- 4
- 0
- 1
Hello Prajwal,
你r site has proved to be incredibly resourceful with amazing information. I come to you with an odd one. I am running a home lab to learn more about SCCM and have it installed on a Primary Site Server.
I installed version 2303 and configured it, however I cannot seem to automatically push the Client to Windows 11 due to Access Denied error 2147942405. I have tired doing this with the firewall completely off and with Inbound rules created from other sites. I have turned on NTLM Fallback method as well. It seems my issue lies with Kerberos authentication however I'm not sure what to try next after days of research.
Note: I do not have a service account and am only using Administrator account.
The workstation is called Client1.
ccm.log snippet:
----- Started a new CCR processing thread. Thread ID is 0x764. There are now 1 processing threads $$<10-09-2023 20:25:53.722+240>
Submitted request successfully $$<10-09-2023 20:25:53.722+240>
Getting a new request from queue "Retry" after 100 millisecond delay. $$<10-09-2023 20:25:53.722+240>
Sleeping for 60 minutes for queue "Retry". $$<10-09-2023 20:25:53.722+240>
======>Begin Processing request: "2097152001", machine name: "CLIENT1" $$<10-09-2023 20:25:53.722+240>
Execute query exec [sp_IsMPAvailable] N'LIV'~ $$<10-09-2023 20:25:53.722+240>
---> Trying each entry in the SMS Client Remote Installation account list~ $$<10-09-2023 20:25:53.722+240>
---> Attempting to connect to administrative share '\\Client1.LivoniaResident.com\admin$' using account 'LIVONIARESIDENT\Administrator'~ $$<10-09-2023 20:25:53.722+240>
---> Connected to administrative share on machine Client1.LivoniaResident.com using account 'LIVONIARESIDENT\Administrator'~ $$<10-09-2023 20:25:53.753+240>
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0xFFFF)~ $$<10-09-2023 20:25:53.753+240>
---> Attempting to make IPC connection to share <\\Client1.LivoniaResident.com\IPC$> ~ $$<10-09-2023 20:25:53.753+240>
---> Searching for SMSClientInstall.* under '\\Client1.LivoniaResident.com\admin$\'~ $$<10-09-2023 20:25:53.753+240>
---> Unable to connect to remote machine "Client1.LivoniaResident.com" and namespace "root\cimv2" using Kerberos with alternate account, error - 0x80070005. $$<10-09-2023 20:25:53.769+240>
--> NTLM fallback is enabled, remote machine "Client1.LivoniaResident.com" is continuing with client push. $$<10-09-2023 20:25:53.769+240>
---> Unable to connect to WMI (root\cimv2) on remote machine "Client1.LivoniaResident.com", error = 0x80070005. $$<10-09-2023 20:25:53.785+240>
---> Unable to connect to remote machine "CLIENT1" and namespace "root\cimv2" using Kerberos with machine account, error - 0x80070005. $$<10-09-2023 20:25:53.785+240>
--> NTLM fallback is enabled, remote machine "CLIENT1" is continuing with client push. $$<10-09-2023 20:25:53.785+240>
---> Unable to connect to WMI (root\cimv2) on remote machine "CLIENT1", error = 0x80070005. $$<10-09-2023 20:25:53.785+240>
---> Deleting SMS Client Install Lock File '\\Client1.LivoniaResident.com\admin$\SMSClientInstall.LIV'~ $$<10-09-2023 20:25:53.785+240>
Execute query exec [sp_CP_SetLastErrorCode] 2097152001, -2147024891~ $$<10-09-2023 20:25:53.785+240>
Stored request "2097152001", machine name "CLIENT1", in queue "Retry". $$<10-09-2023 20:25:53.785+240>
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152001, 2~ $$<10-09-2023 20:25:53.801+240>
Execute query exec [sp_CP_SetLatest] 2097152001, N'10/10/2023 00:25:53', 23~ $$<10-09-2023 20:25:53.816+240>
<======End request: "2097152001", machine name: "CLIENT1". $$<10-09-2023 20:25:53.832+240>
CCR count in queue "Retry" is 1. $$<10-09-2023 20:27:51.269+240>
Sleeping for 620 seconds... $$<10-09-2023 20:27:51.269+240>
Thread has been inactive too long. Closing thread~ $$<10-09-2023 20:35:53.847+240>
--- This thread is terminating due to inactivity $$<10-09-2023 20:35:53.847+240>
----- Terminated CCR processing thread. There are now 0 processing threads $$<10-09-2023 20:35:53.847+240>
The Site Control File has not changed since the last parameter update. $$<10-09-2023 20:38:11.268+240>
Updating Site Parameters $$<10-09-2023 20:38:11.268+240>
~MP Ports: 80 $$<10-09-2023 20:38:11.268+240>
~IISPreferedPort: 80 $$<10-09-2023 20:38:11.268+240>
~MP SSL Ports: 443 $$<10-09-2023 20:38:11.268+240>
~IISSSLPreferedPort: 443 $$<10-09-2023 20:38:11.268+240>
~Default MP: MECMPS.LivoniaResident.com $$<10-09-2023 20:38:11.268+240>
~Default MP Type: 1 $$<10-09-2023 20:38:11.268+240>
~Default MP: [None] $$<10-09-2023 20:38:11.268+240>
~Certificate Selection Criteria: $$<10-09-2023 20:38:11.268+240>
~Certificate Store: $$<10-09-2023 20:38:11.268+240>
~SSL State: 1248 $$<10-09-2023 20:38:11.268+240>
~PKI Cert Options: 0x1 $$<10-09-2023 20:38:11.268+240>
~选择第一个证书:1 $ $ < SMS_CLIENT_CONFIG_MANAGER><10-09-2023 20:38:11.268+240>
~Certificate Issuers: $$<10-09-2023 20:38:11.268+240>
Checking configuration information for server: MECMPS.LIVONIARESIDENT.COM.~ $$<10-09-2023 20:38:11.268+240>
~No Fallback Status Point installed on the Site $$<10-09-2023 20:38:11.268+240>
~Install on DC: True $$<10-09-2023 20:38:11.268+240>
~Option for installing using IP address: 0 $$<10-09-2023 20:38:11.268+240>
Sleeping for 1200 seconds... $$<10-09-2023 20:38:12.065+240>
你r site has proved to be incredibly resourceful with amazing information. I come to you with an odd one. I am running a home lab to learn more about SCCM and have it installed on a Primary Site Server.
