Solved

Can only use SMS Admin Console if a Domain Administrator?

Posted on 2008-10-16
8
425 Views
Last Modified: 2013-12-04
I need to add a user to be able to use Remote Tools with SMS. Whenever he launches the SMS Admin Console it immediately says Connection Failed: \\mysmsserver...  It works on the same computer when I run it as myself, so its not a connectivity issue.  We have tested and it looks like once we take someone out of the Domain Administrators group in Active Directory they get the same Connection Failed error.  Once they are put back in the Domain Admins group they can connect again.

Is there a lesser security group we can add users to so they can use SMS but not be a Domain Admin?
0
Comment
Question by:eServ
  • 5
  • 2
8 Comments
 
LVL 8

Expert Comment

by:U_Mansson
ID: 22738310
You can configure a new or existing group/user in the console under Security Rights with the access the group/user should have in SMS
0
 

Author Comment

by:eServ
ID: 22741979
I have tried this extensively.  I have cloned our highest security group's rights to this user and he still cannot connect.
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 22747095
Add him to SMS Admins.  This is a local group that gets created on the SMS server.

Also, you'll need to make sure you add members to the remote tools group in SMS and give him rights to see the collections that they want to control.
0
 

Author Comment

by:eServ
ID: 22748467
Ok I followed your direction still no luck.  But what I did was create a test user that does not have domain admin rights but can access the server and open the SMS Administrator Console.  But when I install the SMS Administrator Console on a remote machine and use the test account it gets a connection failed.  If I give test user domain admin rights all works fine.  Thoughts on why it works ok on the server but not on a remote computer?
0
Get up to 2TB FREE CLOUD per backup license!

An exclusive Black Friday offer just for Expert Exchange audience! Buy any of our top-rated backup solutions & get up to 2TB free cloud per system! Perform local & cloud backup in the same step, and restore instantly—anytime, anywhere. Grab this deal now before it disappears!

 

Author Comment

by:eServ
ID: 22748512
Error message from client machine: Error(ConnectServer): Possible UI connection error code is -2147024891 [0x80070005]
0
 
LVL 22

Accepted Solution

by:
Adam Leinss earned 500 total points
ID: 22749080
0x80070005 means Access Denied.

Unfortunately, my SCCM server is at work, so I can't look how I have the techs setup, but there is a MS knowledge base article on this:

http://support.microsoft.com/kb/317872

Since it works on the local server with someone not in DA, I would start with the section "How to troubleshoot server connectivity" and work your way down.  I remember something vaguely about DCOM permissions when remote users couldn't run reports from the IIS server.

0
 

Author Comment

by:eServ
ID: 22749088
I will give it a shot - Thanks
0
 

Author Comment

by:eServ
ID: 22749224
Ok went through that article and I get to: Troubleshooting SMS namespace connectivity.  When I walk through this I get the following error


error.jpg
0

Featured Post

Why spend so long doing email signature updates?

Do you spend loads of your time carrying out email signature updates? Not very interesting are they? Don’t let signature updates get you down. Let Exclaimer Cloud - Signatures for Office 365 make managing email signatures a breeze.

Join & Write a Comment

Many people tend to confuse the function of a virus with the one of adware, this misunderstanding of the basic of what each software is and how it operates causes users and organizations to take the wrong security measures that would protect them ag…
SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles from a Windows Server 2008 domain controller to a Windows Server 2012 domain controlle…
This tutorial will walk an individual through the process of configuring their Windows Server 2012 domain controller to synchronize its time with a trusted, external resource. Use Google, Bing, or other preferred search engine to locate trusted NTP …

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now