mighty82 Posted January 12, 2011 Report post Posted January 12, 2011 Hi every body, so i have update my sms2003 to sccm 2007r3. for beginning the installaiton i have run the check tool. after the run they have show me warnings: ad shema, security exchange key, duplicate client id, client activity, wsus update service. for this warnings i have read we can ignore this. So the update is running with out error or warnings (all components are successfuly installed). after the update i have start the configurations console und say on the collection "all system" install the new advanced client. we have a network with 192.168.0.0/21 and 10.10.0.0/16. this two networks are managed over isa 2004 firewall (routing, rule, etc) Now all clients in the 192.168.168.0/21 network is installed the sccm advanced client and its work!. but all clients form the 10.10.0.0/16 is not install the new sccm client. they have the old version from the sms2003 advanced client.... i have not change any config bevore i update to sccm!! there is all configs and ip´s the same how work with sms2003! what is here the problem.... i have see in the event log from the sccm server (see below some screenshots) 1 -> http://img269.imageshack.us/i/sccmsystemeventlogdcomc.jpg/ 2 -> http://img692.imageshack.us/i/sccmsystemevent.jpg/ 3 -> http://img714.imageshack.us/i/warningcanotconnecttoho.jpg/ and in the site status i have see follow warnings: MessageID: 4918, Process ID: 2932, Thread ID: 2948, Component: SMS_SITE_COMPONENT_MANAGER MessageID: 5203, Process ID: 2844, Thread ID: 3812, Component: SMS_AD_SYSTEM_DISCOVERY_AGENT ++++++++++++++++++++++++++++++++++++++++++++ here the ccm.log to install the sccm client on host what ip 10.10.1.27: Waiting for change in directory "S:\SMS\inboxes\ccr.box" for queue "Incoming", (30 minute backup timeout). SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:44:58 252 (0x00FC) Received request: "NQWVUAFY" for machine name: "DFBCPQVM46" on queue: "Incoming". SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:44:58 252 (0x00FC) Stored request "NQWVUAFY", machine name "DFBCPQVM46", in queue "Processing". SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:44:58 252 (0x00FC) ----- Started a new CCR processing thread. Thread ID is 0x12a4. There are now 2 processing threads SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 252 (0x00FC) Submitted request successfully SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 252 (0x00FC) ======>Begin Processing request: "NQWVUAFY", machine name: "DFBCPQVM46" SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 252 (0x00FC) ---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) Waiting for change in directory "S:\SMS\inboxes\ccr.box" for queue "Incoming", (30 minute backup timeout). SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 252 (0x00FC) ---> Attempting to connect to administrative share '\\DFBCPQVM46\admin$' using account 'intranet\smspush' SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) ---> Connected to administrative share on machine DFBCPQVM46 using account 'intranet\smspush' SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) ---> Attempting to make IPC connection to share <\\DFBCPQVM46\IPC$> SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) ---> Searching for SMSClientInstall.* under '\\DFBCPQVM46\admin$\' SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) ---> Unable to connect to WMI on remote machine "DFBCPQVM46", error = 0x800706ba. SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) ---> Deleting SMS Client Install Lock File '\\DFBCPQVM46\admin$\SMSClientInstall.FBO' SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) Retry request id for "NQWVUAFY" set to "DFBCPQVM46" SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) Stored request "DFBCPQVM46", machine name "DFBCPQVM46", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) <======End request: "DFBCPQVM46", machine name: "DFBCPQVM46". SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:45:00 4772 (0x12A4) +++++++++++++++++++++++++++++++++++ and here some info (is that a error?!?!): The Site Control File has not changed since the last parameter update. SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) Updating Site Parameters SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) MP Ports: 80 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) IISPreferedPort: 80 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) Default MP: DFBSSMS01 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) MP SSL Ports: 443 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) IISSSLPreferedPort: 443 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) SSL State: 0 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) Certificate Selection Criteria: SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) Certificate Store: SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) Select First Certificate: 0 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) Checking configuration information for server: DFBSSMS01. SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) No Fallback Status Point installed on the Site SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) Install on DC: True SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) ~ Doing Account Cleanup Operation .... SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) ~ Processing domain FB SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:03 3664 (0x0E50) ~ Coudn't determine PDC for domain FB (2453) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:06 3664 (0x0E50) ~ Processing domain EXAMPLEDOMAIN SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:06 3664 (0x0E50) ~ Coudn't determine PDC for domain EXAMPLEDOMAIN (2453) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Processing domain INTRANET SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Attempting to connect to administrative share '\\\admin$' using account 'intranet\smspush' SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account intranet\smspush (000004b3) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account intranet\smspush (000004b3) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ The 'best-shot' account has now succeeded 0 times and failed 1 times. SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Attempting to connect to administrative share '\\\admin$' using account 'intranet\smspush' SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account intranet\smspush (000004b3) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account intranet\smspush (000004b3) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Attempting to connect to administrative share '\\\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Failed to get token for current process (5) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ ERROR: Failed to connect to the \\\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Failed to connect to Server. Error 5 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) ~ Account Cleanup Operation Completed successfully. SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) Set next account cleanup operation to 11/2/2011 SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) Sleeping for 1200 seconds... SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:51:08 3664 (0x0E50) Thread has been inactive too long. Closing thread SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:55:00 4772 (0x12A4) --- This thread is terminating due to inactivity SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:55:00 4772 (0x12A4) ----- Terminated CCR processing thread. There are now 1 processing threads SMS_CLIENT_CONFIG_MANAGER 12.01.2011 19:55:00 4772 (0x12A4) INFO: The SCCM Servername is DFBSSMS01 an OS is Server 2003R2 32Bit Clients is WinXP Domain is Server 2003 i hope i have give more informations to resolve my problem. thy for the help! bye Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted January 12, 2011 Report post Posted January 12, 2011 First thing I would look at is the Firewall. Quote Share this post Link to post Share on other sites More sharing options...
