Cannot remote control clients in another domain
Hi,
I have successfully rolled out SCCM 2012 clients with SCEP to machines in our current domain but I now need to do the same to another domain (in a two way trusted forest/domain). I can install the clients without any issue (by adding the DNSSUFFIX argument
to the client push so it can find it's way home), and they are reporting back in successfully including inventories.
However I cannot remote control any of these clients from the console, I've added a domain admin account (from the trusted domain) as a viewer and I've added the Windows firewall exceptions in the agent details. I can get to these clients without any
issues, tracert is fine so I know the routing is good.
If I try and connect I get the generic "Cannot connect to computer" (after "initiating security handshake"), if I do it direct from the Remote Control client I can remote control the client after dismissing the warning "Remote computer
identity cannot be identified". But I understand that this uses NTLM rather than Kerberos.
What have I missed ? I had all this working in SCCM 2007 without any issues so pretty sure the underlying infrastructure is sound.
Any help gratefully received and thanks for taking the time to read this.
Brian.
Thanks everyone for taking the time to reply - I'll put this is the one reply it's easier !
@Jason
Interesting about the DNSSUFFIX thing, there are DNS forwarders back to the domain and it seems to find its way home. When I had SCCM 2007 I used the SMSSLP parameter for the client install, I can't do that in SCCM 2012 hence the DNSSUFFIX parameter.
CmRcViewer.log has been very helpful, I didn't know that one existed - I guess I have some kind of lookup issue going on ;
Address Lookup failed for the target host: WSUSTEST.
No such host is known. (Error: 80072AF9; Source: Windows) CmRcViewer 03/12/2014 11:40:52 13048 (0x32F8)
Address Lookup failed for the target host: WSUSTEST.
No such host is known. (Error: 80072AF9; Source: Windows) CmRcViewer 03/12/2014 11:40:52 13048 (0x32F8)
Failed to connect to remote system. This can be caused by several conditions: system is turned off, system cannot be reached, windows firewall blocks TCP Port 2701, or remote control feature is disabled. CmRcViewer 03/12/2014 11:40:53 13048 (0x32F8)
Sending 'Remote Control session failed to start' status message for session with remote system WSUSTEST CmRcViewer 03/12/2014 11:40:55 13048 (0x32F8)
@NolanC
The issue is from the console - I can connect via FQDN or IP but get the warning "The Remote computer identity cannot be verified".
@Joyce
See the extract above, thanks for pointing me towards this log. I can confirm that the correct Firewall exceptions are in place and the membership of the ConfigMgr Remote Control Users reflects the permitted viewers in the client settings.
Just seeing if I can resolve the lookup issue, DNS seems to fine ! Unless I've missed something in SCCM.
Similar Messages
-
Client (in another domain) is not seeing the updates....
ConfigMgr 2012 SP1 is the SCCM version
It is installed on a domain called domain A. I applied a SUG to Domain A and another domain (Domain B) clients successfully. (100 % success).
However, the nodes on Domain C are not seeing the applied updates in the software centre. Of course the 'nodes' are showin in SCCM console as 'active'. I even manually added a boundary for the subnet the servers are in . But it makes
no different. I noticed that the SCEP is also not pulling AV updates. However, if I gogo -control panel-configuration manager -site-and clicked on 'Find site', them I get the message "Configuration manager has successfully found a site to manage this
client. This client is already assigned to the sire that was found".
How can I apply the SUG to the computers?Thanks guys. The problem solved.. From the above info I made a solid guess that WSUS is interfering. Then I noticed it is affecting windows 2003 (ouch) servers only. Found that there is a 'windows 2003 SCCM' policy in another domain and it is not applied
to this domain. Copied (technically exported ) it and linked it to servers OU.
All good now.