I installed version 2303 and configured it, however I cannot seem to automatically push the Client to Windows 11 due to Access Denied error 2147942405. I have tired doing this with the firewall completely off and with Inbound rules created from other sites. I have turned on NTLM Fallback method as well. It seems my issue lies with Kerberos authentication however I'm not sure what to try next after days of research.
Note: I do not have a service account and am only using Administrator account.
The workstation is called Client1.
ccm.log snippet:
----- Started a new CCR processing thread. Thread ID is 0x764. There are now 1 processing threads $$
Submitted request successfully $$
Getting a new request from queue "Retry" after 100 millisecond delay. $$
Sleeping for 60 minutes for queue "Retry". $$
======>Begin Processing request: "2097152001", machine name: "CLIENT1" $$
Execute query exec [sp_IsMPAvailable] N'LIV'~ $$
---> Trying each entry in the SMS Client Remote Installation account list~ $$
---> Attempting to connect to administrative share '\\Client1.LivoniaResident.com\admin$' using account 'LIVONIARESIDENT\Administrator'~ $$
---> Connected to administrative share on machine Client1.LivoniaResident.com using account 'LIVONIARESIDENT\Administrator'~ $$
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0xFFFF)~ $$
---> Attempting to make IPC connection to share <\\Client1.LivoniaResident.com\IPC$> ~ $$
---> Searching for SMSClientInstall.* under '\\Client1.LivoniaResident.com\admin$\'~ $$
---> Unable to connect to remote machine "Client1.LivoniaResident.com" and namespace "root\cimv2" using Kerberos with alternate account, error - 0x80070005. $$
--> NTLM fallback is enabled, remote machine "Client1.LivoniaResident.com" is continuing with client push. $$
---> Unable to connect to WMI (root\cimv2) on remote machine "Client1.LivoniaResident.com", error = 0x80070005. $$
---> Unable to connect to remote machine "CLIENT1" and namespace "root\cimv2" using Kerberos with machine account, error - 0x80070005. $$
--> NTLM fallback is enabled, remote machine "CLIENT1" is continuing with client push. $$
---> Unable to connect to WMI (root\cimv2) on remote machine "CLIENT1", error = 0x80070005. $$
---> Deleting SMS Client Install Lock File '\\Client1.LivoniaResident.com\admin$\SMSClientInstall.LIV'~ $$
Execute query exec [sp_CP_SetLastErrorCode] 2097152001, -2147024891~ $$
Stored request "2097152001", machine name "CLIENT1", in queue "Retry". $$
Execute query exec [sp_CP_SetPushRequestMachineStatus] 2097152001, 2~ $$
Execute query exec [sp_CP_SetLatest] 2097152001, N'10/10/2023 00:25:53', 23~ $$
<======End request: "2097152001", machine name: "CLIENT1". $$
CCR count in queue "Retry" is 1. $$
Sleeping for 620 seconds... $$
Thread has been inactive too long. Closing thread~ $$
--- This thread is terminating due to inactivity $$
----- Terminated CCR processing thread. There are now 0 processing threads $$
The Site Control File has not changed since the last parameter update. $$
Updating Site Parameters $$
~MP Ports: 80 $$
~IISPreferedPort: 80 $$
~MP SSL Ports: 443 $$
~IISSSLPreferedPort: 443 $$
~Default MP: MECMPS.LivoniaResident.com $$
~Default MP Type: 1 $$
~Default MP: [None] $$
~Certificate Selection Criteria: $$
~Certificate Store: $$
~SSL State: 1248 $$
~PKI Cert Options: 0x1 $$
~选择第一个证书:1 $ $ < SMS_CLIENT_CONFIG_MANAGER><10-09-2023 20:38:11.268+240>
~Certificate Issuers: $$
Checking configuration information for server: MECMPS.LIVONIARESIDENT.COM.~ $$
~No Fallback Status Point installed on the Site $$
~Install on DC: True $$
~Option for installing using IP address: 0 $$
Sleeping for 1200 seconds... $$