mighty82 Posted January 12, 2011 Report post Posted January 12, 2011 so i have create a isa firewall rule and make all outbound ports allow. and on the lokal firewall from the clients i have say allow file printer sharing. any idea? Quote Share this post Link to post Share on other sites More sharing options...
mighty82 Posted January 12, 2011 Report post Posted January 12, 2011 i dont not why, but in the network where is the sccm server and clients in the same network (192.168.168.X/21) it work Perfect! But if i send client install to clients in die network 10.10.X.X/16 it doesn´t work!! if i roll a msi packege to all system, so i can see on all clients in the 192.168.168.X/21 network and 10.10.X./16 network..... oh man i dont no why.... i have create a rule on the isa to allow all traffic from the network 192.168.168.X to 10.10.X.X an disable the local firewall. but its not help! why why why! Quote Share this post Link to post Share on other sites More sharing options...
mighty82 Posted January 13, 2011 Report post Posted January 13, 2011 now i have a new problem.... if i install a advertised application so i see a error message: "This advertised application will not be installed because it might be unsafe. Contact your administrator to change the installation user interface option of the package to basic" and the client is rebooting what is that?! can anybody help? Quote Share this post Link to post Share on other sites More sharing options...
Peter van der Woude Posted January 13, 2011 Report post Posted January 13, 2011 For the client push installations, check if you can connect to the machines from the Site server. The ports that you need to check can be found here: http://technet.microsoft.com/en-us/library/ff189805.aspx Quote Share this post Link to post Share on other sites More sharing options...
mighty82 Posted January 13, 2011 Report post Posted January 13, 2011 For the client push installations, check if you can connect to the machines from the Site server. The ports that you need to check can be found here: http://technet.microsoft.com/en-us/library/ff189805.aspx hi, ok i insert this in the gpo -> computerconfiguration -> administrative template -> network -> networkconnection -> domianfirewall -> allow ports after this i test it. and give feedback. thx Quote Share this post Link to post Share on other sites More sharing options...
mighty82 Posted January 13, 2011 Report post Posted January 13, 2011 hi, ok i insert this in the gpo -> computerconfiguration -> administrative template -> network -> networkconnection -> domianfirewall -> allow ports after this i test it. and give feedback. thx so i have insert the ports and protocolls on my gpo firewall rule on the domain. after restart the client i have send a client installaiton from the sccm but the result is the same. is not working.... i see in the ccm.log: ======>Begin Processing request: "HIXEKFJL", machine name: "DFBCPQVM50" SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:44:33 5876 (0x16F4) Getting a new request from queue "Incoming" after 100 millisecond delay. SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:44:33 3832 (0x0EF8) ---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:44:33 5876 (0x16F4) Waiting for change in directory "S:\SMS\inboxes\ccr.box" for queue "Incoming", (30 minute backup timeout). SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:44:33 3832 (0x0EF8) ---> Attempting to connect to administrative share '\\DFBCPQVM50\admin$' using account 'intranet\smspush' SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:44:33 5876 (0x16F4) ---> Connected to administrative share on machine DFBCPQVM50 using account 'intranet\smspush' SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:44:33 5876 (0x16F4) ---> Attempting to make IPC connection to share <\\DFBCPQVM50\IPC$> SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:44:33 5876 (0x16F4) ---> Searching for SMSClientInstall.* under '\\DFBCPQVM50\admin$\' SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:44:33 5876 (0x16F4) CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:45:15 5876 (0x16F4) ---> Unable to connect to WMI on remote machine "DFBCPQVM50", error = 0x800706ba. SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:45:15 5876 (0x16F4) ---> Deleting SMS Client Install Lock File '\\DFBCPQVM50\admin$\SMSClientInstall.FBO' SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:45:15 5876 (0x16F4) Retry request id for "HIXEKFJL" set to "DFBCPQVM50" SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:45:15 5876 (0x16F4) Stored request "DFBCPQVM50", machine name "DFBCPQVM50", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:45:15 5876 (0x16F4) <======End request: "DFBCPQVM50", machine name: "DFBCPQVM50". SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:45:15 5876 (0x16F4) CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba SMS_CLIENT_CONFIG_MANAGER 13.01.2011 20:45:15 5876 (0x16F4) --> what the hell is that?! CWmi so i have insert this port only to the local firewall. not on the isa. because i have a rule what allow file-printer sharing and 1024-5000 TCP Outbound from network 192.168.168.X/21 to the 10.10.1/16network. or must i create on the isa firewall a rule what allow this ports?! hope you can understand my englisch.. sorry for that. :-) Quote Share this post Link to post Share on other sites More sharing options...
anyweb Posted January 13, 2011 Report post Posted January 13, 2011 yup do that, i'm pretty sure i reference the ports needed to be opened in the guides... i'll recheck Quote Share this post Link to post Share on other sites More sharing options...
mighty82 Posted January 13, 2011 Report post Posted January 13, 2011 yup do that, i'm pretty sure i reference the ports needed to be opened in the guides... i'll recheck hi anyweb! first i thank for you support and from peter!. i am currently in the office because this problem.... ok i crate a rule what allow the ports from this site waht peter me send (http://technet.microsoft.com/en-us/library/ff189805.aspx) after this i test it and hope that will be work... thx Quote Share this post Link to post Share on other sites More sharing options...