(I had to mark 3 replies as answers since each contributed).. -
Remote desktop connection to another domain
Hi,
I have two domains trusted together, i have sccm 2012 sp1 on one site, sccm client installed on all clients in two domain but the problem here that i can connect on any client in my site normally with right click on client and connect, but when i try to
connect on clients in another site connection failed, i must type the ip address of machine to connect successfully, i thinks that issue related
to DNS ! but what can i do if so ?
FYI, i'm domain admin in two sites and my account is member of domain admins in two domains.
Ahmed SherifAs Jason says this is a DNS question, not ConfigMgr. Try to ping a device in Domain 2 using the FQDN. Does it resolve to an IP address? You need to work on your DNS infrastructure until it does.
There are many ways to achieve this - it depends on your environment. "Conditional Forwarders" are probably the easiest to implement.
Gerry Hampson | Blog:
www.gerryhampsoncm.blogspot.ie | LinkedIn:
Gerry Hampson | Twitter:
@gerryhampson -
Cannot "Remote Control" Users in a RDP (TS) server.
So, I have a few Terminal servers (now called Remote Desktop Servers) setup and running, various Operating systems, but all 2008r2 and above.
All of them are having an issue that has cropped up over the last few months. Either in Task manger, or in the Remote Desktop Manger, I cannot right click and select "Remote Control" to see what a user sees.
As you can see the, connect and Remote control are Grayed out. Although on some of the servers, I can connect, that disconnects the user from the system.
I cannot find a setting that allows me to unlock this ability.
I am an admin, and I can provide any information that you need.
Thanks!
Rule your day, you never know when it might be your last.I am remoted into the server, and running the manager from the remote session.
I see the same behaviour from the console session of the server.
Rule your day, you never know when it might be your last. -
ZCM 11.2 cannot remote control across WAN
ZCM 11.2 appliance (sole Primary). There is a satellite located across the WAN at my other office. It is still at 10.3. Just completed upgrading from ZCM 10.3 appliance to 11.2 appliance. I can remote control any PC on my LAN. But if I attempt to remote a device across the WAN, I get an error: "Rights Authentication failed. The managed device was unable to contact the ZENworks server." I tried this too many times with my satellite and now it gives me this error: "The managed device is blocked from accepting Remote Management requests since the number of consecutive unsuccessful attempts exceeded the configured limit." The only cause I have seen listed for this is time not in sync. But I believe I have everything in sync. Any suggestions for how to fix this?
Ken
PS. nntp access to the forums appears to be down. I had to use the web interface to post this.On Tue, 01 May 2012 14:01:25 GMT, Shaun Pond
<[email protected]> wrote:
>KeN,
>
>d'oh! And yes, NNTP was down :0
After posting via the web interface, I saw Kim's notice. :-) -
Remotely control mac to another mac over internet / ML 10.8.2
Help please!! I am in Hong Kong and want to be able to remotely control my fathers mac that is in the UK. I want to be able to take FULL control of his mac from mine. Both using Mountain lion. Can this done? What are the EXACT steps required to make this happen for both macs please?
The easiest way is of both of you are using Messages. If so you can share the screen of your fathers Mac and you will have access to the computer as if you ere logged in to it.
If you look in Messages->Video make sure Screen Sharing Enabled is checked on both computers. Then once you have a chat session going with your father select Messages->Ask to Share <fathers message name> Screen… and you father will select Messages->Share My Screen with <your message name>
You can look in the Messages help file for complete description of this.
regards -
Can I Remote Control or Shadow another Mac's desktop over the internet?
If so, how?
I am our families tech support for all technology needs. We dumped our home PC a year ago for a Mac. Told the fam that my support skills are aging and they'd have to switch to a mac for continued support
Yikes, the sister is going to take the dive this week. I will for sure need to help her out. Is there a way to remotely support her with native Apple tools?
Any help would be appreciated!
Thx,
BrentOk, mom got a mac last night. I read up on the screen sharing. This looks like it's geared to screen sharing on the local network. When I shared my mac out, it gave me a 192.168 address. This is a private, NAT'd address so this won't be routable.
