SCCM Client problems on Windows 7 x64

[mikejc]

I am having a very strange issue deploying SCCM clients to Windows 7 Enterprise x64. This has been demonstrated on multiple systems with the client being deployed either via client push, or during an OSD task sequence. It CANNOT be reproduced on Windows XP/2003 machines.

 

In either case, the client installs successfully, and there are no errors in the ccmsetup.log, and it reports in successfully to the SCCM site server, and shows as approved. The SMS Host service is also running, and ccmexec.log is clean.

 

Now here is where it starts to get strange. If you go into control panel, none of the SCCM client cpl's appear. There is no 'Configuraiton Manager', no 'run Advertised Programs', etc. If you check the execmgr log never shows the processing of any advertisements, and shows the following errors:

 

Failed to instantiate UI server {GUID} with error 80004005

Failed to instantiate UI server 2 {GUID} with error 80004005

Failed to instantiate Updates UI server {GUID} with error 80004005

Failed to instantiate VAP UI server {GUID} with error 80004005

Com Client Agent Settings for the client are missing from WMI

 

 

80004005 is a permission denied error, and sure enough, it looked like UAC makes it so that neither admins or the system account can access the c:\windows\system32\ccm (or syswow64\ccm in this case) folders without being challenged first. As soon as I say yes I want to access this folder, it creates a direct ACL and magically the control panel icons appear, and advertisements start processing. However, this only lasts a manner of minutes, then UAC locks the directory back down, and the client is broken again!

 

Has anyone else seen this behavior? I would hate to think I need to full out disable UAC to run SCCM.

 

Thanks,

 

--Mike

[anyweb]

Now here is where it starts to get strange. If you go into control panel, none of the SCCM client cpl's appear

 

they are 32 bit apps, here is what you should see when the view is set to small icons

 

[Luciana Campos]

Hi, good afternoon,

did you discover how to figure out this? I have the same issue! :-(

 

Luciana

[sneakypete]

I am seeing the same thing. We instal the client with a logon script via GP. 32-bit systems installs fine, 64-bit systems it installs, but cannot gather any information or policies or site assignment. I can manually go in and do discover site within the client, then it works fine. If I run the install script from the command prompt running as administrator, then it installs fine and immediately gathers site/client information. How can the install be automated for x64 machines?

[tobias-tobin]

According to Microsoft:

User Account Control: Detect application installations and prompt for elevation

 

 

The User Account Control: Detect application installations and prompt for elevation policy setting controls the behavior of application installation detection for the computer.

 

The options are:

Enabled. (Default for home) When an application installation package is detected that requires elevation of privilege, the user is prompted to enter an administrative user name and password. If the user enters valid credentials, the operation continues with the applicable privilege.

 

 

Disabled. (Default for enterprise) Application installation packages are not detected and prompted for elevation. Enterprises that are running standard user desktops and use delegated installation technologies such as Group Policy Software Installation or Systems Management Server (SMS) should disable this policy setting. In this case, installer detection is unnecessary.

 

So it sounds like you might want to disable the UAC. I work in an enterprise environment and we disable it. It can be the root of many headaches.

[sneakypete]

Disabling UAC does not change anything. The client is still unable to determine connection type or site mode. Both show unknown. It is like the client can't write to a part of the registry unless it is run specificly as Administrator, even though Authenticated Users is in my Administrators group.

[CorradoGuy]

Have you tried installing manually? We inject the SCCM agent as part of OSD and this works on Windows XP, Windows 7 - 32 or 64 bit without a problem. We also have to repair these on some machines when problems pop up and we remove and install the agents without turning off UAC and they always work.

 

I would try to do a manual install and see if the client installs without GPO which may help, you should put the machine in an OU without the GPO for the client. When I install these manually I use a command line similar to.....

 

"\\ServerLocation\ccmsetup.exe" SMSSITECODE=xxx CCMENABLELOGGING=TRUE CCMLOGMAXSIZE=1000000 CCMLOGLEVEL=0 FSP=ServerName

[sneakypete]

Found that creating an AutoIT script with #requireadmin to run the ccmsetup works to install the client on 64-bit. There is something different with security in 64-bit and this does the trick.

[spadge]

Found that creating an AutoIT script with #requireadmin to run the ccmsetup works to install the client on 64-bit. There is something different with security in 64-bit and this does the trick.

 

Hi, could you provide some more info as I am having the same problem. How do you call the AutoIT script within the task sequence etc.

 

TIA