SMS 2003 security issue unable to access

[warzer]

I get 100's of these from my clients. I even gave the share/folder full access for everyone and that didn't work. it seems machines are trying to connect with out a user. are they supposed to do this? how do i get them access to the package share without getting this error?

Event Type: Failure Audit
Event Source: Security
Event Category: Object Access
Event ID: 560
Date: 7/18/2007
Time: 11:00:29 PM
User: <DOMAIN>\<PCNAME>$
Computer: YSMS001
Description:
Object Open:
Object Server: Security
Object Type: File
Object Name: E:\SMSPKGE$\201000AA\Final.EXE
Handle ID: -
Operation ID: {0,24513105}
Process ID: 4
Image File Name:
Primary User Name: YSMS001$
Primary Domain: SRF
Primary Logon ID: (0x0,0x3E7)
Client User Name: <PCNAME>$
Client Domain: SRF
Client Logon ID: (0x0,0x174E557)
Accesses: READ_CONTROL
ReadData (or ListDirectory)
ReadEA
ReadAttributes
WriteAttributes

Privileges: -
Restricted Sid Count: 0
Access Mask: 0x20189


For more information, see Help and Support Center at

http://go.microsoft.com/fwlink/events.asp.

 

[bonafide247]

Warzer, could you give more specifics on what led you to this problem? Where you just trying to push a package out to your users? Please provide more detail.

Thanks

 

[tbrennans]

http://support.microsoft.com/kb/908473

See if this helps at all

 

[warzer]

yes this is when a package is being delivered to clients. we have a scheduled repeat package that goes out every tue called final.exe. and lately we have been having a lot of pcs hang on the final package. thats when i began investigating. it seems most of the problems occured when the sms server hung and shutdown. why would the machine account try to connect to the package folder?

Thanks
War

 

[tbrennans]

Because the package is being run by the machine/system account.

Look at the cas.log on the client and execmgr.log to see if that shows something useful

 

[warzer]

I will have to wait till monday for the log, but i want to know why the package would be running under the machine account? how do i give permissions for machine account access?

 

[tbrennans]

when the package is created on the environmment tab tells it to run as the the user or system...or software inst account if you have one

 

[warzer]

ok, so how do you give system ntfs permssions to the package share for systems? do i have to add all my client pcs to the ntfs permssons tab?

 

[warzer]

In exploring the cas.log file as recommended above i found this section of errors. seems like its been happening for a while. as it repeates often. espically this segment "GetLogonUserSid failed at GetTokenSids 0x800704dd"

the execmgr.log file contains a similar error set "WTSQueryUserToken[2](SessionID=0) failed with GLE=1245 execmgr 7/20/2007 4:33:23 PM 2548 (0x09F4)
WTSQueryUserToken[2](SessionID=0) failed with GLE=1245 execmgr 7/20/2007 4:33:24 PM 2548 (0x09F4)
WTSQueryUserToken[2](SessionID=0) failed with GLE=1245 execmgr 7/20/2007 4:33:24 PM 2548 (0x09F4)
"

Portion of cas.log:
Canceling CTM job {F5BF4603-5CC7-4C05-9D27-6B9CA5E2C145} for content 201000AA.4 ContentAccess 7/17/2007 11:00:19 PM 2216 (0x08A8)
WTSQueryUserToken[2](SessionID=0) failed with GLE=1245 ContentAccess 7/18/2007 11:00:00 PM 3856 (0x0F10)
WTSQueryUserToken[2](SessionID=0) failed with GLE=1245 ContentAccess 7/18/2007 11:00:00 PM 3856 (0x0F10)
WTSQueryUserToken[2](SessionID=0) failed with GLE=1245 ContentAccess 7/18/2007 11:00:01 PM 3856 (0x0F10)
GetLogonUserSid failed at GetTokenSids 0x800704dd ContentAccess 7/18/2007 11:00:01 PM 3856 (0x0F10)