I hope I'm missing something really easy... Any easier way to do this? -
SCCM remote control keeps dropping out when another network adaptor loses connection
Hey guys,
Hopefully someone will be able to help me out
at work, we are running SCCM 2012, and I use SCCM 2012 config manager to manage the clients etc
We have a particularly annoying issue with SCCM remote control; it constantly drops out when a network connection on the client machine disconnects or changes state, even if its not interface I'm remote controlling through
Here's an example for you:
a laptop with a wired, and wireless connection:
I remote control the machine through the wired network address (lets say 192.168.0.1), but if the wireless connection drops out (someone turns it off or it breaks) the remote control client will kick me off, lock the screen, and I have to wait 20-30 seconds
before it will accept my connection again
This happens with any network adaptor that's installed on the client
Here is a copy of the logs re-creating this issue: https://www.dropbox.com/s/nu4w28d44xky3rg/CmRcService.log
(I've edited it to take out usernames and IP addresses as they are publicly accessible)
So my question, does any one know how to fix this issue? I see it uses WMI, is there anyway to get WMI to ignore an interface?
Thanks heaps,
HarryThis is going to be done by design for security reasons. If the network connect for whatever reason is down the pc will automatically be locked.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ -
Remote control and windows XP SP2
I have been creating new images and noticed that when I install windows XP
service pack 2 that the remote control client fails to load up and I cannot
control the workstations. Before placing the service pack on,the remote
control agent on the system tray loads up, but disapears after service pack 2.
I have seen this on a vairety of different workstations and different
clients. We are currently using the Novell client 4.83.3.1 SP1 and a 4.9
client.
Has anyone come across this problem?
Glen> I have been creating new images and noticed that when I install windows
XP
> service pack 2 that the remote control client fails to load up and I
cannot
> control the workstations. Before placing the service pack on,the remote
> control agent on the system tray loads up, but disapears after service
pack 2.
> I have seen this on a vairety of different workstations and different
> clients. We are currently using the Novell client 4.83.3.1 SP1 and a 4.9
> client.
>
> Has anyone come across this problem?
>
> Glen
>
thanx to Shawn Dakin for this solutions
1) Change the Windows Firewall/ICS service to manual
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\SharedAccess
String Value Start = 3
2) Force Windows Firewall/ICS service to start before Remote Management
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Novell User Agent
Multi String Value DependOnService = SharedAccess
NOTE: DependOnService must also contain WM
3)Set Firewall Exceptions for wuser.exe
netsh firewall add portopening UDP 1761 ZENRC Enable
netsh firewall add portopening UDP 1762 ZENRC Enable
netsh firewall add allowedprogram c:\novell\zenrc\wuser32.exe ZenRC enable
NOTE We placed the netsh commands in the autoexec.bat of every WinXpSp2
machine.
This fixed the problems for us, and allows us to remote control even if
the user is not connected.
THIS WORKS WITH ZenWorks 3.2 ONLY -
ZCM 11.2.3 Remote Control Issue
I have zcm 11.2.3 MU1 installed.. I just imaged a few windows 7 64 bit computers ... installed agent and novell client.. all seems to work just fine with them (ie policies, inventory etc) BUT I cannot remote control them..I Get a failed to connect to server when I try to remote control (both Ip address and DNS name).. I turned off the firewall and that made no difference.. anyone tell me where to look for logs to see why it is failing on these computers ??.. I can remote control other computers no problem
Originally Posted by roehmdo
thanks - the remote policy if definitely applied to these workstations... looking at the tid,, would these logs exist on the workstation or the server ?
It's all in the TID
Component Name: Remote Management
Enable Debugging:
Device being remoted:
Set agent logging to debug and above with zicon.
