Neelson
asked on
SCCM Build & Capture Credentials Issue
Hi,
I have built a new SCCM server in our production environment and am currently attempting to run a build and capture process for a Windows XP operating system.
I have had some partial success with the process in so far as it formats the hard drive, installs the CCM client, actually copies down and partially installs the OS.
However the operation fails at the "Installing Deployment Tools" point with error code "0x00000002".
I have managed to capture the SMSTS.log file from the target PC, which I have attached here. There are a number of errors in the log, but the show stopper seems to come when it tries to call the SYSprep package (GB100003) - there is an error here stating: "No credentials available for connect to \\<servershare>", as shown in the image below.
I have done the following to try and resolve the issue:-
1. Double checked Network Access Account is configured via Computer Client Agent and appears under Site Settings/Accounts.
2. Checked Security Rights/Users in SCCM to ensure the account has all required permissions
3. Check that the Access Account has permissions to the distribution point
4. Ensured that the SYSprep package also has the Access Account listed in the Security tab
5. I have also given the AD Domain Computers group permissions to the distribution point folder as well as the target PC's computer account
6. I have confirmed that the Access Account is not locked out and has the appropriate permissions in AD
Despite these checks/changes above the last 3 attempts to build and capture my reference machine have failed at exactly the same point.
I have found some posts regarding the "No credentials" issue which recommend changes to the local security settings on the server, but these seem to apply to a Windows Server 2003 environment, not Windows Server 2008. My Windows Server 2008 machine already has "Access this computer from the network" enabled. I have also added the Access Account to the security group for the setting.
Any help that you can provide would be greatly appreciated!
SMSTSlog-Error.bmp
smsts.log
I have built a new SCCM server in our production environment and am currently attempting to run a build and capture process for a Windows XP operating system.
I have had some partial success with the process in so far as it formats the hard drive, installs the CCM client, actually copies down and partially installs the OS.
However the operation fails at the "Installing Deployment Tools" point with error code "0x00000002".
I have managed to capture the SMSTS.log file from the target PC, which I have attached here. There are a number of errors in the log, but the show stopper seems to come when it tries to call the SYSprep package (GB100003) - there is an error here stating: "No credentials available for connect to \\<servershare>", as shown in the image below.
I have done the following to try and resolve the issue:-
1. Double checked Network Access Account is configured via Computer Client Agent and appears under Site Settings/Accounts.
2. Checked Security Rights/Users in SCCM to ensure the account has all required permissions
3. Check that the Access Account has permissions to the distribution point
4. Ensured that the SYSprep package also has the Access Account listed in the Security tab
5. I have also given the AD Domain Computers group permissions to the distribution point folder as well as the target PC's computer account
6. I have confirmed that the Access Account is not locked out and has the appropriate permissions in AD
Despite these checks/changes above the last 3 attempts to build and capture my reference machine have failed at exactly the same point.
I have found some posts regarding the "No credentials" issue which recommend changes to the local security settings on the server, but these seem to apply to a Windows Server 2003 environment, not Windows Server 2008. My Windows Server 2008 machine already has "Access this computer from the network" enabled. I have also added the Access Account to the security group for the setting.
Any help that you can provide would be greatly appreciated!
SMSTSlog-Error.bmp
smsts.log
ASKER
I've checked the "Access the computer from the network" rights on the SCCM Server, which also hosts the DP, so that part should be ok.
I should have mentioned that I also tried connecting to the share when logged into a PC with the Network Access Account credentials which worked fine. I have also tried pinging the server by name from the Win PE boot environment after the task sequence failed and that worked fine, so I think the network side of things is ok.
I have searched for other SMSTS.log files on the reference machine and have attached another one which may shed more light on the issue. I found this one in _SMSTaskSequence on the C:\. It appears that when trying to connect to another package on the DP using the "Default account" it fails, however after failing to connect twice using the default account, it then tried to connect using the "Network access account" and succeeded. I have attached a screen shot of the log file below.
What exactly is the "default account"? I thought the process would use the network access account as the default right through the process? Could this be the problem?
smsts.log
SMSTS-Log.bmp
I should have mentioned that I also tried connecting to the share when logged into a PC with the Network Access Account credentials which worked fine. I have also tried pinging the server by name from the Win PE boot environment after the task sequence failed and that worked fine, so I think the network side of things is ok.
I have searched for other SMSTS.log files on the reference machine and have attached another one which may shed more light on the issue. I found this one in _SMSTaskSequence on the C:\. It appears that when trying to connect to another package on the DP using the "Default account" it fails, however after failing to connect twice using the default account, it then tried to connect using the "Network access account" and succeeded. I have attached a screen shot of the log file below.
