locked
Task Scheduled Logon Script Failing when deploying SCCM Client 0x800704dd RRS feed

  • Question

  • My network is mainly mobile and most computers that connect to the domain, do it through a VPN.  I am going to discuss a few things that are working and the processes I have tried that did not work, and why. 

    Now, being that the network is mainly a mobile one, installing the client via a GPO (Software Installation) would work best. While this does work for the workstations that connect directly to the network, it will not work for the mobile workstations as they connect through a VPN first, before hitting Active Directory to log into Windows. GPO software installation only happens at system startup time at which point the client is not connected to the network. 

    Pushing the client directly from SCCM Management Console is also not an option as these are remote workstations and some do not connect up to the domain very often (maybe 4-5 times a year).

    Other processes tried: 

    • Manual installation using GPO (User Log on Script) - Will not work as the user does not have the permission to install programs.
    • Manual installation using GPO (System Startup and User Log on Script) - Log On Script to download the file to the local computer and Startup Script to manually install the program.  Understanding that during system startup, the client is NOT connected to the network as of yet, the hope was that the client would try to install after its retry period.  This did not happen. 

    What I am currently working on is a Scheduled Task (via GPO) that occurs at 'Any User Logon'.  Scheduled task allows me to specify a user that does have administrative rights to install programs and also be connected to the domain.  

    I have created a PowerShell script that 1st, checks the registry to see if the SCCM client has been installed, and if not, it installs the program manually on the workstation using these switches with the ccmsetup executable file:

    • /noservice
    • SMSSITECODE
    • SMSMP
    • FSP
    • SMSCACHESIZE
    • CCMENABLELOGGING
    • CCMLOGLEVEL
    • CCMLOGMAXHISTORY

    To verify that the client will in fact install during normal circumstances:

    • I can execute the setup file from within Windows Explorer (Double-clicked the file) and the client will be installed.
    • I have also ran the ccmsetup executable using the switches above, in cmd prompt (As an Administrator) and it successfully installs the client.

    I have captured some key parts of the ccmsetup log file where I see that this is failing and I am looking for some thoughts on this.  This is only happening when the script is ran as a scheduled task which I need to have happen. 

    Discovering whether item 'i386/Silverlight.exe' exists.
    32-bit Hive selected
    Detected item 'i386/Silverlight.exe'
    Discovering whether item 'i386/dotNetFx40_Client_x86_x64.exe' exists.	
    Detected item 'i386/dotNetFx40_Client_x86_x64.exe'
    Discovering whether item 'SCEPInstall.exe' exists.
    Item SCEPInstall.exe has not been installed yet. Put to pending install list.
    Discovering whether item 'x64/client.msi' exists.
    Item x64/client.msi has not been installed yet. Put to pending install list.
    PROPFIND 'http://SecondaryDistributionPoint/SMS_DP_SMSPKG$/PIN00002'
    No client patches are detected.
    PROPFIND 'http://SecondaryDistributionPoint/SMS_DP_SMSPKG$/PIN00002'
    No client language packs are detected.
    Searching for available transform
    PROPFIND 'http://SecondaryDistributionPoint/SMS_DP_SMSPKG$/PIN00002'
    No transform available for this locale. Installation will proceed with no transformation.
    File 'C:\windows\ccmsetup\WindowsFirewallConfigurationProvider.msi' doesn't exist.
    File 'C:\windows\ccmsetup\SCEPInstall.exe' doesn't exist.
    File 'C:\windows\ccmsetup\client.msi' doesn't exist.
    Using branch cache option.
    Adding file 'http://SecondaryDistributionPoint:80/SMS_DP_SMSPKG$/PIN00002/x64/WindowsFirewallConfigurationProvider.msi' to BITS job, saving as 'C:\windows\ccmsetup\WindowsFirewallConfigurationProvider.msi'.
    Failed to download client files by BITS. Error 0x800704dd
    Sending Fallback Status Point message to 'MainDistributionPoint.pin.ca', STATEID='309'.
    Failed to get client version for sending messages to FSP. Error 0x8004100e
    Params to send FSP message '5.0.7958.1000 Deployment Error 0x800704dd. Path http://SecondaryDistributionPoint/SMS_DP_SMSPKG$/PIN00002'
    Request failed: 404 Not Found
    Failed to download from DP 'http://SecondaryDistributionPoint/SMS_DP_SMSPKG$/PIN00002', error 0x800704dd.
    PROPFIND 'http://MainDistributionPoint/SMS_DP_SMSPKG$/PIN00002'
    Using DP location http://MainDistributionPoint/SMS_DP_SMSPKG$/PIN00002
    Using branch cache option.
    Adding file 'http://MainDistributionPoint:80/SMS_DP_SMSPKG$/PIN00002/x64/WindowsFirewallConfigurationProvider.msi' to BITS job, saving as 'C:\windows\ccmsetup\WindowsFirewallConfigurationProvider.msi'.
    Failed to download client files by BITS. Error 0x800704dd
    Failed to download from DP 'http://MainDistributionPoint/SMS_DP_SMSPKG$/PIN00002', error 0x800704dd.
    Enumerated all 2 local DP locations but none of them is good. Fallback to MP.
    Using branch cache option.
    Adding file 'http://MainDistributionPoint:80/CCM_Client/x64/WindowsFirewallConfigurationProvider.msi' to BITS job, saving as 'C:\windows\ccmsetup\WindowsFirewallConfigurationProvider.msi'.
    Failed to download client files by BITS. Error 0x800704dd
    Deleted file C:\windows\ccmsetup\ccmsetup.xml
    CcmSetup failed with error code 0x800704dd
    



