
> >
> > To test this open a dos prompt & execute
> >
> > at 16:45 /interactive cmd.exe
> >
> > This should open a dos box with system privileges at 16:45 (you are
> > allowed to change the hour :-) (You need local admin privileges to use
> > the at tool).
> >
> > In this new dos box try to map the distribution point share.
> > If that fails try configuring an advanced client network access account
> > in site settings, component configuration; software distribution ( the
> > account can be a normal domain user).
> >
> > In article <6FD48BB5-9B22-47D8-81E3-03D892C2C610@xxxxxxxxxxxxx>,
> > MikeP@xxxxxxxxxxxxxxxxxxxxxxxxx says...
> > > Hello all... I'm getting an Error 70 - Permission Denied on a users's machine
> > > when I'm on the SMS Console trying to right-click on it and trigger some of
> > > the direct SMS functions like "Refresh Machine Policy" and others.
> > >
> > > The core SMS server lives withing a large domain with Active Directory and
> > > the client machine is living on an older NT4 domain. The client on the
> > > machine is running WinXP and runs just fine with the Advanced Client. I can
> > > use remote tools to access it, but advertisement don't seem to hit it and

--
Kim Oppalfens
MVP SMS
Computacenter Belgium
.

Relevant Pages

  • Re: Client Push keeps failing
    ... verified all of the permissions seem correct. ... No network access account provided. ... I thought that at first too and yet the SMS console still shows this ... I am trying to get the client push to work and it keeps failing. ...
    (microsoft.public.sms.admin)
  • Re: Advanced Client install nightmare
    ... I can succesfully connect to the remote registry using the account. ... MVP Windows Server System - SMS ... I have deleted and re-created the client install account and the client ... Slowing down the queue processing ...
    (microsoft.public.sms.admin)
  • Re: Client Push keeps failing
    ... I thought that at first too and yet the SMS console still shows this ... Above messages showed that the ccmsetup ran on the client machine ... I have already setup a "SMSPUSH" user account and it is added to the ... I am able to login to the SMS server using the SMSPUSH user account ...
    (microsoft.public.sms.admin)
  • Re: Adv Client with Workgroup Computers
    ... I was trying to use the SMS tools from the SMS server to initiate harware ... Inv for example the account is a domain account but the Client PC is in a ... Is there a procedure for installing the ADV client localy on a workgroup ... I have manually added to the WINS server. ...
    (microsoft.public.sms.admin)
  • Re: Advanced Client install nightmare
    ... I can successfully install manually using the SMS account. ... MS Client Configuration Manager cannot install the Advanced Client to ...
    (microsoft.public.sms.admin)