Re: "Error 70: Permission Denied" trying to trigger Adv Client fun
- From: "MikeP" <MikeP@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Thu, 4 Aug 2005 07:22:04 -0700
I see, my understanding of the sequence of communications "pulls" is a little
better now, I thought both push/pull occurred at some point.
Since I can only define a single Advanced Client Network Access Account in
the Software Distribution section of Component Configuration, we may not be
able to fix this until this building is converted to a 2000/2003 domain.
Since this secondary site server is servicing both 2000/2003 domain machines
and NT4 domain machines, I may be stuck until the conversion occurs. Any
idea why there isn't an option to configure multiple Advanced Client Network
Access Accounts the way you can for legacy clients?
"Kim Oppalfens" wrote:
>
>
> First of all,
>
> Again sms is pull based, even for software distribution. The only thing
> that is push based in sms is client deployment (if you choose to use the
> client push installation method).
>
> Normal software distribution cycle:
> 1) CLient asks management point for new advertisement (on a recurring
> schedule default 1 hour).
> 2) Clients ask management for a distribution point that holds the
> package sources for new advertisements it received.
> 3) Client connects to distribution point & starts installation.
> Nothing push about it. Which is great, otherwise we would be dependent
> on the clients running file & print sharing.
>
> On to the issue at hand, the most likely reason why they don't execute
> any advertisements is because they can't access the distribution point.
>
> In system status, advertisement status, do you see them as having
> received the advertisement?
>
> Advanced clients as already mentioned use their computer account to
> connect to the distriubtion point. Computer account authentication
> unfortunately doesnot work accross an external trust like a trust
> between an nt4 domain and a windows 2000/2003 domain.
> By consequence the client can't connect, if the computer acount fails
> then the client will try and use the advanced client network access
> account if one is configured. (Site Settings; component configuration;
> Advanced client network access account).
>
> Kim Oppalfens
> MVP SMS
>
>
> In article <FF904181-0516-46D3-9064-E1F6A3B91F14@xxxxxxxxxxxxx>,
> MikeP@xxxxxxxxxxxxxxxxxxxxxxxxx says...
> > Thanks for the response Kim... I see where I was going about this completely
> > backwards and treating it like a legacy client issue. I was indeed looking
> > at it from the perspective of not being able to hit the target machine from
> > the server whereas I should have been trying to hit the server from the
> > target machine.
> >
> > What I'm still confused on is why, from the server, I get the permission
> > denied error hitting the client in almost any capacity short of remote tools
> > working via the advanced client. I understand Software Distribution is a
> > "pull based" mechanism, but advertisements are "push based", and it's the
> > push that's hitting the permission denied issue. Maybe because the NT
> > domains are different as are the administrative domain users, my problem's
> > fix is as simple as adding the 2nd domain administrative account to the
> > workstation in the local administrators group.
> >
> >
> > "Kim Oppalfens" wrote:
> >
> > >
> > > First of all, advanced clients do not use a client connection account,
> > > they use their computer account to connect to the sms infrastructure.
> > >
> > > Secondly, testing whether you can access the shares on the client is
> > > kind off irrelevant. SMS Software distribution is actually a pull based
> > > mechanism, so you should be testing whether you can map the distribution
> > > point share from the client using his computer account.
> > >
> > > To test this open a dos prompt & execute
> > >
> > > at 16:45 /interactive cmd.exe
> > >
> > > This should open a dos box with system privileges at 16:45 (you are
> > > allowed to change the hour :-) (You need local admin privileges to use
> > > the at tool).
> > >
> > > In this new dos box try to map the distribution point share.
> > > If that fails try configuring an advanced client network access account
> > > in site settings, component configuration; software distribution ( the
> > > account can be a normal domain user).
> > >
> > > In article <6FD48BB5-9B22-47D8-81E3-03D892C2C610@xxxxxxxxxxxxx>,
> > > MikeP@xxxxxxxxxxxxxxxxxxxxxxxxx says...
> > > > Hello all... I'm getting an Error 70 - Permission Denied on a users's machine
> > > > when I'm on the SMS Console trying to right-click on it and trigger some of
> > > > the direct SMS functions like "Refresh Machine Policy" and others.
> > > >
> > > > The core SMS server lives withing a large domain with Active Directory and
> > > > the client machine is living on an older NT4 domain. The client on the
> > > > machine is running WinXP and runs just fine with the Advanced Client. I can
> > > > use remote tools to access it, but advertisement don't seem to hit it and
>
> --
> Kim Oppalfens
> MVP SMS
> Computacenter Belgium
>
.
- Follow-Ups:
- Re: "Error 70: Permission Denied" trying to trigger Adv Client fun
- From: Kim Oppalfens
- Re: "Error 70: Permission Denied" trying to trigger Adv Client fun
- References:
- "Error 70: Permission Denied" trying to trigger Adv Client functio
- From: MikeP
- Re: "Error 70: Permission Denied" trying to trigger Adv Client functio
- From: Kim Oppalfens
- Re: "Error 70: Permission Denied" trying to trigger Adv Client fun
- From: MikeP
- Re: "Error 70: Permission Denied" trying to trigger Adv Client fun
- From: Kim Oppalfens
- "Error 70: Permission Denied" trying to trigger Adv Client functio
- Prev by Date: Re: Clients from an other Domain in my Database
- Next by Date: Re: accessing SMS 2003 BITS-enabled DP that is behind the ISA firewall
- Previous by thread: Re: "Error 70: Permission Denied" trying to trigger Adv Client fun
- Next by thread: Re: "Error 70: Permission Denied" trying to trigger Adv Client fun
- Index(es):
Relevant Pages
|
