locked
Client push installation fails RRS feed

  • Question

  • Hi,

    I keep getting the problem that I'm unable to do a push installation to 4 of my servers sitting in a different VLAN. I opened all ports 1-6XXXX and turned of the firewall on both sides (SCCM server and client) but still the installation is failing. I see the ccmsetup.exe which dissappears after a few seconds. Strange thing is; Installation succeeds on all servers in the same VLAN.

    This is a part my ccm.log:

    CWmi::Connect(): ConnectServer(Namespace) failed. - 0x800706ba    SMS_CLIENT_CONFIG_MANAGER    6/1/2012 8:37:45 PM    4104 (0x1008)
    ---> Unable to connect to WMI on remote machine "(machinename)", error = 0x800706ba.    SMS_CLIENT_CONFIG_MANAGER    6/1/2012 8:37:45 PM    4104 (0x1008)
    ---> Deleting SMS Client Install Lock File '\\(machinename)\admin$\SMSClientInstall.AMM'    SMS_CLIENT_CONFIG_MANAGER    6/1/2012 8:37:45 PM    4104 (0x1008)
    Execute query exec [sp_CP_SetLastErrorCode] 2097152051, -2147023174    SMS_CLIENT_CONFIG_MANAGER    6/1/2012 8:37:45 PM    4104 (0x1008)

    Wbemtest.exe also fails: RPC server not available. Admin$ is reachable.

    Am I missing something? Been trying for days to figure this out without succes. Hope someone can help!


    • Edited by Lakitna Friday, June 1, 2012 6:53 PM
    Friday, June 1, 2012 6:45 PM

Answers

  • Hello Lakitna,

    Try to start a WMI query from a remote machine to your server from cmd (e.g.):

    wmic /node:computername computersystem get username

    You should get back the logged on user name. If you won't get back anything just error means you have WMI error (just as it seems in your log file).

    Try to "rebuild" your WMI repository. Stop the Windows Management Instrumentation service and rename or delete the C:\Windows\System32\wbem\Repository folder.

    After you can re - start the WMI service and you should make a computer restart. 

    Hope this will help to you.

    Brgds.

    Tamas

    Friday, June 15, 2012 2:08 PM

All replies

  • Have you tried installing it manually on the servers, try on one of them if not. Your log suggests network or authentication trouble since "Unable to connect to WMI on remote machine".

    To install the client manually run ccmsetup.exe /mp:YOURMANAGEMENPOINT /SMSSITECODE=YOURSITECODE from a command prompt.

    More on manual install here, http://technet.microsoft.com/en-us/library/gg699356.aspx


    Mats Hellman | My Blog: http://www.nixadmins.net| Twitter: Mats_Hellman | LinkedIn Mats Hellman |


    Friday, June 1, 2012 7:41 PM
  • How do I install manually? It keeps saying ccmsetup.exe isn't a recognized command and I can't reach the Client share on my sccm server.
    Friday, June 1, 2012 8:26 PM
  • The client installation files are located in \\SCCMSERVER\SMS_SITECODE\Client, you can run the installer from that share, but you do need to use an account with enough priviliges to access the share.

    Mats Hellman | My Blog: http://www.nixadmins.net| Twitter: Mats_Hellman | LinkedIn Mats Hellman |

    Friday, June 1, 2012 8:29 PM
  • I know but I can't reach any share on my SCCM server even though they're in the same domain, but on a different VLAN.
    Friday, June 1, 2012 8:32 PM
  • You should always create a new directory and share for the client install files -- don't use the default.

    Why can't you get to any shares? Is thee some kind of network security in place?

    You *will* have issues with ConfigMgr in general if the client cannot access shares on the site server.


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Friday, June 1, 2012 8:37 PM
  • In that case I'd start by looking at the network configuration, are the servers able to ping eachother? Can you access any share from the SCCM Server to the client server and vice versa. How about name resolution? Is the DNS client setup ok for theese servers? How about firewalls, you say you took them out of the equation, but make sure they are.


    Mats Hellman | My Blog: http://www.nixadmins.net| Twitter: Mats_Hellman | LinkedIn Mats Hellman |

    Friday, June 1, 2012 8:38 PM
  • This is only related to servers in different VLANs. We only have TMG between our subnets as far as I know.
    Friday, June 1, 2012 8:39 PM
  • Yes they can ping each other. Accessing shares from SCCM to Client in different VLAN works, viceversa doesn't. DNS resolutions is oke and firewalls are off for sure.
    Friday, June 1, 2012 8:44 PM
  • Correct me if I'm wrong since I'm trying to get the picture here.

    1. The SCCM server is able to access any share on any of the servers where the client wont install?

    2. None of the clients in this VLAN can access any share on the SCCM server? Or only the client servers that fail to install the ConfigMGR client?

    Simplified, is this anything like your setup?


    Mats Hellman | My Blog: http://www.nixadmins.net| Twitter: Mats_Hellman | LinkedIn Mats Hellman |

    Friday, June 1, 2012 8:54 PM
  • 1. True.

    2. True, ALL clients in this VLAN fail to access a share on the SCCM server.

    3. Your picture is correct.

    Friday, June 1, 2012 8:58 PM
  • Ok, any traffic is allowed trough the TMG firewall but try the following just to be on the safe side. In the TMG, rightclick Firewall Policy and select All tasks, system policy, edit system policy. Find the Authentication Services group and Active directory, unselect Enforce Strict RPC compliance click ok and try again. If it isn't selected let me know and we'll try to think of something else.


    Mats Hellman | My Blog: http://www.nixadmins.net| Twitter: Mats_Hellman | LinkedIn Mats Hellman |

    Friday, June 1, 2012 9:03 PM
  • It isn't selected.
    Friday, June 1, 2012 9:10 PM
  • Ok,

    If none of the servers in VLAN 2 is able to access the SCCM server I'd start looking at the firewall. Using network traces with netmon might be helpful also but I'd start looking at the firewall since it is the one filter between the two VLAN's. Without any more knowledge of the setup I'm running out of ideas :)


    Mats Hellman | My Blog: http://www.nixadmins.net| Twitter: Mats_Hellman | LinkedIn Mats Hellman |

    Friday, June 1, 2012 9:16 PM
  • Bottom line, clients must be able to communicate with the site servers as all client communicaton in ConfigMgr is client inititiated. If your clients cannot do this, ConfigMgr will not work. Note that this doesn't have to be SMB traffic.

    Here's the TechNet documentation on what needs to be open: http://technet.microsoft.com/en-us/library/hh427328.aspx


    Jason | http://blog.configmgrftw.com | Twitter @JasonSandys

    Friday, June 1, 2012 9:22 PM
  • Hello Lakitna,

    Try to start a WMI query from a remote machine to your server from cmd (e.g.):

    wmic /node:computername computersystem get username

    You should get back the logged on user name. If you won't get back anything just error means you have WMI error (just as it seems in your log file).

    Try to "rebuild" your WMI repository. Stop the Windows Management Instrumentation service and rename or delete the C:\Windows\System32\wbem\Repository folder.

    After you can re - start the WMI service and you should make a computer restart. 

    Hope this will help to you.

    Brgds.

    Tamas

    Friday, June 15, 2012 2:08 PM