Stop “Novell ZENworks Remote Management powered by VNC” service either using cmd or services.msc
Windows workstation set:
Location: HKLM\Software\Novell\ZENworks\Remote Management\Agent
****Location: 10.3 and later: HKLM\Software\Novell\ZCM\Remote Management\Agent
Name: DebugMode
Type: DWORD
Data: 2
Location: HKLM\Software\Novell\ZENworks\Remote Management\Agent
****Location: 10.3 and later: HKLM\Software\Novell\ZCM\Remote Management\Agent
Name: DebugLevel
Type: DWORD
Data: decimal value 10 or hex value ' a'
Location for x64 Windows 7:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Novell\ZCM \Remote Management\Agent
After the above registry changes, Restart “Novell ZENworks Remote Management powered by VNC” service either using cmd or services.msc
Device running the browser performing Remote Management:
In the Remote Management Dialog box, select "More Options" and check "Enable logging"
Log Locations:
Device being remoted:
Windows workstation:
%ZENWORKS_HOME%\logs\WinVnc.log
%ZENWORKS_HOME% \logs\LocalStore\zmd-messages.log
Windows Vista workstation:
%ZENWORKS_HOME%\logs\WinVncApp.log %ZENWORKS_HOME%\logs\WinVnc.log
%ZENWORKS_HOME% \logs\LocalStore\zmd-messages.log
Device running the browser performing Remote Management:
novell-zenworks-vncviewer.txt
location:
Internet Explorer 7 on W2003 or XP: Current user's desktop
Internet Explorer 7 on Vista: last directory browsed from IE 7
Firefox: Firefox directory, for example, C:\Program Files\Mozilla Firefox
From the server used for ZCC to RM:
loader-messages.log
services-messages.log
zcc.log
Thomas -
Remote Control and Middle Tier
We have a Middle Tier installed in a DMZ on a separate tree. Logins are ok, Applications are launched and installed, workstations are imported and inventoried however we cannot remote control the workstations.
At the moment I am getting an 1858 Error message (timeout).http://www.novell.com/support/viewCo...6323&sliceId=1
http://www.novell.com/support/viewCo...8425&sliceId=1
I've never done it myself, but those TIDs may help.
And if either PC is behind a NAT'd Firewall, you will likely have issues.
You could use Port Redirection for the Console ONE pc on your side but if
the PC on the other side is NAT'd, you will have issues too.
Craig Wilson - MCNE, MCSE, CCNA
Novell Support Forums Volunteer Sysop
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human.
"tassos g" <[email protected]> wrote in message
news:[email protected]..
>
> Hi Craig, thanks for your suggestion, could you please give me a bit of
> assistance in setting this up, I would much appreciate it.
>
>
> --
> tassos_g
> ------------------------------------------------------------------------
> tassos_g's Profile: http://forums.novell.com/member.php?userid=33638
> View this thread: http://forums.novell.com/showthread.php?t=354046
> -
Can do everything but Remote Control.
I have a 99 client Pro subscription. One particular computer will let me login and do everything but Remote Control. I can use the File Manger, Chat, etc. Remote Control client shows an error after it tries to authenticate. Other clients work just fine.
Reinstall it duh
-
On computer with XP SP2, The remote control service does not start up.
It is set to automatic, but does not start. When I try remote conrtol, I
get remote agent not found. If I click on it and select start, then
everything works. Does anyone have a solution for this?
Thanks
Dave....and here is the TID you should reference:
"Novell ZFD Remote Management service is stuck in "starting" mode"
http://support.novell.com/cgi-bin/se...?/10095223.htm
"note"
"This problem may also be seen at other times when troubleshooting problems
when you cannot remote control a workstation"
Regards
Rolf Lidvall
Swedish Radio (Ltd)
NSC SysOp -
I have a problem using the remote control with Zenworks (ZCM 11.2.4.0).
Before Zenworks, we used VNC (3.3.9) for the remote control, but since the agent deployment many workstations are not accessible via ZCC.
