Install SCCM on non-domain-membered server!

Similar Messages

• RDP using Smartcard fails with NLA for non-domain members

  We have to administer Windows 2008 R2 servers which are in domains we are not members of - typically domains that support a particular application. We have DoD smartcards (CAC) and we admin from our Windows 7 desktops. If we disable NLA, we can CAC-authenticate
  over RDP just fine. With NLA enabled, though, we get "The remote computer you are trying to connect to requires NLA but your Windows domain controller cannot be contacted to perform NLA".
  My assumption would be that the Win7 desktops would never know where the particular ADCs are, since we're not domain members, but that they actually need to verify the DoD root cert that signed our CAC. Said root cert has been installed on our desktops and
  on the servers in the domains.
  What is necessary to get NLA with smart cards working for non-domain members?
  Edit: With NLA enabled I *can* connect over RDP from one of the domain members to another, so this really seems specific to the non-member desktop settings and how it performs NLA

  Hi,
  Thank you for posting in Windows Server Forum.
  If you use the credential SSP on Windows Vista or Windows 7 to log on with a smart card from a computer that is not joined to a domain, the smart card must contain the root certification of the domain controller. A public key infrastructure (PKI) secure channel
  cannot be established without the root certification of the domain controller.
  You can use following command for adding certificate.
  certutil –addstore –enterprise NTAUTH <CertFile> 
  Where <CertFile> is the root certificate of the KDC certificate issuer.
  More information.
  Smart Card and Remote Desktop Services
  http://technet.microsoft.com/en-us/library/ff404286(WS.10).aspx
  Apart there is one Hotfix might resolve your case, go through beneath link once.
  RDS client computer cannot connect to the RDS server by using a remote desktop connection in Windows
  http://support.microsoft.com/kb/2752618
  Hope it helps!
  Thanks.
  Dharmesh Solanki
  TechNet Community Support
  Please remember to mark the replies as answers if they help and unmark them if they provide no help. If you have feedback for TechNet Support, contact [email protected]

• Non-Domain Print server

  Hello All,
  We set up a non-domain print server for our SAP integration. We have several printers all being shared. When we go to add a printer on a workstation or terminal server through add a printer and choose network we can bring up list through typing in \\servername\.
  When we use windows explorer it says we can not access. How can we allow them to browse printers through windows explorer? This will be done from domain and non domain accounts. 
  -File and printer sharing is on
  -Windows firewall is off
  - Guest account is on

  Hi,
  à
  When we use windows explorer it says we can not access.
  Would you please let me know complete message that you can get?
  Please follow the path: Control Panel-> Network and Sharing Center-> Change advanced sharing settings.
  Please also click ‘Turn on network discovery’ and monitor the result.
  If any update, please feel free to let me know.
  Hope this helps.
  Best regards,
  Justin Gu

• WMI filtering / GPO for non domain members

  Hi all,
  Our customer make use of a Windows Server 2008 R2 RDS. We use some thin clients and win7 workstations to connect with it inside our domain.
  We had a policy for automatic screen lock and secure with password, but they doesnt want to use it anymore for the users who's working internally. So i disabled this policy.
  What they want is a policy for all homeworkers or users connecting from an internet cafe or something. So if they are not connecting from a specific subnet or domain, the screens have to lock automatically after a few minutes.
  Does anyone know how i can do this? Do i have to create a WMI filter for computers which are not domain members or do i have to do this for a specific subnet?
  Thanks!
  Kind regards, Raymond

  I thought I should clarify this based on your question:
  You say you want filtering based on "non-domain users".  Are you saying you have users connecting in that are not using AD accounts?  How are you doing this?  Are they using local accounts on the server?
  How are you allowing non-domain accounts to connect? Where are the accounts defined?
  Maybe you really are asking qabout domain users connecting from the WAN and not from the LAN.  Is that what you are trying to ask?
  ¯\_(ツ)_/¯

• DHCP not handing out IP leases to non-domain members

  Recently gotten DHCP working, server gives out IP address for domain computers only, non-domain computers do not get a lease and if I manually assign an IP and the device will gain network and internet access. I used the wizard to create the DHCP IP range
  but have not done much beyond that. I have setup DHCP servers using Linux, my first go around with Windows. Any further information you may need please let me know.
  Thanks.

