The exact Kerberos Event message is in the System Event Log of the SCCM Server: The description for Event ID 4 from source Microsoft-Windows-Security-Kerberos cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: BGF-DTL-RECE-4$ JBNET.CH RPCSS/ZWL-LAP-KOPE-2 JBNET.CH The relevant entries in ccm.log for one particular machine: ======>Begin Processing request: "ZWL-LAP-KOPE-2_JBNET_CH", machine name: "ZWL-LAP-KOPE-2" SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Attempting to connect to administrative share '\\ZWL-LAP-KOPE-2.JBNET.CH\admin$' using account 'jbnet\sccm-netaccount' SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account jbnet\sccm-netaccount (00000574) SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Lost local access after ImpersonateLoggedOnUser (LOGON32_LOGON_INTERACTIVE) using account jbnet\sccm-netaccount SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Attempting to connect to administrative share '\\ZWL-LAP-KOPE-2.JBNET.CH\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Failed to connect to \\ZWL-LAP-KOPE-2.JBNET.CH\admin$ using machine account (1396) SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> ERROR: Failed to connect to the \\ZWL-LAP-KOPE-2.JBNET.CH\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Attempting to connect to administrative share '\\ZWL-LAP-KOPE-2\admin$' using account 'jbnet\sccm-netaccount' SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account jbnet\sccm-netaccount (00000574) SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Lost local access after ImpersonateLoggedOnUser (LOGON32_LOGON_INTERACTIVE) using account jbnet\sccm-netaccount SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Attempting to connect to administrative share '\\ZWL-LAP-KOPE-2\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Failed to connect to \\ZWL-LAP-KOPE-2\admin$ using machine account (1396) SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> ERROR: Failed to connect to the \\ZWL-LAP-KOPE-2\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> ERROR: Unable to access target machine for request: "ZWL-LAP-KOPE-2_JBNET_CH", machine name: "ZWL-LAP-KOPE-2", access denied or invalid network path. SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) Stored request "ZWL-LAP-KOPE-2_JBNET_CH", machine name "ZWL-LAP-KOPE-2", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) <======End request: "ZWL-LAP-KOPE-2_JBNET_CH", machine name: "ZWL-LAP-KOPE-2". SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ------------------ There are two problems: 1. SCCM is trying to push the client to different systems despite push installation is disabled. But this is not so important. It's also possible that someone has right clicked a collection with a lot of systems and choosed "install client" from the context menu. 2. Can't understand why the Eventlog Viewer is unable to display the full "Kerberos Event 4" message. Have tried to open the Eventlog from another system, and have the same behavior. And I have also verified that there are no duplicate systems in AD, and that are no duplicate SPN registrations in AD (setspn.exe -X). Problem 2 seems more operating system that SCCM related, but the problem is ONLY on our dedicated SCCM server. Thank you in advance for any hint. Franz

May be, somebody initiated the manual client push from collection? That is why the CCM.log shows that Site server is trying to get connected (with Client push account) to the client machines.Anoop C Nair - Twitter @anoopmannur MY BLOG: http://anoopmannur.wordpress.com SCCM Professionals This posting is provided AS-IS with no warranties/guarantees and confers no rights.

Have a problem with a SCCM 2007 R3 SP2 server, installed on Windows 2008 R2 SP1. The SMS_Client_Config_Manager component goes on Warning every day, and we have about 10 Kerberos errors every day with ID 4 (but never the better known Kerberos 3 errors) in the Site Server System Eventlog. There are about 300 Client Systems. Today, the SCCM client is installed and operational on about 60% of all Systems. Have and had never enabled Client Push installation, although the client push installation account is configured (for enabling push installation from the context menu in the SCCM console). The Windows Firewall on the Site server is normally enabled, but we have temporary completely disabled Windows Firewall for about a week now and still have the same errors. These Kerberos 4 errors occur ONLY on the SCCM site server. We have none of these errors on other member servers. The SQL Server is running with the NETWORKSERVICE account. Since this is not a domain account, I assume that no SQL SPN registration is neccessary or even possible with this configuration. MS documentation is only about the Local Service or domain accounts. Several posts says that these errors should disappear after about a week. However, we have these errors since the SCCM installation that we did about 6 weeks ago. Any advice? Thank you all in advance for any help Franz

Is there anything useful in ccm.log? Could you also clarify where those Kerberos errors are seen exactly?Torsten Meringer | http://www.mssccmfaq.de

The exact Kerberos Event message is in the System Event Log of the SCCM Server: The description for Event ID 4 from source Microsoft-Windows-Security-Kerberos cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer. If the event originated on another computer, the display information had to be saved with the event. The following information was included with the event: BGF-DTL-RECE-4$ DOMAINNAME.CH RPCSS/ZWL-LAP-KOPE-2 DOMAINNAME.CH The relevant entries in ccm.log for one particular machine: ======>Begin Processing request: "ZWL-LAP-KOPE-2_DOMAINNAME_CH", machine name: "ZWL-LAP-KOPE-2" SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Attempting to connect to administrative share '\\ZWL-LAP-KOPE-2.DOMAINNAME.CH\admin$' using account 'DOMAINNAME\sccm-netaccount' SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAINNAME\sccm-netaccount (00000574) SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Lost local access after ImpersonateLoggedOnUser (LOGON32_LOGON_INTERACTIVE) using account DOMAINNAME\sccm-netaccount SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Attempting to connect to administrative share '\\ZWL-LAP-KOPE-2.DOMAINNAME.CH\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Failed to connect to \\ZWL-LAP-KOPE-2.DOMAINNAME.CH\admin$ using machine account (1396) SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> ERROR: Failed to connect to the \\ZWL-LAP-KOPE-2.DOMAINNAME.CH\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Trying each entry in the SMS Client Remote Installation account list SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Attempting to connect to administrative share '\\ZWL-LAP-KOPE-2\admin$' using account 'DOMAINNAME\sccm-netaccount' SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account DOMAINNAME\sccm-netaccount (00000574) SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Lost local access after ImpersonateLoggedOnUser (LOGON32_LOGON_INTERACTIVE) using account DOMAINNAME\sccm-netaccount SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Attempting to connect to administrative share '\\ZWL-LAP-KOPE-2\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> Failed to connect to \\ZWL-LAP-KOPE-2\admin$ using machine account (1396) SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> ERROR: Failed to connect to the \\ZWL-LAP-KOPE-2\admin$ share using account 'Machine Account' SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ---> ERROR: Unable to access target machine for request: "ZWL-LAP-KOPE-2_DOMAINNAME_CH", machine name: "ZWL-LAP-KOPE-2", access denied or invalid network path. SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) Stored request "ZWL-LAP-KOPE-2_DOMAINNAME_CH", machine name "ZWL-LAP-KOPE-2", in queue "Retry". SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) <======End request: "ZWL-LAP-KOPE-2_DOMAINNAME_CH", machine name: "ZWL-LAP-KOPE-2". SMS_CLIENT_CONFIG_MANAGER 29.09.2011 08:19:59 3360 (0x0D20) ------------------ There are two problems: 1. SCCM is trying to push the client to different systems despite push installation is disabled. But this is not so important. It's also possible that someone has right clicked a collection with a lot of systems and choosed "install client" from the context menu. 2. Can't understand why the Eventlog Viewer is unable to display the full "Kerberos Event 4" message. Have tried to open the Eventlog from another system, and have the same behavior. And I have also verified that there are no duplicate systems in AD, and that are no duplicate SPN registrations in AD (setspn.exe -X). Problem 2 seems more operating system that SCCM related, but the problem is ONLY on our dedicated SCCM server. Thank you in advance for any hint. Franz