I noticed this on the workstations in question :
If we install VNC (official version) in addition to Zenworks, where the Zenworks agent has been installed it will destroy almost every files in C:\Program Files\Novell\ZENworks\bin! As a result, the nzrWinVNC.exe no longer exists and the service 'Novell ZENworks Remote Management powered by VNC' disappeared aswell from the list of running services and therefore I cannot remote control the workstations anymore.
I do not understand this behavior.
Is there any effective way to partially restore the corrupted agent (i.e reinstall the RM missing part)? Or otherwise any method that I can follow.
Thank you.If the ZCM Agent works EXCEPT for Remote Control try the following.
In the ZCC, go into details of the object in the ZCC and configure that
device to "Not install" Remote Management Components.
Force a Remote Refresh (or have someone do it manually on the device.)
Once the refresh is done, Enable Remote Control Components and refresh
again.
This process will tell the agent to remove and then tell it to install
those components. That may help.
And definitely configure a Remote Control Password via your Remote
Control Policy and give it out to your techs. That way if they prefer
VNC to manage devices, they can still do that w/o installing VNC on the PC.
On 5/20/2014 8:36 AM, fnicol wrote:
>
> The thing is we initially had VNC 3.3.9 before we choose ZCM. On some
> workstations, after the ZCM agent was installed we couldn't use remote
> control with both ZCC and VNC...we still don't know why.
> So our IT workers told the users to launch the VNC3.3.9.exe located on
> our network folder in order to get it running as it was before Zenworks.
> But as I explained, this operation deleted numerous files in the Novell
> Zenworks folder, including all remote control files. On those computers
> we can use VNC again but that's it.
> I know it was a mistake from our part, ideally we don't want to use any
> other remote control software (such as VNC, Teamviewer, etc...) except
> for Zenworks remote control (through ZCC).
> Now we have workstations impossible to access to and the only solution
> is to tell users what to do, which can be a bit tedious sometimes. That
> is why I'd like to know a way to recover all the files missing in
> "C:\Program Files\Novell\ZENworks\bin" so that it is working again.
>
> I hope I explained myself well and you can give me the help needed.
>
>
Craig Wilson - MCNE, MCSE, CCNA
Novell Technical Support Engineer
Novell does not officially monitor these forums.
Suggestions/Opinions/Statements made by me are solely my own.
These thoughts may not be shared by either Novell or any rational human. -
Remote control the camera on a monopod
Hello,
I am trying to find out if there is a remote control or use another iPhone to control my iPhone camera while on a selfie stick (monopod). Would like the ability to toggle between back and front camera and video and pictures.there is a small remote to just take the picture called "remote shutter" you can find it in any local phone shop .
and for more control yes there is a app that you can use to control another Iphone camera !
i know one but it's not free "WiFi Camera"
of course there is free one but I can't remember it right now . good luck finding it
Maybe you are looking for
-
I've just been given a perectly working iPhone 4s which I have set up without having to plug it into a computer. The computer is recognising that something has been plugged in becasue of the noise it's emitting however it's also not coming up in 'My
-
Topic area: Apple Mail. Question: How do I get the message preview window to display to the right of my list of email messages? i.e. to preview whatever message is currently highlighted in the center window list of messages?
-
No SID found for value 'ZDP ' of characteristic 0PO_UNIT
hi all, iam loading daily delta for invoice verification infocube.. today iam getting following error 1. Data records for package 1 selected in PSA - 1 error(s) 2. Record 496 :No SID found for value 'ZDP ' of characteristic 0PO_UNIT 3. Error 4 in
-
I am going to japan with an Ipod nano and Iphone 4. Do I need a converter? or does the one the iphone comes with that plugs into the wall enough? I know i wont need an adapter because it will fit into the wall outlet, but voltage wise, will i need a
-
Macbook Air early 2014 - Horizontal lines in screen
Hi to all, I would like to add my problem to the community. I bought this September a Macbook Air (i7,8GB RAM, 256GB, Samsung Display LSN133BT01A02) and I had the horizontal lines problem. As you understand the problem is not great and it does not af