locked
Error while configuring Remote DP on SCCM2012 on different forest RRS feed

  • Question

  • Hello all,

    I am in middle of configuring SCCM 2012 and i am faced with an issue where i am unable to configure the remote Distribution point.

    The SCCM Primary server is in ABC.COM and the Remote DP is on XYZ.NET. There is a trust relation set between these. With the account which i am trying to configure the DP, i can access the drive$ where i need to have the DP set up. I am able to telnet to the server thru the ports 135, 445.

    The Remote DP which i need to configure is a windows 2003 R2 x64 Standard edition server, which acts as a File and Print server as well as the Domain Controller of the region. These servers will be demoted and moved to the ABC.COM at a later stage, but till that time, these need to act as distribution points. 

    I have ensured BITS IIS and RODC are installed on the server. But when i try to configure the DP i get the below error. 

    CWmi::Connect() failed to connect to \\["Display=\\server.xyz.net\"]MSWNET:["SMS_SITE=A00"]\\server.xyz.net\\root\default. Error = 0x800706BAGetWMIObject - Failed to connect to root\default on ["Display=\\server.xyz.net\"]MSWNET:["SMS_SITE=A00"]\\server.xyz.net\. Error code: 0x800706BA

    CDistributionManager::SetDpRegistry failed; 0x800706ba

    DPConnection::ConnectWMI() - Failed to connect to  server.xyz.net

    Failed to install DP files on the remote DP. Error code = 1722

    Have anyone faced this issue. Can anyone suggest me what needs to be done. This is sort of turning out to be a road block for the project.

    Thursday, August 8, 2013 2:11 PM

Answers

  • I know, you must have seen this post about Untrusted Forest Remote DP Error 0x800706BA. As I mentioned in the post whether you tried to access wmimgrmt.msc and wbemtest.msc with domain admin user? Also worth enabling WMI logs (on DC) to check whether any error while attempting to connect to wmi from primary server. If you've Win2k8 and above see how to enable wmi tracing 

    It seems to me like a FW issue. The error mentioned above is remote procedure call (RPC) server unavailable that can happen if the dynamic ports are NOT open other than 135.

    It worth checking following ports as well. To get more details you may need to perform network trace so that you will come to which port is blocking it,

    -          tcp 135, 
    -          tcp/udp – 389
    -          tcp 3268
    -          tcp/udp - 88
    -          tcp/udp - 53
    -          tcp 3268
    -          tcp 445
    -          dynamic rpc ports for NTDS. Netlogon 


    Anoop C Nair - @anoopmannur :: MY Site:  www.AnoopCNair.com :: FaceBook:  ConfigMgr(SCCM) Page :: Linkedin:  Linkedin<


    Friday, August 9, 2013 12:38 AM
  • issue solved. It was indeed a firewall issue. Had a detailed check with the FW team. Ephemeral ports are created dynamically and assigned to each client which opens a session. In case of Windows Server 2003 both TCP and UDP ephemeral ports are within the range 1025-5000. We had to set an exception of port # between 1025 and 5000. This fixed the issue. 

    Manu Krishnan -



    • Marked as answer by manukrishnan Friday, August 16, 2013 8:43 PM
    • Edited by manukrishnan Friday, August 16, 2013 8:55 PM corrected from 1025 and 1024 to 1025 and 5000
    Friday, August 16, 2013 8:43 PM

All replies

  • The SCCMServer Computer Account needs to be local administrator on the remote DP. However as your DP is a DC (not a great idea) you will have to add the SCCMServer Computer Account to Domain Admins in XYZ.NET (there is no Local Admins group on a DC). You then have to restart SCCMServer.

    However I must stress - this is not a good idea



    Gerry Hampson | Blog: www.gerryhampsoncm.blogspot.ie | LinkedIn: Gerry Hampson | Twitter: @gerryhampson


    Thursday, August 8, 2013 2:19 PM
  • See http://technet.microsoft.com/en-us/library/gg712701.aspx#Plan_Com_X_Forest, table item "Communication in a site that spans forests"

    Torsten Meringer | http://www.mssccmfaq.de

    Thursday, August 8, 2013 2:26 PM
  • HI Gerry, 

    We have no option left since the customer need to retain the server as DC, till we move everything to the new ABC.COM. The account which i am using has been added as a Domain Administrator. 

    The problem here which i am facing is there are 12 sites where i need to have a remote DP, and all the servers are DC's and a File and Print Server on Windows 2003. 

    I will check what happens, when i add it to Domain Admin. ( have no other option left other than to try).


    Thursday, August 8, 2013 2:40 PM
  • Hi Torsten,

    The trust is build between the forest. The account which i am using for site installation is added to the Domain Admin in that forest.

    Thursday, August 8, 2013 2:41 PM
  • I know, you must have seen this post about Untrusted Forest Remote DP Error 0x800706BA. As I mentioned in the post whether you tried to access wmimgrmt.msc and wbemtest.msc with domain admin user? Also worth enabling WMI logs (on DC) to check whether any error while attempting to connect to wmi from primary server. If you've Win2k8 and above see how to enable wmi tracing 

    It seems to me like a FW issue. The error mentioned above is remote procedure call (RPC) server unavailable that can happen if the dynamic ports are NOT open other than 135.

    It worth checking following ports as well. To get more details you may need to perform network trace so that you will come to which port is blocking it,

    -          tcp 135, 
    -          tcp/udp – 389
    -          tcp 3268
    -          tcp/udp - 88
    -          tcp/udp - 53
    -          tcp 3268
    -          tcp 445
    -          dynamic rpc ports for NTDS. Netlogon 


    Anoop C Nair - @anoopmannur :: MY Site:  www.AnoopCNair.com :: FaceBook:  ConfigMgr(SCCM) Page :: Linkedin:  Linkedin<


    Friday, August 9, 2013 12:38 AM
  • issue solved. It was indeed a firewall issue. Had a detailed check with the FW team. Ephemeral ports are created dynamically and assigned to each client which opens a session. In case of Windows Server 2003 both TCP and UDP ephemeral ports are within the range 1025-5000. We had to set an exception of port # between 1025 and 5000. This fixed the issue. 

    Manu Krishnan -



    • Marked as answer by manukrishnan Friday, August 16, 2013 8:43 PM
    • Edited by manukrishnan Friday, August 16, 2013 8:55 PM corrected from 1025 and 1024 to 1025 and 5000
    Friday, August 16, 2013 8:43 PM