Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations John Tel on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Unable to connect to site server...???

Status
Not open for further replies.
PhilMarcum

PhilMarcum

MIS
Mar 21, 2000
63
US
I've got TWO MAJOR ISSUES I could use some quick help on!!!
Issue #1:
Inherited SMS network with SMS 2003 SP1 and W2K3 SP1. Clients are XPSP2 and from what I can tell the W2K3 SP1 was recently installed. There are a few XPSP2 users who get the following message when trying to connect to the site server via the SMS admin console:

The Site Server cannot be contacted. Please enter a new Site Server name.

I take a look at the 2003 FAQ located here:


and make the following DCOM changes which include:
1. Selecting the check box to allow Remote Access for Anonymous Logon.
2. Adding TCP port 135 and unsecapp.exe and rebooting the client system.

The user is still getting the same error. I don't get this error on my XPSP2 system but I do get it when I log in to this users system.

I've made the user(s) members of the sms admins group on the site server.
The firewall is disabled and managed via GPO. My system is also under this GPO.

I also notice that if I open the Site Database Connection Wizard and attempt to browse to the SMS site server I only see a hand full of systems that are on my network. This is the same if I open My Network Places and try to browse the network. I see only a hand full of systems and nothing anywhere close to the over 2500 systems on this network. I notice this issue on my XPSP2 system too so I don't think this is the problem as I'm still able to connect to the SMS console.

I also added the users to the Distributed COM Users group on the site server, which also has the SQL server installed on it and this didn't work!!! At this point I'm not sure if it's an issue with the firewall or a permissions issue so I'm wondering if anyone would be able to let me know what I'm doing wrong, point me to an actual fix or to more documentation discussing this??

Any responses are appreciated.
 
Sort by date Sort by votes
Any luck TechHead?
Get back to us with any more questions.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
I've tried the steps in the article listed and they didn't seem to help. I even went so far as to add ports 2701 - 2704 in the firewall and still no luck. The error mentioned above is the one seen in the adminui.log on one of the client systems.
I also have a global group that these users are members of that's been added to the SMS Admins local group on the site server.
I'm at my wits end trying to figure this out and therefore would welcome any further direction on troubleshooting this issue.

Thanks
 
Upvote 0 Downvote
Are all the failing clients on the same network segment <address wise> or are they random?
Are you using a DNS Server inside the SMS site boundaries, or are the addresses coming from a machine outside of the top level site?

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
Also, enable File and Print Sharing.

Neil J Cotton
njc Information Systems
Systems Consultant
 
Upvote 0 Downvote
RESOLVED!!! WHOOO HOOO!!!!
Turns out to be the SMS Admins group on the WMI namespace. I removed the SID displaying the corrupted group and redded it. Now users are connecting!!!

This section of: helped me out:

If you receive an "access denied" error message when you perform this procedure, the account that is used does not have the appropriate permissions to the namespace of the provider. To modify or to verify the permissions, follow these steps:1. On the server on which you enumerated the SMS site, click Start, click Run, type wmimgmt.msc, and then click OK.
2. Right-click WMI Control, and then click Properties.
3. On the Security tab, expand Root, and then click SMS.
4. Click Security in the details pane to see the permissions.
5. Click Advanced, click SMS Admins, and then click View-edit.

For the SMS namespace, the SMS Admins group must have the following permissions:• Enable account
• Remote enable

6. Repeat steps 1 through 5 to examine the SMS Admins group for the SMS_xxx namespace. (xxx is the site code.)

The SMS Admins group must have the following permissions: • Execute Methods
• Provider Write
• Enable Account
• Remote Enable

Note If the user is not in the SMS Admins group, add the user or the user's group to Security for the SMS namespace. Then, grant Remote Enable permission to the user or to the group.

If the user or the group does not have appropriate WMI permissions in Security for the SMS namespace, the following event may be logged in the AdminUI.log file:
Error(ConnectServer): Possible UI connection error code is -2147217405 [0x80041003]

Many thanks to all replies.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

GDCMike
  • Locked
  • Question
SCCM 1810 Task sequence / HTTP connection issue
Replies
0
Views
680
GDCMike
GDCMike
disturbedone
  • Locked
  • Question
SCCM2012 WiFi configuration WPA2-Enterprise not connecting
Replies
2
Views
539
jakob314
jakob314
morefays
  • Locked
  • Question
SMS Server Slient Installation Issue
Replies
0
Views
408
morefays
morefays
KevinSRay
  • Locked
  • Question
SCCM Client required on SCCM Management Point Server?
Replies
0
Views
416
KevinSRay
KevinSRay
gasca
  • Locked
  • Question
Problem when creating server shares
Replies
0
Views
376
gasca
gasca

Part and Inventory Search

Sponsor

Back
Top