Ah, that's understandable then. For the record we've noticed no performance impacts in the five years I've been managing SCCM with using it on our DCs. But compared to some of the environments out there, with about 1500 users we're really tiny so. For installation purposes, in the past the account used to install SCCM clients was a domain admin, so it really had no problems contacting whatever it wanted. We still do that in our smaller domains. However I now have a GPO startup health checking script linked to any OU with a computer account in it, including the domain controlers OU, and if the script runs on a machine and detects no client, it pushes one, no questions. Its helped a lot as we're still on 2007. Ryan
From: [email protected] [mailto:[email protected]] On Behalf Of Lindenfeld, Ivan Sent: Friday, May 9, 2014 12:40 PM To: [email protected] Subject: [mssms] RE: SCCM 2012 SP1 client won't install on Domain Controller There was an old issue which as far as I can tell is not one anymore where Asset Intelligence scanning for Primary User in DC's security event log caused performance issues on the DC's since there were so many user logins and logouts. I am the idiot that told a group of data center engineers about it and caused years of superstition. There are probably other reasons, which is why there are two sets of settings in the console for preventing/allowing clients on DC's. Ivan From: [email protected] [mailto:[email protected]] On Behalf Of Ryan Shugart Sent: Friday, May 09, 2014 2:21 PM To: [email protected] Subject: [mssms] RE: SCCM 2012 SP1 client won't install on Domain Controller Unfortunately I don't have an answer, but curious, why not put SCCM on domain controllers? We've done that here as long as I can remember, and we use SCCM to control patching and reboots of the DCs with no issues. Just making sure there isn't a got ya I am not aware of, but I treet DCs like any other servers. Ryan From: [email protected]<mailto:[email protected]> [mailto:[email protected]] On Behalf Of Lindenfeld, Ivan Sent: Friday, May 9, 2014 12:03 PM To: [email protected]<mailto:[email protected]> Subject: [mssms] SCCM 2012 SP1 client won't install on Domain Controller Hi Folks. Bing-Fu or Technet is not helping. Here is my issue, hope you can help... SCCM 2012 SP1 CU3 Site Server computer account is in the local Administrators group on the DC Trying to push client from the wizard in the console. YES I checked the tickbox for Install on DC The domain controllers are not in the local domain or forest...trusts are: external non-transitive and external non-transitive at the domain to domain level. Outgoing forest trust is transitive as is incoming forest trust. We already successfully manage all member servers in that domain with SCCM and have for a long time. ISSUE: SCCM connects to admin$ but not to WMI, here is the snippet of the CCM.LOG ---> Attempting to connect to administrative share '\\DOMAINCONTROLLER\admin$' using account 'LOCALDOMAIN\SCCM_CLIENT_PUSH_ACCOUNT' SMS_CLIENT_CONFIG_MANAGER 5/7/2014 2:13:23 PM 5980 (0x175C) ---> WNetAddConnection2 failed (LOGON32_LOGON_NEW_CREDENTIALS) using account LOCALDOMAIN\SCCM_CLIENT_PUSH_ACCOUNT (00000005) SMS_CLIENT_CONFIG_MANAGER 5/7/2014 2:13:23 PM 5980 (0x175C) ---> Attempting to connect to administrative share '\\DOMAINCONTROLLER\admin$' using machine account. SMS_CLIENT_CONFIG_MANAGER 5/7/2014 2:13:23 PM 5980 (0x175C) ---> Connected to administrative share on machine DOMAINCONTROLLER SMS_CLIENT_CONFIG_MANAGER 5/7/2014 2:13:24 PM 5980 (0x175C) ---> Attempting to make IPC connection to share <\\DOMAINCONTROLLER\IPC$<file:///\\SGCLAL-PIT01\IPC$>> SMS_CLIENT_CONFIG_MANAGER 5/7/2014 2:13:24 PM 5980 (0x175C) ---> Searching for SMSClientInstall.* under '\\DOMAINCONTROLLER\admin$\' SMS_CLIENT_CONFIG_MANAGER 5/7/2014 2:13:24 PM 5980 (0x175C) ---> Unable to connect to WMI on remote machine "DOMAINCONTROLLER", error = 0x800706ba. SMS_CLIENT_CONFIG_MANAGER 5/7/2014 2:13:24 PM 5980 (0x175C) I have never in my career of 17 years in SCCM managed a domain controller as a client on purpose. So I am sure I'm missing something. Thanks for your time. Ivan Lindenfeld Manager, Enterprise Deployment/SCCM Fidelity National Financial | Jacksonville, Florida ________________________________ NOTICE: The information contained in this message is proprietary and/or confidential and may be privileged. If you are not the intended recipient of this communication, you are hereby notified to: (i) delete the message and all copies; (ii) do not disclose, distribute or use the message in any manner; and (iii) notify the sender immediately. MiTek Holdings, Inc., 2011-2014, All Rights Reserved ________________________________ This communication (including any attachments) contains information which is confidential and may also be privileged. It is for the exclusive use of the intended recipient(s). If you are not the intended recipient(s), please note that any distribution, copying, or use of this communication or the information in it is strictly prohibited. If you have received this communication in error, please notify the sender immediately and then destroy any copies of it.
