none
DP error after in place OS upgrade RRS feed

  • Question

  • My site server is running 2012 R2 and we have SCCM 1906

    I have upgraded my DP OS from 2008 R2 to 2012 R2. DP now is having issues. distmgr.log has the below errors.

    Failed to make a network connection to \\my.dpserver.com\ADMIN$ (0x4b8).
    Cannot establish connection to ["Display=\\my.dpserver.com\"]MSWNET:["SMS_SITE=S01"]\\my.dpserver.com\. Error = 1208 SMS_DISTRIBUTION_MANAGER 28-Nov-19 9:49:56 AM 1212 (0x04BC)

    Site system installation account  for the DP role is site server's computer account

    any ideas on how to resolve this?

    Thursday, November 28, 2019 12:26 AM

Answers

  • Hi,

    Thank you very much for the update and sharing the solution, it could be helpful for others with the similar issue. Here's a short summary for the problem.

    Problem/Symptom:
    ===================
    DP error after upgraded DP OS from 2008 R2 to 2012 R2:
    Failed to make a network connection to \\my.dpserver.com\ADMIN$ (0x4b8).

    Solution:
    ===================
    Add "everyone" to administrators group in DP, DP start working, and even if remove the "Everyone" security and rebooted the DP, it still works.

    Regards,
    Allen

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 3, 2019 9:15 AM

All replies

  • Have you manually tried to establish a connection to \\my.dpserver.com\ADMIN$ from the site server using your account and also using the local System account?

    Jason | https://home.configmgrftw.com | @jasonsandys

    Thursday, November 28, 2019 2:43 AM
  • I can't establish a connection from site server to DP using my account(domain admin) however if i drop the FQDN and just use server name i'm able to establish a connection. Not sure if this is the correct way to test using local System account, but I mapped the \\my.dpserver.com\ADMIN$ with "connect using other  credentials" and put in .\system for username and left password blank when prompted. This didn't work either. 

    If I try this \\my.dpserver.com\ADMIN$ from my PC or another server it works ok.

    Thursday, November 28, 2019 4:20 AM
  • That indicates a deeper, non-ConfigMgr issue here with that system. Looks like a kerberos related auth issue. Have you reviewed the security event log on the target system?

    And no, that does not use the local system account. You need to use psexec to do this: https://blogs.technet.microsoft.com/askds/2008/10/22/getting-a-cmd-prompt-as-system-in-windows-vista-and-windows-server-2008/


    Jason | https://home.configmgrftw.com | @jasonsandys

    Thursday, November 28, 2019 5:23 AM
  • please check the DNS configurations for server name. Ask server team to check the server name configurations.

    need to check a ping test with IP address, host name and FQDN.


    Midhun.PS

    Thursday, November 28, 2019 7:05 AM
  • Logged a support case and they looked in to logs etc.. Asked me to add "everyone" to administrators group in DP, which I did and the share started working. I removed the "Everyone" security and rebooted the DP and it still works. Not sure how but it now works. I tested by distributing some content in an application package and it reached the DP successfully with no errrs. All good.
    Tuesday, December 3, 2019 3:03 AM
  • Hi,

    Thank you very much for the update and sharing the solution, it could be helpful for others with the similar issue. Here's a short summary for the problem.

    Problem/Symptom:
    ===================
    DP error after upgraded DP OS from 2008 R2 to 2012 R2:
    Failed to make a network connection to \\my.dpserver.com\ADMIN$ (0x4b8).

    Solution:
    ===================
    Add "everyone" to administrators group in DP, DP start working, and even if remove the "Everyone" security and rebooted the DP, it still works.

    Regards,
    Allen

    Please remember to mark the replies as answers if they help.

    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Tuesday, December 3, 2019 9:15 AM
  • This is not a proper solution -- in fact, security wise it's a terrible solution that I would never ever personally accept. Just because it fixed a symptom does not make it an acceptable solution as it opens this system up wide for attack.

    Jason | https://home.configmgrftw.com | @jasonsandys

    Tuesday, December 3, 2019 5:18 PM
  • Since the "evryone" permissions were removed, it's not a security risk any more. I asked Support what was the cause of the issue and their response was "At the core of it it’s just an issue with the permissions " which wasn't very explainatory but it's now working. 

    Wednesday, December 4, 2019 3:39 AM