Solved

Can only use SMS Admin Console if a Domain Administrator?

Posted on 2008-10-16
8
440 Views
Last Modified: 2013-12-04
I need to add a user to be able to use Remote Tools with SMS. Whenever he launches the SMS Admin Console it immediately says Connection Failed: \\mysmsserver...  It works on the same computer when I run it as myself, so its not a connectivity issue.  We have tested and it looks like once we take someone out of the Domain Administrators group in Active Directory they get the same Connection Failed error.  Once they are put back in the Domain Admins group they can connect again.

Is there a lesser security group we can add users to so they can use SMS but not be a Domain Admin?
0
Comment
Question by:eServ
  • 5
  • 2
8 Comments
 
LVL 8

Expert Comment

by:U_Mansson
ID: 22738310
You can configure a new or existing group/user in the console under Security Rights with the access the group/user should have in SMS
0
 

Author Comment

by:eServ
ID: 22741979
I have tried this extensively.  I have cloned our highest security group's rights to this user and he still cannot connect.
0
 
LVL 22

Expert Comment

by:Adam Leinss
ID: 22747095
Add him to SMS Admins.  This is a local group that gets created on the SMS server.

Also, you'll need to make sure you add members to the remote tools group in SMS and give him rights to see the collections that they want to control.
0
PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

 

Author Comment

by:eServ
ID: 22748467
Ok I followed your direction still no luck.  But what I did was create a test user that does not have domain admin rights but can access the server and open the SMS Administrator Console.  But when I install the SMS Administrator Console on a remote machine and use the test account it gets a connection failed.  If I give test user domain admin rights all works fine.  Thoughts on why it works ok on the server but not on a remote computer?
0
 

Author Comment

by:eServ
ID: 22748512
Error message from client machine: Error(ConnectServer): Possible UI connection error code is -2147024891 [0x80070005]
0
 
LVL 22

Accepted Solution

by:
Adam Leinss earned 500 total points
ID: 22749080
0x80070005 means Access Denied.

Unfortunately, my SCCM server is at work, so I can't look how I have the techs setup, but there is a MS knowledge base article on this:

http://support.microsoft.com/kb/317872

Since it works on the local server with someone not in DA, I would start with the section "How to troubleshoot server connectivity" and work your way down.  I remember something vaguely about DCOM permissions when remote users couldn't run reports from the IIS server.

0
 

Author Comment

by:eServ
ID: 22749088
I will give it a shot - Thanks
0
 

Author Comment

by:eServ
ID: 22749224
Ok went through that article and I get to: Troubleshooting SMS namespace connectivity.  When I walk through this I get the following error


error.jpg
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article outlines the process to identify and resolve account lockout in an Active Directory environment.
This article shows the method of using the Resultant Set of Policy Tool to locate Group Policy that applies a particular setting.
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
This tutorial will walk an individual through the process of transferring the five major, necessary Active Directory Roles, commonly referred to as the FSMO roles to another domain controller. Log onto the new domain controller with a user account t…

828 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question