cefranklin
asked on
SCCM Admin Console Not Using Packet Privacy
Alright, this has been mind boggling for me.
I have SCCM installed on a server and I am using a remote admin console. Before I upgraded to SCCM SP2, I had not issues.
I upgraded the server to SP2, then my remote admin console could not see advertisements. I found that I had to run the SP2 install on my admin machine to be able to upgrade the console to sp2 and the advertisements would appear. Low and behold, it worked.
Now, a day after the install, just like the last time, the remote admin console cannot see the status messages. Everything else works perfectly fine. After much investigation, it seems that the remote admin console is no longer using Pkt_Privacy when it tries to run a query against the \\sccm\root\sms\site_OFC namespace. OFC being my site code.
How I tracked this down is on the server, an error shows up in the event log saying the access denied, not using Pkt_Privacy.
So, on my remote admin machine, I run wbemtest and connect to the WMI path above and try to enumerate the classes. Access denied... UNLESS, on the connection window, I select the radio button for Pkt_Privacy, then it works fine.
Doing this, it tells me that the SP2 console upgrade broke something. I have tried uninstalling and re-installing many times and many different ways, even a fresh install from the SP2 upgrade files and not even installing the original first.
I have also checked all of the DCOM permissions, followed the MS article on how to troubleshoot the admin console and did the long reset of the WMI tree.
So, I guess my question is, how do I get this remote admin console to start using Pkt_Privacy?
I didn't see a category for MS Systems Center products so, I chose what I thought may make sense.
Error on the server:
Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 5605
Date: 9/27/2011
Time: 3:02:14 PM
User: N/A
Computer: SCCM
Description:
Access to the root\sms\site_OFC namespace was denied. The namespace is marked with RequiresEncryption but the client connection was attempted with an authentication level below Pkt_Privacy. Re try the connection using Pkt_Privacy authentication level.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
I have SCCM installed on a server and I am using a remote admin console. Before I upgraded to SCCM SP2, I had not issues.
I upgraded the server to SP2, then my remote admin console could not see advertisements. I found that I had to run the SP2 install on my admin machine to be able to upgrade the console to sp2 and the advertisements would appear. Low and behold, it worked.
Now, a day after the install, just like the last time, the remote admin console cannot see the status messages. Everything else works perfectly fine. After much investigation, it seems that the remote admin console is no longer using Pkt_Privacy when it tries to run a query against the \\sccm\root\sms\site_OFC namespace. OFC being my site code.
How I tracked this down is on the server, an error shows up in the event log saying the access denied, not using Pkt_Privacy.
So, on my remote admin machine, I run wbemtest and connect to the WMI path above and try to enumerate the classes. Access denied... UNLESS, on the connection window, I select the radio button for Pkt_Privacy, then it works fine.
Doing this, it tells me that the SP2 console upgrade broke something. I have tried uninstalling and re-installing many times and many different ways, even a fresh install from the SP2 upgrade files and not even installing the original first.
I have also checked all of the DCOM permissions, followed the MS article on how to troubleshoot the admin console and did the long reset of the WMI tree.
So, I guess my question is, how do I get this remote admin console to start using Pkt_Privacy?
I didn't see a category for MS Systems Center products so, I chose what I thought may make sense.
Error on the server:
Event Type: Error
Event Source: WinMgmt
Event Category: None
Event ID: 5605
Date: 9/27/2011
Time: 3:02:14 PM
User: N/A
Computer: SCCM
Description:
Access to the root\sms\site_OFC namespace was denied. The namespace is marked with RequiresEncryption but the client connection was attempted with an authentication level below Pkt_Privacy. Re try the connection using Pkt_Privacy authentication level.
For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
ASKER
That didn't help as it only changed my WMI security level. Also, the article says it does not work on Windows Server 2003.
I am still leaning towards the statusviewer.exe is the culprit not using Pkt_Privacy.
I am still leaning towards the statusviewer.exe is the culprit not using Pkt_Privacy.
ASKER
I went back into DCOM and added Everyone to the computer and the WMI and SMS stuff. No change. Double checked the SMS Admin group and I was in it and so was my machine. No change so I added Everyone full control to everything I could think of/find and no change.
I am going to say this is a Microsoft "feature"?
I am going to say this is a Microsoft "feature"?
ASKER
Well, no answer to this question. I called MS and their suggestion was to re-install the whole dang system. No thanks, I can deal and just remote desktop into the SCCM server if I want to view messages...
ASKER
Please state your reason for accepting your own comment as the solution.
Because no one else answered it. I will just RDP into the server :(
Because no one else answered it. I will just RDP into the server :(
ASKER
For anyone else looking for resolution to this, I ended up re-installing the whole shebang and that did not fix the problem. Don't waste your time on MS solution.
ASKER
Alright, just to update this for anyone else who finds this,...
Upgrade to SP1, install the SP1 console on remote admin station. Start both consoles, close them, then re-open them and clear the option files "File > Options > Delete the data"
Do the same thing with SP2. I think you will have to redo the permissions on your System container to add your sccm machine for full control and select advanced > this folder and all subfolders.
Upgrade to SP1, install the SP1 console on remote admin station. Start both consoles, close them, then re-open them and clear the option files "File > Options > Delete the data"
Do the same thing with SP2. I think you will have to redo the permissions on your System container to add your sccm machine for full control and select advanced > this folder and all subfolders.
ASKER
Sigh, alright, now it's not working again. Yay.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Does this sound like any use? http://msdn.microsoft.com/en-us/library/aa393618.aspx
I would also suggest you apply all Microsoft patches and .Net installs to your Remote Console.
Sorry this isn't any "direct" assistance, only suggestions.