Solved

SCCM 2007 R2 client push install Woes

Posted on 2012-03-26
16
1,091 Views
Last Modified: 2013-04-08
We've had a 'Green field' install of SCCM 2007 R2. Out of the 8000 odd computers in our estate, 4500 have now been migrated to the new AD domain. We had / have SMS in the old domains. All computers that have been migrated to the new domain 'should' get the SCCM client through client push.

These 4500 odd computers now appear within 'All Systems' in SCCM. We are using AD system discovery.

However out of the 4500 computers only 2500 are showing as having the SCCM client.

Client push install has been turned on in all th sites with "SMSSiteCode=AUTO". There is a service account (svc-sccm002) that is setup for client push which has local admin rights on all the computers in the estate.

This service account is not disabled.

We only have one MP which is on the central site server. The rest of the sccm servers are all secondary servers and have the following roles assigned

- Configmgr component server
- Configmgr distribution point
- Configmgr site server
- Configmgr site system

I have been trying for last few weeks to find out why client push does not work on half of our estate but havent had much luck.

The following entries are from the ccm.log file of one of the secondary sccm servers for one of the computers that hasnt got the sccm client but I am able to unc to the C$ and admin$ share of this computer.


======>Begin Processing request: "10_19_8_61.CENTRA", machine name: "PC-5P1-007869" SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:02 5348 (0x14E4)
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:02 5348 (0x14E4)
---> Attempting to connect to administrative share '\\10.19.8.61\admin$' using account 'centra\svc-sccm002' SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:02 5348 (0x14E4)
---> The 'best-shot' account has now succeeded 1 times and failed 0 times. SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
---> Connected to administrative share on machine 10.19.8.61 using account 'centra\svc-sccm002' SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
---> Attempting to make IPC connection to share <\\10.19.8.61\IPC$> SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
---> Searching for SMSClientInstall.* under '\\10.19.8.61\admin$\' SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account centra\svc-sccm002 (00000035) SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Lost local access after ImpersonateLoggedOnUser (LOGON32_LOGON_INTERACTIVE) using account centra\svc-sccm002 SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Attempting to connect to administrative share '\\10.19.12.37\admin$' using account 'centra\svc-sccm002' SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account centra\svc-sccm002 (00000035) SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Lost local access after ImpersonateLoggedOnUser (LOGON32_LOGON_INTERACTIVE) using account centra\svc-sccm002 SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> The 'best-shot' account has now succeeded 1 times and failed 1 times. SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Attempting to connect to administrative share '\\10.19.12.37\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Failed to connect to \\10.19.12.37\admin$ using machine account (53) SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> The device 10.19.12.37 does not exist on the network. Giving up SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Trying the account stored in the CCR (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> Attempting to connect to administrative share '\\10.19.12.33\admin$' using account 'centra\svc-sccm002' SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5300 (0x14B4)
---> System OS version string "5.1.2600" converted to 5.10 SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
---> Service Pack version from machine "PC-5P1-007869" is 3 SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
---> No MP shares. Will not push the mobile client to PC-5P1-007869 SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
---> Failed to install CCM Client Bootstrap component on client (2) SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
STATMSG: ID=3014 SEV=W LEV=M SOURCE="SMS Server" COMP="SMS_CLIENT_CONFIG_MANAGER" SYS=SRSCCM08 SITE=CE6 PID=2848 TID=5348 GMTDATE=Mon Mar 26 07:58:03.938 2012 ISTR0="PC-5P1-007869" ISTR1="" ISTR2="" ISTR3="" ISTR4="" ISTR5="" ISTR6="" ISTR7="" ISTR8="" ISTR9="" NUMATTRS=0 SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
---> Deleting SMS Client Install Lock File '\\10.19.8.61\admin$\SMSClientInstall.CE6' SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
Stored request "10_19_8_61.CENTRA", machine name "PC-5P1-007869", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)
<======End request: "10_19_8_61.CENTRA", machine name: "PC-5P1-007869". SMS_CLIENT_CONFIG_MANAGER 26/03/2012 08:58:03 5348 (0x14E4)


I am desperate to get this sorted ASAP. Any help would be greatly appreciated.

