Obscure SCCM Client agent problem on legacy server

A colleague of mine came across a very obscure SCCM client problem that I thought I’d share with you all….enjoy!

Just sharing a scenario I’ve just dealt with, in case anybody has to deal with similar on some of the weird and wonderful stuff we are welcoming to our SCCM environment.

Scenario:
Windows 2000 SP4 server, SCCM agent is installed, but object does not appear in database and SCCM components do not install.  CCMEXEC.log consistantly shows errors:

[CCMHTTP] HTTP ERROR: URL=http://xxxxx.client.xxxxxxx.com/ccm_system_windowsauth/request, Port=80, Protocol=http, SSLOptions=0, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE              CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

Raising event:
instance of CCM_CcmHttp_Status

{

                DateTime = “20111010163127.872000+000”;

                HostName = “xxxxxx.client.xxxxxxx.com”;

                HRESULT = “0x8004027e”;

                ProcessID = 2336;

                StatusCode = 500;

                ThreadID = 3256;

};

                CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

HandleRemoteSyncSend failed (0x80040231).  CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

CForwarder_Sync::Send failed (0x80040231).   CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

CForwarder_Base::Send failed (0x80040231).   CCMEXEC              10/10/2011 17:31:27               3256 (0x0CB8)

IIS log on Management Point shows this:

2011-10-10 16:31:08 W3SVC1 35.98.24.11 CCM_POST /ccm_system_windowsauth/request – 80 – 35.49.28.99 ccmhttp 401 2 2148074254
2011-10-10 16:31:08 W3SVC1 35.98.24.11 CCM_POST /ccm_system_windowsauth/request – 80 – 35.49.28.99 ccmhttp 401 1 0
2011-10-10 16:31:08 W3SVC1 35.98.24.11 CCM_POST /ccm_system_windowsauth/request – 80 – 35.49.28.99 ccmhttp 401 1 5

Cause:
The server had at some point in its long and sordid history had the following registry value set:

Key name = HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa

Value name = lmcompatibilitylevel

Value type = REG_DWORD

Value data = 0

Solution:
This value controls how the computer attempts to authenticate with network resources (i.e. which to use of LM, NTLM, NTLMv2).

We set this value to 3, restarted the box and the agent was then able to communicate with the management point and functioned normally.

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: