System Center Configuration Manager 2007 Cross Domain Permissions


I am working on a Single site deployment of 2007 SCCM for our enterprise. The primary site is installed into our Forest Domain and I have successfully discovered all systems in our 4 child domains. I have also been able to push the clients to our Forest domain machines as well as my local domain machines. Remote tools, assistance and software deployment works for my local domain and the forest domain, however I can not seem to push out the client to any of the other 3 child domains.


I had the admin at one of the other child domains manually install the client on a workstation and it shows up in the collections as a client, but I can not seem to use the remote tools, or push software or anything. I am thinking I just don't have permissions correct or group membership or something.


Here is a portion of the log when I try to use remote tools.

User "BSE\musueraccount-da" at "PHO-SCCM-001" failed to start a Remote Tools session with "childdomainlaptopcomputer".

Solution: Verify that the Remote Tools Client Agent is installed on the client. If the agent is installed and you cannot start a Remote Tools session, use the "Show Status" command on Control Panel, Remote Tools  on the client to verify that the Remote Control Agent is listening on the right protocol.

I have verified that that the remote tools is installed on that machine and enabled.

I am at a loss here, if anyone can provide me with some insight on the correct permissions set up that would be great.


Thank you for your time.
Who is Participating?
NJComputerNetworksConnect With a Mentor Commented:
Also, this site setting controls what groups can gain remote tools access...
by default, you need to have local administrator rights on the client machine....

To test security, can you create a local account with administrator rights on the client machine?  if so, you can then test you remote tools...

Does this account have local administrator rights on the client machine "BSE\musueraccount-da"?

If you know a local account, you can leave the domain dialog box blank and type the password.  (or this format also works,  %machinaname%\username

To me it sounds like you don't have rights to perform the remote tools session.  You can also check the client Remotetools.log found in c:\windows\system32\ccm\logs\ directory on the client.

MrNiss99Author Commented:
Although this was not the exact solution the answer pointed me in the right direction. It turns out that it was a DNS issue, the local site server could not contact the clients outside of the installed domain. I had to add the DNS suffixes to the NIC for all child domains in order to contact clients outside of the parent domain.

Thanks for the help!!
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.