locked
New server share for DP on remote server setup. RRS feed

  • Question

  • Hi guys

    Senario

    I have a Primary site server witch is also the DP in the UK. It serves as a MP and DP to clients in USA domain. I want to add a new server share to another FP server in USA to act as a DP for pcs over a WAN link.

    1, I am worried about getting the access permissions correct -  Do i have to create the local groups SMS_SiteSystemToSiteServer and SMS_SiteToSiteConnection on the FP for site to site communication. The adding in the server machines accs for connecting?

    Create the folder share on FP?

    Add UK Server machine acc to local Administrator group?

    2. Create new server share with the wizard in the console on the Primary server and point to the share on the FP and configure protected boundaries?

    3. How will clients know to use the new share for packages instead on the existing DP in the UK?

    Thanks in advance

    Kev

     

     

     

     

     

     

     


    Kev :)
    Friday, October 21, 2011 8:14 PM

Answers

All replies

  • 1. No need create local groups. But Add UK Server machine acc to local Administrator group. For DP share you need to create share folder.

    More detail http://technet.microsoft.com/en-us/library/bb892801.aspx

    2. Yes

    3. It will get the available list of DPs through the below mentioned process. http://technet.microsoft.com/en-us/library/bb932150.aspx


    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    • Marked as answer by Webbeye Saturday, October 22, 2011 8:44 AM
    Saturday, October 22, 2011 2:23 AM
  • Thanks Anoop. I have a better picture and can breath more easy

     


    Kev :)
    Saturday, October 22, 2011 8:45 AM
  • Hi Anoop or anybody who can help

     

    I am an getting access issues when a client tries to download a package from the new server share

    CAS.log

    CTM job {A5638F9F-992C-4CFB-94FE-9A18231A682C} encountered error 0x80040229 during download ('Error processing manifest.')- The error maps to denied access.

    DataTransferServices.log

    Error getting network access account credentials. Code 0x80040215

    execmgr.log

    OnContentAvailable program Utimaco Full Disk Encryption 4.50.2 NOT available, 0x80070005

     

    The new DP server share is in a different domain to the site server\MP 

    The machine trying to download the package is in the same domain as the new server share. I have also made sure the security rights on the folders have domain computers.

    I would prefer to not use a Network access account, I just dont understand why this needs one as its in a trusted doamin??

    Thanks in advance

    Kev


    Kev :)
    Thursday, October 27, 2011 12:21 PM
  • Is the DP running on win2k8 R2 (BITs enabled)? if so, check out the below blog post regarding IIS configuration http://myitforum.com/cs2/blogs/cnackers/archive/2010/09/20/configuration-manager-configuring-server-2008-r2-for-site-systems.aspx

     


    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, October 27, 2011 12:35 PM
  • No, Anoop. Its running on a Windows 2003 server Sp1 and bits is not enabled...
    Kev :)
    Thursday, October 27, 2011 12:37 PM
  • If "BITs" not enabled then look at FileBITS.log for some more clue?

    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, October 27, 2011 12:40 PM
  • This is what is in FileBITS.log - Only two entries which are errors and they date back to Jan 2010

    Failed to open to WMI namespace '\\.\root\ccm\DataTransferService' (8007045b)

    Encountered error in startup task. Code 0x8007045b

    I am looking to enable BITS but did not want to make things worse at the moment..

    I can see that it can download fine from the DP on the site server in the EU domain.. so it can access packages there and not from the new DP in the same NA domain.... wierd!


    Kev :)
    • Edited by Webbeye Thursday, October 27, 2011 12:48 PM
    Thursday, October 27, 2011 12:45 PM
  • Ok, so the systems (giving trouble) are in EU domain and new DP is in NA domain? If so then you may need to configure Network Access Account.

    Anoop C Nair - Twitter @anoopmannur

    MY BLOG:  http://anoopmannur.wordpress.com

    SCCM Professionals

    This posting is provided AS-IS with no warranties/guarantees and confers no rights.

    Thursday, October 27, 2011 12:57 PM
  • The setup is new server share is in NA Domain and the pc that has trouble is also in the NA domain.

    The pc has downloaded a package fine from the DP in the EU domain but the package (different package) i have put on the protected DP in the NA domain does not. It recognises that the package is there on the protected DP in NA domain so can see it  the DP but when it tries to start the download it throws up the access errors "Error getting network access account credentials. Code 0x80040215"

    The DP in EU domain which it can download from is BITS enabled..


    Kev :)
    Thursday, October 27, 2011 1:07 PM