Re: client push not working!
- From: lee.james@xxxxxxxxxxxxx
- Date: 1 Mar 2006 14:42:49 -0800
Ok, I have it figured out - and in my opinion this is a huge 'bug' that
needs to be documented and/or addressed.
On our desktop images we set the LM compatibility level to '5', or
'Send NTLMv2 response only/refuse LM & NTLM'.
The default value for XP is '0' or 'Send LM & NTLM responses'.
I found MS article 842309 which explains that BITS 1.5 (which comes
with SMS 2003) 'allows logon credentials to be used for authentication
when the LmCompatibilityLevel is less than 2'.
However with BITS 2.0 (which comes with XP SP2) it's supposed to allow
authentication if the LmCompatibilityLevel is greater than or equal to
2.
This obviously is not happening, and as BITS 2.0 supports it, I would
contend that there is a bug with SMS 2003 SP2 and how it interacts with
BITS 2.0.
It would be ridiculous for a company running SMS 2003 in advanced
security to have to still enable their clients to use LM authentication
in order to get the advanced client pushed to them!!!
I changed the LM compatibility level to 1 and the advanced client
installed no problem.
J.
Kim Oppalfens <MVP> wrote:
Check whether the remote registry service is running.
--
Kim Oppalfens
Telindus Belgium
MVP Windows Server System - SMS
<lee.james@xxxxxxxxxxxxx> wrote in message
news:1141155413.480242.76210@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
Why is this so difficult? Has anyone actually managed to get automatic
client push working? Based on newsgroup readings it seems most people
just give up and use Group Policy to install the client instead...
Running SMS 2003 SP2 in a test environment - was fresh install not an
upgrade, Advanced security, single W2k Native domain. Single SMS site.
AD extended successfully, SMS pushing to AD properly, discovery
configured and working, servers that I manually installed the client on
working fine, reporting inventory etc. Client push is enabled,
Workstations selected as System type. Client push account setup as
%machinename%\wksadmin with the proper password. Verified
account/password is correct by logging into the client with those
credentials. Event log on site server is clean, all SMS status messages
are green.
Trying to get client pushed to a test XP SP2 box (firewall is
disabled). Client is discovered and 'assigned'.
Looking at the CCM.log shows the errors, yet if I manually do a drive
mapping to the admin$ share from the site server using the same
credentials it connects just fine.
At first I didn't have a Advanced Client Network Access Account because
the built-in SMS help recommends against it, and MS article 838436
implies you don't need it if you are running AD, yet newsgroup posts
seem to indicate you need it. What the hell?
So I created a regular user account, added it to the local admin group
on the site server (which gives it permissions to the SMSClient share)
and specified that account as the Advanced Client Network Access
Account.
But it's still not working.
Logfile:
======>Begin Processing request: "S82BWK41", machine name: "PC-CAL"
$$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:10.107 2006 Mountain
Standard Time><thread=408 (0x198)>
---> Trying each entry in the SMS Client Remote Installation account
list~ $$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:10.107 2006
Mountain Standard Time><thread=408 (0x198)>
---> Attempting to connect to administrative share '\\PC-CAL\admin$'
using account '%machinename%\WksAdmin'~
$$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:10.107 2006 Mountain
Standard Time><thread=408 (0x198)>
---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using
account %machinename%\WksAdmin (0000052e)
$$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:12.373 2006 Mountain
Standard Time><thread=408 (0x198)>
---> LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account
%machinename%\WksAdmin (0000052e) $$<SMS_CLIENT_CONFIG_MANAGER><Tue
Feb 28 11:51:12.373 2006 Mountain Standard Time><thread=408 (0x198)>
---> ERROR: Unable to connect to remote registry for machine name
"PC-CAL", error 5. $$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28
11:51:12.388 2006 Mountain Standard Time><thread=408 (0x198)>
---> Trying each entry in the SMS Client Remote Installation account
list~ $$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:12.388 2006
Mountain Standard Time><thread=408 (0x198)>
---> Attempting to connect to administrative share
'\\172.19.241.1\admin$' using account '%machinename%\WksAdmin'~
$$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:12.388 2006 Mountain
Standard Time><thread=408 (0x198)>
---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using
account %machinename%\WksAdmin (0000052e)
$$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:12.404 2006 Mountain
Standard Time><thread=408 (0x198)>
---> LogonUser failed (LOGON32_LOGON_INTERACTIVE) using account
%machinename%\WksAdmin (0000052e) $$<SMS_CLIENT_CONFIG_MANAGER><Tue
Feb 28 11:51:12.404 2006 Mountain Standard Time><thread=408 (0x198)>
---> ERROR: Unable to connect to remote registry for machine name
"172.19.241.1", error 5. $$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28
11:51:12.420 2006 Mountain Standard Time><thread=408 (0x198)>
---> ERROR: Unable to access target machine for request: "S82BWK41",
machine name: "PC-CAL", error code: 5
$$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:12.420 2006 Mountain
Standard Time><thread=408 (0x198)>
Retry request id for "S82BWK41" set to "PC-CAL.SPARTAN"
$$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:12.420 2006 Mountain
Standard Time><thread=408 (0x198)>
Stored request "PC-CAL.SPARTAN", machine name "PC-CAL", in queue
"Retry". $$<SMS_CLIENT_CONFIG_MANAGER><Tue Feb 28 11:51:12.420 2006
Mountain Standard Time><thread=408 (0x198)>
<======End request: "PC-CAL.SPARTAN", machine name: "PC-CAL".
.
- Prev by Date: Re: sql server move to the sms server
- Next by Date: Re: Question about SMS remote control....
- Previous by thread: Re: client push not working!
- Next by thread: Re: Installing Software As Someone Other than SYSTEM
- Index(es):
Relevant Pages
|