Ted
0
Comment
Question by:tedcbe
  • 8
  • 5
  • 3
16 Comments
 
LVL 7

Assisted Solution

by:raeldri
raeldri earned 150 total points
ID: 37766992
Are all your boundaries defined?
Are all your firewall exceptions listed and being applied on the machines?

A fall back status point can also provide valuable information
0
 

Author Comment

by:tedcbe
ID: 37768194
we have been advised by the external organisation that put in our SCCM that since AD schema is extended, we wont need a FSP and hence that is not configured.

The boundaries did not include the DEFAULT-FIRST-SITE-NAME which has since been included but the client push has only worked on a handful of computers after that.

The fact that it has worked on almost half of our estate would in my opinion suggest that the relevant firewall exceptions are added but I will double check and let you know.
0
 
LVL 23

Assisted Solution

by:Nagendra Pratap Singh
Nagendra Pratap Singh earned 350 total points
ID: 37770854
If you extend the schema then locator point is not needed.

It is still needed for OSD clients because they start life as a Workgroup member.
0
 

Author Comment

by:tedcbe
ID: 37786096
Thank you npsingh123 and raeldri for your suggestions

it turns out that we havent defined all the subnets within the new AD

We are going through all the subnets that we support and adding the ones that we have missed in AD

So far this has given us 700+ new managed computers but we still have 2000 more computers that are still not managed

Hopfully we should be able to identify all the subnets we havent added in our new AD and add them.
0
 
LVL 7

Expert Comment

by:raeldri
ID: 37786390
Ah so it was a boundary issue. Glad to hear its moving in the right direction
0
 

Author Comment

by:tedcbe
ID: 37848831
while we thought we fixed the issue with adding the subnets that were missed out from AD, we are stuck with 30% of our estate not being managed as client push is not working.
I have looked at a cross section of these 30% computers.
All of them are XP SP3 and belong to subnets that have been defined in AD.
They have received the group policy which added a service account with local admin privileges that used for client push.

I have checked if I can ping from the SCCM Client central site server and do a reverse lookup.

One interesting thing is that all the computers that have received the client seems to be getting it from the Central Site Server. None of the computers have received the client from any of the secondary SCCM servers.

Any suggestions on what to look for in the above scenario?
0
 
LVL 7

Assisted Solution

by:raeldri
raeldri earned 150 total points
ID: 37857029
Are you talking secondary sites or other servers holding SCCM roles?Regardless of the number of sites, SCCM will use the Site server role to do the pushing.

if you have additional primary/secondary sites client push needs enabled on each site.
0
 

Author Comment

by:tedcbe
ID: 37878934
Hi Raeldri,

Thank you for your comments.
We have 3 clustered primary servers and 7 secondary servers.
One of the primary servers is the only MP and others (2 primary's and 7 secondarys) are all distribution points.
I have enabled client push on all the servers and have given a service account which has local admin rights on all the clients - however this doesnt seem to work

I have come to a point where I was to get the client install done on the remaining 30% of the computers which are currently unmanaged through SCCM. I am looking at using a GPO start up script to do the same.

does anyone have a script that will install the SCCM client on the existing SMS client?

I ran the following line as a start up script but it did not install the sccm client as it says client already present

\\sccm01\client\ccmsetup.exe /mp:sccm01 /logon SMSSITECODE=AUTO

I have now edited this to remove the /logon switch and the client install is happening successfully
\\sccm01\client\ccmsetup.exe /mp:sccm01 SMSSITECODE=AUTO

however since i am testing the above as a start up script, it will run every single time a computer is rebooted and hence I do not want this.
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 
LVL 23

Accepted Solution

by:
Nagendra Pratap Singh earned 350 total points
ID: 37879529
Make a script that will uninstall the first client and then install the new one.

But it seems superfluous to me.

