Unable to download policies for IBCM clients in different untrusted forest
Hi, I've got a setup using SCCM 2007 native mode version 4.00. It's a single primary site on a single server, and I'm intending to use it via IBCM to manage a few different untrusted forests. Everything is working fine for machines which are members of the domain the site is in. I've then tried to add my first few clients from a different forest, so I've imported the root CA of the new forest, and deployed the client to a few machines. They all connect in to the primary site via the internet, and can be seen in the SCCM console, however they're not downloading the policy (only two options in the actions tab of the client). Now I think it's something to do with permissions etc, but I can't figure it out. Only errors I can see are <![LOG[Failed to open the task sequence key HKLM\Software\Microsoft\SMS\Task Sequence. Error code 0x80070002]LOG]!><time="09:42:05.312+-60" date="10-17-2010" component="TSManager" context="" type="2" thread="3600" file="utils.cpp:2776"> <![LOG[GetLogonUserSid failed at GetTokenSids 0x800704dd]LOG]!><time="09:24:10.871+-60" date="10-17-2010" component="ContentAccess" context="" type="2" thread="4452" file="contentaccessservice.cpp:202"> <![LOG[Software Distribution Site Settings for the client are missing from WMI.]LOG]!><time="09:24:10.918+-60" date="10-17-2010" component="ContentAccess" context="" type="3" thread="4420" file="softdistpolicy.cpp:1312"> <![LOG[CacheConfig::InitializeFromWmi - GetSWDistSiteSettings failed with 0x80004005. Default site settings will be used]LOG]!><time="09:24:10.918+-60" date="10-17-2010" component="ContentAccess" context="" type="3" thread="4420" file="cachemanager.cpp:1819"> Any thoughts would be gratefully received!
October 17th, 2010 12:04pm
Got this was fixed, was three things I was doing wrong When the client has no access to the ca of the site server you need to give it the public key during setup add the switch SMSSIGNCERT="full path to the site document signing cert" The root ca for the above cert needs to be installed on the client Bit of a foolish one, but I hadn't added any network credentials under site settings - client agent - computer client agent Hope that helps someone!
October 17th, 2010 4:15pm