Hello

I have a problem with my SCCM organization.

Here is my architecture:

-          A primary site called SCCMP containing

o   SQL Database server

o   Distribution Point

o   Fallback Status Point

o   Management point

o   Reporting point

o   Server Locator Point

o   Software update point

o   Reporting service point

o   State migration point

-          A secondary site called SCCMS containing

o   Distribution Point

o   Management point

o   Software update point

There are two domains:  

-          “domain.lan”

-          “new.domain.lan”

There are two vlans:

-          172.16.111.0/24

-          172.16.99.0/24

My organization is in mixed mode.

All the domain controllers are in VLAN 111. SCCMP is in the same VLAN. However SCCMS is in VLAN 99.

The secondary site has been deployed with the configuration manager console. All prerequisites are ok.

The active directory schema has been extended and all rights are ok.

Two boundaries are configured:

-          172.16.111.1 to 172.16.111.254 for SCCMP

-          172.16.99.1 to 172.16.99.254 for SCCMS

Computers in “domain.lan” are discovered using the active directory system discovery method. The network discovery is configured too.

There are computers from the two domains in both vlans.

The TCP ports 135, 139, 445, 1723, RPC-ANY, MS-SQL, and UDP port 137 are open between SCCMP and SCCMS. All ports are open from VLAN 99 to the domains controllers.

The port 80 is open from VLAN 99 to SCCMP.

There is no other port open.

In the VLAN 111, computers appear in the configuration manager console and I any problem to deploy the clients.

In the VLAN 99, the computers appear in the configuration manager console but I can’t deploy the clients. The DDR files are present in SCCMS. When I try push client from the configuration manager console I can see in the ccm.log that SCCMP try to push the client but it can’t succeed, which makes sense because SCCMP and the computers are in different vlans. There is nothing in the SCCMS’s ccm.log.

Here is ccm.log :

Received request: "DDLXBMPL" for machine name: "7ENT-10" on queue: "Incoming". Stored request "DDLXBMPL", machine name "7ENT-10", in queue "Processing". ======>Begin Processing request: "DDLXBMPL", machine name: "7ENT-10" ---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) ---> Attempting to connect to administrative share '\\7ENT-10\admin$' using account 'domain\administrateur' Submitted request successfully Getting a new request from queue "Incoming" after 100 millisecond delay. Waiting for change in directory "C:\Program Files (x86)\Microsoft Configuration Manager\inboxes\ccr.box" for queue "Incoming", (30 minute backup timeout). ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account domain\administrateur (00000035) ---> WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account domain\administrateur (00000035) ---> The device 7ENT-10 does not exist on the network. Giving up ---> Trying the 'best-shot' account which worked for previous CCRs (index = 0x0) ---> Attempting to connect to administrative share '\\7ENT-10\admin$' using account 'domain\administrateur' ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account domain\administrateur (00000035) ---> WNetAddConnection2 failed (LOGON32_LOGON_INTERACTIVE) using account domain\administrateur (00000035) ---> The device 7ENT-10 does not exist on the network. Giving up ---> ERROR: Unable to access target machine for request: "DDLXBMPL", machine name: "7ENT-10", access denied or invalid network path. Retry request id for "DDLXBMPL" set to "7ENT-10" Stored request "7ENT-10", machine name "7ENT-10", in queue "Retry". <======End request: "7ENT-10", machine name: "7ENT-10".

 

I don’t know why it’s not SCCMS which deploy the client in its boundary. Perhaps I’ve misunderstood how the deployment is made.

Does somebody have an idea or answer for me ?

Best regards

 

• Edited by Gilles Bachmann Wednesday, September 28, 2011 9:10 AM