"I have enabled client push on all the servers and have given a service account which has local admin rights on all the clients - however this doesnt seem to work"

What makes you think that it is not working?
0
 

Author Comment

by:tedcbe
ID: 37881887
the reason why i know it does not work is not a single client which is assigned to any of the secondary servers are showing as having the client.

Every single client that is managed is showing CE1 as the site code which is our central site server

Thinking about this scenario, we have a clustered Primary site code (3 servers - 1 MP and 2 DPs), 6 secondary servers with only one of them having the MP and DP role while the other 5 only have the DP role.

I have activated Client push with a service account having local admin rights on each of these secondary servers.

However all the clients which are managed are only showing CE1 (which is the site code of the clustered central site servers.

As far as the boundaries are concerned the clustered central site has all the 19 boundaries which is an overlap of individual boundaries on other secondary sites.

Do you believe the above setup is alright or do you see anything that might cause the client push to fail on secondary site servers?
0
 
LVL 7

Expert Comment

by:raeldri
ID: 37888453
sorry for the delayed response. I don't see a response to the query if you have secondary sites or child primaries.

the reason i ask is a secondary site has no site database and clients in these sites will show the parents site code and this is perfectly fine.
0
 

Author Comment

by:tedcbe
ID: 37897418
I did mean secondary sites and as you rightly mentioned dont have a site database associated with it

just to add to what I have mentioned above

CE1 is the central site which has 3 servers (sccm01, 02 and 04)
CE2 (sccm03) secondary site has MP, DP
CE3 through to CE7 - secondary sites with are only DPs

On CE1- Client Push Installation Properties - SMSSITECODE=CE1
on CE2 through to CE7 - Client Push Installation Properties - SMSSITECODE=AUTO

every client that is managed at the moment has CE1 as site code (which raeldri says is arlight) however my question is since I have enabled client push on all the secondary servers how can I make sure that the client push happens from the relevant secondary site and not always from the Central Site server which is CE1
0
 
LVL 7

Expert Comment

by:raeldri
ID: 37904269
Any site requires a MP, secondary sites use proxy MP which effectively just forward the requests to the central MP. a secondary site without a MP wont function and the SCCM console should tell you of this when you go to delete the roll from the server.

clients will be installed based on boundaries of the SCCM sites. these client install requests are CCR's which are generated from your discovery methods you can check the CCM.log log file on the different site servers to see whats going on.
0
 

Author Comment

by:tedcbe
ID: 38059140
we have ascertained that it low bandwidth that is causing the client push to fail.

I am trying the /source switch with ccmsetup.exe to point to a local secondary server that is acting as a DP.

However this is also failing with " a  recoverable error has occured" within the ccmsetup.log of a few hundred computers

any suggestions how to get around the low bandwidth issue and get the client pushed to these computers that are not managed at the moment?
0
 
LVL 23

Expert Comment

by:Nagendra Pratap Singh
ID: 38059344
run a batch file with few psexec commands in it from a computer in the remote location.


That should install the clients for sure. If it makes sense then let me know if you need the batch file etc.

Pushing to a single computer at one time works OK?
0
 

Author Comment

by:tedcbe
ID: 38061849
thank you npsingh

As I had mentioned I have tried to point the /source location to the nearest SCCM secondary server but it is failing for single computer (s)

I am thinking of getting a list of computers that already have the SCCM client in these 'problem' locations and copy the client files to one of the local computers and use the psexec command to try pushing it to the computers that dont have the client

can you please send me the batch file that you were talking about?

Ted
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

MS Access 2003 or later To MySQL Migration Project Hello All, this is my second article in the category of MS-OFFICE Automation. In internet I am not able to find any comprehensive resource on the Migration of MS Access back-end to MySQL so I fin…
When you upgrade from Windows 8 to 8.1 or to Windows 10 or if you are like me you are on the Insider Program you may find yourself with many 450MB recovery partitions.  With a traditional disk that may not be a problem but with relatively smaller SS…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
Viewers will learn the different options available in the Backstage view in Excel 2013.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

20 Experts available now in Live!

Get 1:1 Help Now