SCCM Build & Capture Credentials Issue


I have built a new SCCM server in our production environment and am currently attempting to run a build and capture process for a Windows XP operating system.

I have had some partial success with the process in so far as it formats the hard drive, installs the CCM client, actually copies down and partially installs the OS.

However the operation fails at the "Installing Deployment Tools" point with error code "0x00000002".

I have managed to capture the SMSTS.log file from the target PC, which I have attached here. There are a number of errors in the log, but the show stopper seems to come when it tries to call the SYSprep package (GB100003) - there is an error here stating: "No credentials available for connect to \\<servershare>", as shown in the image below.

I have done the following to try and resolve the issue:-

1. Double checked Network Access Account is configured via Computer Client Agent and appears under Site Settings/Accounts.
2. Checked Security Rights/Users in SCCM to ensure the account has all required permissions
3. Check that the Access Account has permissions to the distribution point
4. Ensured that the SYSprep package also has the Access Account listed in the Security tab
5. I have also given the AD Domain Computers group permissions to the distribution point folder as well as the target PC's computer account
6. I have confirmed that the Access Account is not locked out and has the appropriate permissions in AD

Despite these checks/changes above the last 3 attempts to build and capture my reference machine have failed at exactly the same point.

I have found some posts regarding the "No credentials" issue which recommend changes to the local security settings on the server, but these seem to apply to a Windows Server 2003 environment, not Windows Server 2008. My Windows Server 2008 machine already has "Access this computer from the network" enabled. I have also added the Access Account to the security group for the setting.

Any help that you can provide would be greatly appreciated!

Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.


1. Are there any Group Policy Restrictions on the DP? The Network Access must have "Access this computer from the network" rights on the DP. Try to manually access the DP Share "\\GBLON1SCM02.EMEA.MEDIA.GLOBAL.LOC\GBLON1_DP\SMSPKG\GB100003" with the Network Access Account
2. Double check you network drivers. There's still a problem with them.
NeelsonAuthor Commented:
I've checked the "Access the computer from the network" rights on the SCCM Server, which also hosts the DP, so that part should be ok.

I should have mentioned that I also tried connecting to the share when logged into a PC with the Network Access Account credentials which worked fine. I have also tried pinging the server by name from the Win PE boot environment after the task sequence failed and that worked fine, so I think the network side of things is ok.

I have searched for other SMSTS.log files on the reference machine and have attached another one which may shed more light on the issue. I found this one in _SMSTaskSequence on the C:\. It appears that when trying to connect to another package on the DP using the "Default account" it fails, however after failing to connect twice using the default account, it then tried to connect using the "Network access account" and succeeded. I have attached a screen shot of the log file below.

What exactly is the "default account"? I thought the process would use the network access account as the default right through the process? Could this be the problem?

Normally the default account is used. It's the computer account of the client (computer$). In this case it's not working as the WinPE is not member of the domain. So the Network Access Account is correct.
Is there located a sysprep folder with content on the client?
Does the "Installing Deployment Tools" step in the task sequence point to a package? Is it marked as installed?
Do you have enought freespace on the clients partitions?
Does this article match to you?
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

NeelsonAuthor Commented:

Thanks for the pointers, I've checked the following:-

1. The "Installing Deployment Tools" step points to the sysprep package. There is no sysprep folder on the reference machine though as the attempt to bring the package down from the DP always fails and is not marked as installed. I have attached a screen shot below of the sysprep folder on the DP. The package I created simply pointed to the folder containing sysprep.exe. I hope this was the correct thing to do.

2. As the default account is the computer name, I have added "AM2299$" (where AM2299 is the computer name) to the security list on the DP.

3. I have read the article you provided a link to and confirmed that the network access account has full permissions to the DP and sebsequent packages.

4. There is plenty of free space on the reference machine as the job formats the whoel drive before installing Windows XP.

I'm going to attempt another build and capture job and see how far it gets.
NeelsonAuthor Commented:
I think I've established that I definitely have a network driver related problem - which is what you previously suspected. I tried connecting to the server from the Win PE F8 command prompt and found that I couldn't ping the SCCM server - whereas I could previously, before I got the 0x00000002 error messages.

I have deleted and recreated the driver package which holds the network driver - but I have not removed and readded the network driver itself.

I think I have added the driver into the task correctly, but I'm not sure. I attached a screen shot of the task below.

Again any pointers you could provide would be very welcome.

What you've listed here is to install the network driver in your Windows XP machine, but if you cannot ping the SCCms server withing windows pe you need to add the correct driver into your boot images.
Boot images -> Drivers -> Add.
It's important that you've network access to each time (pe and xp).
Also note that you need the correct winpe driver. WinPE is also based on a specific OS it could be XP, Vista or Win7. So it's not implicit the same driver as you use for your Windows XP.
Do you get an ip in WindowsPE? ipconfig /all in command prompt.
Can you ping your SCCM server by Name? Name resolution issue? Correct DNS Server....

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
NeelsonAuthor Commented:
SUCCESS!!!! Thank you for that last post, updating the network drivers to the correct version for the Win PE boot image and updating the drivers injected into Windows XP build have done the trick. The OS has built and I have a captured .wim file which I can now use.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Server OS

From novice to tech pro — start learning today.