    Colin Domansky

    Monday, May 30, 2016 2:53 PM

Answers

  • Upon further research, the service account being used to create the scheduled task via GPO will never work because "The BITS service must run under the Local System user account" according to this Technet article: Issues with BITS

    After several ways of trying to have a local system account create the scheduled task was able to find this fix.

    • Set the user as “NT AUTHORITY\SYSTEM”.
    • Select the “Run only when user is logged on” option.
    • Manually edit the XML file that the policy creates, and remove the XML node <LogonType>InteractiveToken</LogonType> from the task in question.

    The XML file for the schedule tasks (1 file per group policy, multiple tasks per file) can be located in this location on the domain:

    \\<DNSDomainName>\sysvol\<DNSDomainName>\Policies\<GroupPolicyUniqueID>\Machine\Preferences\ScheduledTasks\ScheduledTasks.xml



    Colin Domansky


    • Edited by cdomansky Monday, June 6, 2016 3:26 PM
    • Marked as answer by cdomansky Monday, June 6, 2016 3:26 PM
    Monday, June 6, 2016 3:25 PM

All replies

  • Whatever system you are testing on has a BITS issue. 0x800704dd = "The operation being requested was not performed because the user has not logged on to the network. The specified service does not exist."

    There are probably a few other threads here in the forums with the error code concerning BITS but I'd start by checking that the BITS service is started.


    Jason | http://blog.configmgrftw.com | @jasonsandys

    Monday, May 30, 2016 8:18 PM
  • Upon further research, the service account being used to create the scheduled task via GPO will never work because "The BITS service must run under the Local System user account" according to this Technet article: Issues with BITS

    After several ways of trying to have a local system account create the scheduled task was able to find this fix.

    • Set the user as “NT AUTHORITY\SYSTEM”.
    • Select the “Run only when user is logged on” option.
    • Manually edit the XML file that the policy creates, and remove the XML node <LogonType>InteractiveToken</LogonType> from the task in question.

    The XML file for the schedule tasks (1 file per group policy, multiple tasks per file) can be located in this location on the domain:

    \\<DNSDomainName>\sysvol\<DNSDomainName>\Policies\<GroupPolicyUniqueID>\Machine\Preferences\ScheduledTasks\ScheduledTasks.xml



    Colin Domansky


    • Edited by cdomansky Monday, June 6, 2016 3:26 PM
    • Marked as answer by cdomansky Monday, June 6, 2016 3:26 PM
    Monday, June 6, 2016 3:25 PM