What exactly is the "default account"? I thought the process would use the network access account as the default right through the process? Could this be the problem?
smsts.log
SMSTS-Log.bmp
Normally the default account is used. It's the computer account of the client (computer$). In this case it's not working as the WinPE is not member of the domain. So the Network Access Account is correct.
Is there located a sysprep folder with content on the client?
Does the "Installing Deployment Tools" step in the task sequence point to a package? Is it marked as installed?
Do you have enought freespace on the clients partitions?
Does this article match to you? http://social.technet.microsoft.com/Forums/en/mdt/thread/92cef1e9-3217-4bdd-8189-71d59fc7bbdd
Is there located a sysprep folder with content on the client?
Does the "Installing Deployment Tools" step in the task sequence point to a package? Is it marked as installed?
Do you have enought freespace on the clients partitions?
Does this article match to you? http://social.technet.microsoft.com/Forums/en/mdt/thread/92cef1e9-3217-4bdd-8189-71d59fc7bbdd
ASKER
Hi,
Thanks for the pointers, I've checked the following:-
1. The "Installing Deployment Tools" step points to the sysprep package. There is no sysprep folder on the reference machine though as the attempt to bring the package down from the DP always fails and is not marked as installed. I have attached a screen shot below of the sysprep folder on the DP. The package I created simply pointed to the folder containing sysprep.exe. I hope this was the correct thing to do.
2. As the default account is the computer name, I have added "AM2299$" (where AM2299 is the computer name) to the security list on the DP.
3. I have read the article you provided a link to and confirmed that the network access account has full permissions to the DP and sebsequent packages.
4. There is plenty of free space on the reference machine as the job formats the whoel drive before installing Windows XP.
I'm going to attempt another build and capture job and see how far it gets.
SYSPrep.bmp
Thanks for the pointers, I've checked the following:-
1. The "Installing Deployment Tools" step points to the sysprep package. There is no sysprep folder on the reference machine though as the attempt to bring the package down from the DP always fails and is not marked as installed. I have attached a screen shot below of the sysprep folder on the DP. The package I created simply pointed to the folder containing sysprep.exe. I hope this was the correct thing to do.
2. As the default account is the computer name, I have added "AM2299$" (where AM2299 is the computer name) to the security list on the DP.
3. I have read the article you provided a link to and confirmed that the network access account has full permissions to the DP and sebsequent packages.
4. There is plenty of free space on the reference machine as the job formats the whoel drive before installing Windows XP.
I'm going to attempt another build and capture job and see how far it gets.
SYSPrep.bmp
ok.
Please check your sysprep package against this guide:
http://www.windows-noob.com/forums/index.php?/topic/569-how-can-i-deploy-windows-xp-sp3-using-sccm-2007-sp1-part-1/
Please check your sysprep package against this guide:
http://www.windows-noob.com/forums/index.php?/topic/569-how-can-i-deploy-windows-xp-sp3-using-sccm-2007-sp1-part-1/
ASKER
I think I've established that I definitely have a network driver related problem - which is what you previously suspected. I tried connecting to the server from the Win PE F8 command prompt and found that I couldn't ping the SCCM server - whereas I could previously, before I got the 0x00000002 error messages.
I have deleted and recreated the driver package which holds the network driver - but I have not removed and readded the network driver itself.
I think I have added the driver into the task correctly, but I'm not sure. I attached a screen shot of the task below.
Again any pointers you could provide would be very welcome.
SCCM-Task.bmp
I have deleted and recreated the driver package which holds the network driver - but I have not removed and readded the network driver itself.
I think I have added the driver into the task correctly, but I'm not sure. I attached a screen shot of the task below.
Again any pointers you could provide would be very welcome.
SCCM-Task.bmp
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
SUCCESS!!!! Thank you for that last post, updating the network drivers to the correct version for the Win PE boot image and updating the drivers injected into Windows XP build have done the trick. The OS has built and I have a captured .wim file which I can now use.
1. Are there any Group Policy Restrictions on the DP? The Network Access must have "Access this computer from the network" rights on the DP. Try to manually access the DP Share "\\GBLON1SCM02.EMEA.MEDIA.
2. Double check you network drivers. There's still a problem with them. http://blogs.technet.com/smsandmom/archive/2008/08/26/configmgr-2007-osd-deployment-errors-out-within-a-few-seconds-after-winpe-loads-and-then-automatically-reboots.aspx