MrNiss99
asked on
System Center Configuration Manager 2007 Cross Domain Permissions
Hello,
I am working on a Single site deployment of 2007 SCCM for our enterprise. The primary site is installed into our Forest Domain and I have successfully discovered all systems in our 4 child domains. I have also been able to push the clients to our Forest domain machines as well as my local domain machines. Remote tools, assistance and software deployment works for my local domain and the forest domain, however I can not seem to push out the client to any of the other 3 child domains.
I had the admin at one of the other child domains manually install the client on a workstation and it shows up in the collections as a client, but I can not seem to use the remote tools, or push software or anything. I am thinking I just don't have permissions correct or group membership or something.
Here is a portion of the log when I try to use remote tools.
User "BSE\musueraccount-da" at "PHO-SCCM-001" failed to start a Remote Tools session with "childdomainlaptopcomputer
Solution: Verify that the Remote Tools Client Agent is installed on the client. If the agent is installed and you cannot start a Remote Tools session, use the "Show Status" command on Control Panel, Remote Tools on the client to verify that the Remote Control Agent is listening on the right protocol.
I have verified that that the remote tools is installed on that machine and enabled.
I am at a loss here, if anyone can provide me with some insight on the correct permissions set up that would be great.
Thank you for your time.
I am working on a Single site deployment of 2007 SCCM for our enterprise. The primary site is installed into our Forest Domain and I have successfully discovered all systems in our 4 child domains. I have also been able to push the clients to our Forest domain machines as well as my local domain machines. Remote tools, assistance and software deployment works for my local domain and the forest domain, however I can not seem to push out the client to any of the other 3 child domains.
I had the admin at one of the other child domains manually install the client on a workstation and it shows up in the collections as a client, but I can not seem to use the remote tools, or push software or anything. I am thinking I just don't have permissions correct or group membership or something.
Here is a portion of the log when I try to use remote tools.
User "BSE\musueraccount-da" at "PHO-SCCM-001" failed to start a Remote Tools session with "childdomainlaptopcomputer
Solution: Verify that the Remote Tools Client Agent is installed on the client. If the agent is installed and you cannot start a Remote Tools session, use the "Show Status" command on Control Panel, Remote Tools on the client to verify that the Remote Control Agent is listening on the right protocol.
I have verified that that the remote tools is installed on that machine and enabled.
I am at a loss here, if anyone can provide me with some insight on the correct permissions set up that would be great.
Thank you for your time.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Although this was not the exact solution the answer pointed me in the right direction. It turns out that it was a DNS issue, the local site server could not contact the clients outside of the installed domain. I had to add the DNS suffixes to the NIC for all child domains in order to contact clients outside of the parent domain.
Thanks for the help!!
Thanks for the help!!
To test security, can you create a local account with administrator rights on the client machine? if so, you can then test you remote tools...
Does this account have local administrator rights on the client machine "BSE\musueraccount-da"?
If you know a local account, you can leave the domain dialog box blank and type the password. (or this format also works, %machinaname%\username
To me it sounds like you don't have rights to perform the remote tools session. You can also check the client Remotetools.log found in c:\windows\system32\ccm\lo