Background:-1 primary site server (native mode)-Out of 2500 clients, about 200 fail with the following errors.-Firewall is disabled via GPO-All machines "should" have domain admins as a member of the local admin group and the SCCM client push account is a domain admin.My questions are:1. Why does it attempt to use the machine account (I assume this is the SCCM server machine account)after the push account fails?2. Is there any way to prevent this from happening (my security guy is asking)?3. What else could be causing these to fail?---> Trying each entry in the SMS Client Remote Installation account listSMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:27 AM1548 (0x060C)---> Attempting to connect to administrative share '\\MACHINENAME.local.domain.com\admin$' using account 'domain\sccm_admin_account'SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:27 AM1548 (0x060C)---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account domain\sccm_admin_account (00000569)SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:27 AM1548 (0x060C)---> WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account domain\sccm_admin_account (00000569)SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> Attempting to connect to administrative share '\\MACHINENAME.local.domain.com\admin$' using machine account.SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> Failed to get token for current process (5)SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> ERROR: Failed to connect to the \\MACHINENAME.local.domain.com\admin$ share using account 'Machine Account'SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> Trying each entry in the SMS Client Remote Installation account listSMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> Attempting to connect to administrative share '\\MACHINENAME\admin$' using account 'domain\sccm_admin_account'SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account domain\sccm_admin_account (00000569)SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account domain\sccm_admin_account (00000569)SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> Attempting to connect to administrative share '\\MACHINENAME\admin$' using machine account.SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> Failed to get token for current process (5)SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> ERROR: Failed to connect to the \\MACHINENAME\admin$ share using account 'Machine Account'SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)---> ERROR: Unable to access target machine for request: "DNZGOVBM", machine name: "MACHINENAME", access denied or invalid network path.SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)Retry request id for "DNZGOVBM" set to "MACHINENAME_na_calpine_com"SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)Stored request "MACHINENAME_na_calpine_com", machine name "MACHINENAME", in queue "Retry".SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)<======End request: "MACHINENAME_local_domain_com", machine name: "MACHINENAME".SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 AM1548 (0x060C)Thanks!xtiyu32n

Hi:Check if domain\sccm_admin_account really has admin privileges and if the account is correctly set in the Site Server?That account is failing: "---> Attempting to connect to administrative share '\\MACHINENAME.local.domain.com\admin$' using account 'domain\sccm_admin_account'SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:27 AM1548 (0x060C)---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account domain\sccm_admin_account (00000569)SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:27 AM1548 (0x060C)---> WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account domain\sccm_admin_account (00000569)SMS_CLIENT_CONFIG_MANAGER6/2/2009 11:49:28 ".That's why it's using the Machine Account.Regards,

1. Default behavior. 2. Except for ensuring that the configured client installation account succeeds, no. 3. See Felipe's comments.Jason | http://myitforum.com/cs2/blogs/jsandys

Yes, I have verified that the account has admin rights on the machine. What else should I check?Is there any way to not use the machine account? i.e. -- use the defined push accounts, then quit if those don't succeed?xtiyu32n

Is there any way to not use the machine account? i.e. -- use the defined push accounts, then quit if those don't succeed? As I said, no, this is default, unchangeable behavior. How did you verify that the 'domain\sccm_admin_account'account has local admin privileges on the system you are pushing the client to? Did you try to connect to the admin$ on the system? The error message here is clear cut without any wiggle room: access denied.Jason | http://myitforum.com/cs2/blogs/jsandys

Hi:If you are sure of the admin rights, then check: "if the account is correctly set in the Site Server"Same as Jason, how do you check the rights?Regards,

Is there one article that lists all prerequisites for a successful client install?-admin rights to the machine-must be able to access admin share-file and print sharing enabled-firewall disabled or XYZ exceptions-etc.-etc.I haven't seen anything like this, but it would be helpful to have.xtiyu32n

Hi:With this article, you go through the steps for client push: http://technet.microsoft.com/en-us/library/bb632380.aspx. You can see details about the account and firewall settings.I hope this help you.Regards,

Here is my list: Admin rights to the machine Admin$ share access remote registry access (remote registry service running) remote wmi access (firewall configured or disabled) File and printer sharing linked to network interface (server service running, file & print sharing enabled in personal firewall) "xtiyu32n" wrote in message news:5716bacb-5697-4bf 5-b775-e09d8ad095f9...Is there one article that lists all prerequisites for a successful client install?-admin rights to the machine-must be able to access admin share-file and print sharing enabled-firewall disabled or XYZ exceptions-etc.-etc.I haven't seen anything like this, but it would be helpful to have. xtiyu32n

I am seeing a number of machines with WMI errors. Is this DCOM-related? What are the WMI/DCOM requirements? Is it just for DCOM to be enabled?xtiyu32n

I am seeing a number of machines with WMI errors. Where do you see that?

sorry, the ccm.log--Received request: "KKQGWXZS" for machine name: "MACHINENAME" on queue: "Incoming".SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:13 PM324 (0x0144)Stored request "KKQGWXZS", machine name "MACHINENAME", in queue "Processing".SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:13 PM324 (0x0144)======>Begin Processing request: "KKQGWXZS", machine name: "MACHINENAME"SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:13 PM17244 (0x435C)---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0)SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:13 PM17244 (0x435C)---> Attempting to connect to administrative share '\\MACHINENAME.local.domain.com\admin$' using account 'domain\adminaccount'SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:13 PM17244 (0x435C)---> The 'best-shot' account has now succeeded 1 times and failed 0 times.SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)---> Connected to administrative share on machine MACHINENAME.local.domain.com using account 'domain\adminaccount'SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)---> Attempting to make IPC connection to share <\\MACHINENAME.local.domain.com\IPC$>SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)---> Searching for SMSClientInstall.* under '\\MACHINENAME.local.domain.com\admin$\'SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)CWmi::Connect(): ConnectServer(Namespace) failed. - 0x80070005SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)---> Unable to connect to WMI on remote machine "MACHINENAME", error = 0x80070005.SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)---> Deleting SMS Client Install Lock File '\\MACHINENAME.local.domain.com\admin$\SMSClientInstall.C01'SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)Retry request id for "KKQGWXZS" set to "MACHINENAME_loca_domain_com"SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)Stored request "MACHINENAME_loca_domain_com", machine name "MACHINENAME", in queue "Retry".SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)<======End request: "MACHINENAME_loca_domain_com", machine name: "MACHINENAME".SMS_CLIENT_CONFIG_MANAGER6/4/2009 2:57:14 PM17244 (0x435C)I assume this is WMI or DCOM related?xtiyu32n

Hi:If you have WMI/DCOM related problems, that's your tool: http://www.microsoft.com/technet/scriptcenter/topics/help/wmidiag.mspxIt shows you, what the problem is and how to resolve it.I hope this help you.Regards,

Hi All, check \\clientname\admin$ ,if its not working try with \\ipaddress\admin$ both are not working MEANS follow the firewall exception check windows firewall exception http://social.technet.microsoft.com/forums/en-US/configmgrsetup/thread/78345405-4e92-4f25-820d-32df8b37307d/ using ip Address its working means like \\ipaddress\admin$ i had issue in Active directory dns not able to resole the name check with AD team. Regards, vasanth http://vasanthsccm.wordpress.com