Create Task Sequence Media Wizard Fails

When attempting to create a bootable media for a task sequence I get the error: Media creation failed with the error message: A required privilege is not held by the client.  Refer to createTSMedia.log file to find more details.  Upon looking in this log file I see the following in red: 

Unable to apply (0x80070522)
Closing image file C:\Users\sccmadmin\AppData\Local\Temp\_tsmedia_7156\Cache\LSA00022\WinPE.LSA00022.wim
Failed to create media generator (0x80070522)
CreateTsMedia failed with error 0x80070522, details=''

Media creation process that was started from Admin Console completed.

CreateMedia.exe finished with error code 80070522

I get this error with trying to create an iso as well as trying to create a bootable USB drive.

The SCCM Console was started with admin privileges.  I get this same error trying it on the console installed on my workstation and the console installed on the sccm server.  I am a local administrator on my workstation and sccm console.  I recall successfully creating media before but for some reason this doesn't work any longer and I am not sure what changed. 

SCCM Server: OS and SCCM version are 2012 R2

Workstation: Windows 7 pro

April 16th, 2015 3:26pm

Hi,

Is there a policy being enforced to set this setting?

"User Account Control: Run all administrators in Admin Approval Mode"

Thanks,

Adam

Free Windows Admin Tool Kit Click here and download it now
April 16th, 2015 3:36pm

Hi,

the error translates to, "A required privilege is not held by the client." So it seems it is an issue with permisisons, check out this thread as well. https://social.technet.microsoft.com/Forums/systemcenter/en-US/83b11a23-24ec-46b1-9a5f-52d335dc92b5/unable-to-create-task-sequence-media-privilege-not-held-by-client?forum=configmgrosd Regards,Jrgen

April 16th, 2015 4:11pm

I saw that thread but it didn't appear to help.  My test sccm environment has no issues and I used to not have this problem in production before.  The only thing that I can think of that has changed would be windows updates.

I am not aware of any group policy that is set to run all administrators in admin approval mode.

What lacking permissions would be causing this?  I am an administrator of the computers in question.  Something new is definitely happening.  I just tested the batch file i use to mount wim files using DISM and I now get Error 1314 a required privilege is not held by the client.

There is one thing I may have noticed but I can't actually recall if it has always happened or not.  When i copy a file from the root of C to the root of F it brings up a UAC saying youll need to provide admin permission to copy to this folder.  I just continue and all is well, dont have to enter any creds.
Free Windows Admin Tool Kit Click here and download it now
April 16th, 2015 4:54pm

I saw that thread but it didn't appear to help.  My test sccm environment has no issues and I used to not have this problem in production before.  The only thing that I can think of that has changed would be windows updates.

I am not aware of any group policy that is set to run all administrators in admin approval mode.

What lacking permissions would be causing this?  I am an administrator of the computers in question.  Something new is definitely happening.  I just tested the batch file i use to mount wim files using DISM and I now get Error 1314 a required privilege is not held by the client.

There is one thing I may have noticed but I can't actually recall if it has always happened or not.  When i copy a file from the root of C to the root of F it brings up a UAC saying youll need to provide admin permission to copy to this folder.  I just continue and all is well, dont have to enter any creds.
April 16th, 2015 8:50pm

I saw that thread but it didn't appear to help.  My test sccm environment has no issues and I used to not have this problem in production before.  The only thing that I can think of that has changed would be windows updates.

I am not aware of any group policy that is set to run all administrators in admin approval mode.

What lacking permissions would be causing this?  I am an administrator of the computers in question.  Something new is definitely happening.  I just tested the batch file i use to mount wim files using DISM and I now get Error 1314 a required privilege is not held by the client.

There is one thing I may have noticed but I can't actually recall if it has always happened or not.  When i copy a file from the root of C to the root of F it brings up a UAC saying youll need to provide admin permission to copy to this folder.  I just continue and all is well, dont have to enter any creds.
Free Windows Admin Tool Kit Click here and download it now
April 16th, 2015 8:50pm

If you open GPEDIT.MSC on the server with the issue and navigate to...

Computer Configuration\Windows Settings\Security Settings\Local Policies\User Right Assignments

Can you see any policies which aren't faded (E.g. configured via GPO) you will see below for instance I have configured "Add Workstation to domain" with Domain admins as an example and the icon is different to the rest. Do you have any policies like this in your local GPEDIT?

Thanks,

April 17th, 2015 6:13am

Yeah I do have a bunch of faded policy icons.  I have three policies that are like your add workstations to domain.  My three are: Add workstations to domain, Deny access to this computer from the network, manage auditing and security log.
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2015 9:04am

OK, Who is listed in your Manage Auditing and Security log policy? Is Administrators still listed?

Thanks,

Adam

April 17th, 2015 9:51am

It lists mydomain\exchange servers, mydomain\exchange enterprise servers
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2015 12:32pm

Hi,

Would you be able to create a new policy and apply it just to your SCCM Server and your workstation and Add Administrators back in. Confirm the policy now has Administrators in and try the process again please?

Thanks,

Adam

April 17th, 2015 2:33pm

I don't have access to create group policies.  What should I tell my active directory admin?  I noticed on my test sccm lab that I have no policies highlighted like I had the three in production but my manage auditing and security log policy is set to just administrators in my test enviroment.
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2015 3:30pm

OK, I would explain the symptoms you have as you have shown at the beginning of this post, explain the difference in policies between the Dev and Prod boxes. Ask that they create a temporary policy to add the default setting of Administrators back in for you to do some testing.

I am guessing as this is applied to your servers and workstations, based on what you have said, that this setting resides in your Default Domain Policy GPO. Which is possibly the exact issue that Hai Deep had in the post Jrgen posted here https://social.technet.microsoft.com/Forums/systemcenter/en-US/83b11a23-24ec-46b1-9a5f-52d335dc92b5/unable-to-create-task-sequence-media-privilege-not-held-by-client?forum=configmgrosd

The above post also says it was a user right which caused the issue, so there is a fair amount of justification to apply the test.

Is your Dev instance in the same Domain or is it a completely separate lab?

let me know if you have issues, 

Thanks,

April 17th, 2015 3:47pm

My dev lab is in its own domain completely separate.  I will talk to our AD admin Monday and see what he thinks. I now have a feeling it is that policy causing the issue also.  What the other forum post didn't say was what was changed in his default domain policy GP.  It just said that there was a default domain policy being applied effecting users rights. 
Free Windows Admin Tool Kit Click here and download it now
April 17th, 2015 5:14pm

How did you get on?
April 24th, 2015 4:27am

I talked to them about the issue and they said it is on the table to find a solution to their issue with exchange so they could put the group policy back.  I am going to assume that, that is what it is, the group policy.  So as of now I am in a wait and see state.
Free Windows Admin Tool Kit Click here and download it now
April 24th, 2015 9:09am

Seems like it was the group policy since they fixed it this morning. Apparently inheritance was an issue.
May 8th, 2015 4:15pm

Seems like it was the group policy since they fixed it this morning. Apparently inheritance was an issue.
Free Windows Admin Tool Kit Click here and download it now
May 8th, 2015 8:11pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics