Re: Question about Pushing the advanced client

Tech-Archive recommends: Fix windows errors by optimizing your registry

Garth wrote:
I think that I have to disagree with Kim and agree with Nate. if not account is specified then it will use the Site server machine account.

When you connected to the Adimn$, can you create a text file? i.e. Could it be file permissions?


"Nate" <ngau@xxxxxxxxxxxx> wrote in message news:1185370705.773998.79040@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
On Jul 24, 3:10 pm, "Kim Oppalfens [MVP]" <""Kim dot Oppalfens
\"@google mail.com"> wrote:
Nate wrote:
I'm an SMS newbie and I've been attempting to troubleshoot my way
through an SMS client push problem, and to date I've had no luck.
First, with the basics:
I'm running SMS 2k3 SP2 at 3 different sites (all of which are primary
sites, with one central site). I'm using advanced security and I'm
pushing the advanced client. We have had SMS running in our
environment for a while, but a small percentage of our clients
(between 10 and 20%) for whatever reason are discovered but the client
never installs. One of these compters happens to be next door, so
I've been using him as a test case.
His firewall is off. His remote registry services is enabled. For
whatever reason, SMS still does not want to isntall. I've checked the
CCM log and this is what is stated below:
___________________________________________________________________________­___________________
Found CCR "FTW-LAP0018.DIGIMARC.CCR" in queue "Retry".
SMS_CLIENT_CONFIG_MANAGER 7/23/2007 3:39:36 PM 1748 (0x06D4)
Received request: "FTW-LAP0018.DIGIMARC" for machine name: "FTW-
LAP0018" on queue: "Retry". SMS_CLIENT_CONFIG_MANAGER 7/23/2007
3:39:36 PM 1748 (0x06D4)
Stored request "FTW-LAP0018.DIGIMARC", machine name "FTW-LAP0018", in
queue "Processing". SMS_CLIENT_CONFIG_MANAGER 7/23/2007 3:39:36 PM
1748 (0x06D4)
----- Started a new CCR processing thread. Thread ID is 0x2584. There
are now 10 processing threads SMS_CLIENT_CONFIG_MANAGER 7/23/2007
3:39:38 PM 1748 (0x06D4)
Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 7/23/2007
3:39:38 PM 1748 (0x06D4)
======>Begin Processing request: "FTW-LAP0018.DIGIMARC", machine name:
"FTW-LAP0018" SMS_CLIENT_CONFIG_MANAGER 7/23/2007 3:39:38 PM 9604
(0x2584)
---> Trying each entry in the SMS Client Remote Installation account
list SMS_CLIENT_CONFIG_MANAGER 7/23/2007 3:39:38 PM 9604 (0x2584)
---> Warning: no remote client installation or SMS service account
found SMS_CLIENT_CONFIG_MANAGER 7/23/2007 3:39:38 PM 9604 (0x2584)
---> ERROR: Connected to FTW-LAP0018 registry, but couldn't connect to
the \\FTW-LAP0018\admin$ share using account ''
SMS_CLIENT_CONFIG_MANAGER 7/23/2007 3:39:38 PM 9604 (0x2584)
Stored request "FTW-LAP0018.DIGIMARC", machine name "FTW-LAP0018", in
queue "Retry". SMS_CLIENT_CONFIG_MANAGER 7/23/2007 3:39:38 PM 9604
(0x2584)
<======End request: "FTW-LAP0018.DIGIMARC", machine name: "FTW-
LAP0018". SMS_CLIENT_CONFIG_MANAGER 7/23/2007 3:39:38 PM 9604 (0x2584)
___________________________________________________________________________­___________________
Not being an expert, I'd like to clarify a couple things. It is my
understanding that pushing the advanced client running advanced
security uses user accounts and not the client push account.
Consequently, no client push account has been specified (also of note,
all our clients are all running XP, so the advanced client is
supported). That should explain the warning found in the above log,
in that the service account is not needed to be specified.
However, the very next line shows an error. To troubleshoot this, I
did the following:
1) Attempted to connect to the admin$ using my logon. It worked.
2) Using the AT.exe command, I scheduled cmd.exe to run an interactive
prompt under the local system account and attempted to map a drive to
the admin$ share on the computer in question. This failed with a
logon error.
3) I added the SMS server directly into the local admin group and
repeated step 2. This time, it worked and I was able to map a drive
to the admin$ share.
However, when the client install kicks off again, I'm getting the same
error. This makes no sense as the computer account is a full admin on
the system. I should also note that I'm seeing this at each of my
sites. Both of my primary children sites have the SQL databse on teh
SMS system, while the central site uses a different computer for the
SMS database (in this case, this computer is sitting at one of the
child sites).
I'd like to avoid using a client push account if at all possible.
That being said, I'm completely miffed. Your thoughts are greatly
appreciated.
To my knowledge, client push has never used the computer account.
The computer account is used to install site systems, not clients afaik.
Just define a client push account that is an admin on the targetted
clients. Check my blog for a post on how to add a client push account to
the administrators group of your clients using an gpo.

--
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMShttp://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_manage...- Hide quoted text -

- Show quoted text -

I tried that once before and the account locks out immediately (and
yes, I redid the password and all of that). I've also found a number
of documents stating that advanced security witht he advanced client
uses a machine account. Even my SMS trainer said as much. Keep in
mind that this has deployed just fine to 80% of the environment,
without a client push account... It's the other 20% that this has
been difficult to work with.


Hum, Anthony seems to agree with me since he deems this option as new for SCCM 2007 http://myitforum.com/cs2/blogs/socal/archive/2007/03/09/sccm-2007-client-push-installation-account.aspx

Will look into this further, but to the best of my knowledge, client push does fall back to using the sms service account in standard security mode but not to the computer account in advanced security mode. I could be wrong though.

--
"Everyone is an expert at something"
Kim Oppalfens - Sms Expert for lack of any other expertise
Windows Server System MVP - SMS
http://www.blogcastrepository.com/blogs/kim_oppalfenss_systems_management_ideas/default.aspx
.

Quantcast