  Alright here we go, took some digging but found the solution for all issues.
  netsh int ip reset
  netsh winsock reset
  Just as further step I restarted DHCP on the server, one more time, then restarted the network interface on my test laptop, I was given an IP address from the server and could browse the network\internet. This morning I checked Address Lease's and now
  I see ten address have been leased for RRAS and all devices I have ran the above command on are pulling an address. So the solution to my problem, disable filters for allowed devices in DHCP manager, increase the range or block of IP address to be leased and
  finally rebuild\reset winsock and ip stack on domain devices.
  Hope this helps someone else in the future.
  Cheers!

• Install AADSync on a Workgroup server (non-domain joined)

  Does anyone has experiences with installing AADSync on a non-domain joined server (workgroup). A company with multiple forests wants to have a "neutral" server for the identity synchronisation. It looks like the tool is installing fine, but can
  there be some configuration issues?

  This is supported.  See here:
  "Your computer can be stand-alone, a member server or a domain controller. "
  ref: http://msdn.microsoft.com/en-us/library/azure/dn757602.aspx
  Mike Crowley | MVP
  My Blog --
  Planet Technologies

• Powershell script to get the domain admin list from non domian member server

  hello Script guys!
  I am new of the powershell scripting.
  currently I am working on autometion project , we would like generate a privilege report for our existing servers.
  in our environment, there are many seprated domain , we would like generate the report from one server instead to login each server to check , could you provide some guide on how can we get the specific domain admin list for each domain from a non domain
  membership server by using the powershell script? many thanks for your help.

  You could remote to the domain controller or use ADSI to query the domain.
  Look inth eGallery as ther eare many scripts there tha will return group membership using ADSI.
  ¯\_(ツ)_/¯

• [Forum FAQ] Management Point fails after installing SCCM 2012 SP1

  Symptom:
  The Management Point might fail to be installed after you install SCCM 2012 sp1 on Windows Server 2012, either fresh install or others.
  You might see some errors in mpMSI.log like listed below.
  “Setup was unable to compile the file CcmExec_Global.mof”
  “The error code is 80041002”
  Cause:
  Reinstall Management Point cannot work. This is because CCM Namespace remains in WMI which prevents SCCM from installing MP. You need clear CCM Namespace from WMI.
  Resolution:
  1. Uninstall Management Point from the console, then wait for the uninstallation to finish in MPSetup.log.
  2. Open Wbemtest -> Connect to root -> Click Enum Classes and choose Recursive -> Double click _NAMESPACE in Query Result dialog -> Click Instances -> Delete  _NAMESPACE.Name=”ccm”
  3. Install Management Point.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

  Symptom:
  The Management Point might fail to be installed after you install SCCM 2012 sp1 on Windows Server 2012, either fresh install or others.
  You might see some errors in mpMSI.log like listed below.
  “Setup was unable to compile the file CcmExec_Global.mof”
  “The error code is 80041002”
  Cause:
  Reinstall Management Point cannot work. This is because CCM Namespace remains in WMI which prevents SCCM from installing MP. You need clear CCM Namespace from WMI.
  Resolution:
  1. Uninstall Management Point from the console, then wait for the uninstallation to finish in MPSetup.log.
  2. Open Wbemtest -> Connect to root -> Click Enum Classes and choose Recursive -> Double click _NAMESPACE in Query Result dialog -> Click Instances -> Delete  _NAMESPACE.Name=”ccm”
  3. Install Management Point.
  Please click to vote if the post helps you. This can be beneficial to other community members reading the thread.

• Non-Domain joined clients connect to server initially but cannot connect via Launchpad

  Running SBS 2011 Essentials in a small office. Running XP/Vista/7 clients. All working fine until we swapped routers. Old router died, new router was installed. 
  Now all domain-joined PC's connect as normal, but all NON-Domain-Joined PC's cannot access the server via the launchpad. I get the "The server appears to be offline. Do you want to sign in to offline mode?" box. 
  Tried removing PC from the SBS Dashboard, uninstalling the connector from the client, restarting client, and reinstalling the connector. I can install the connector (using
  http://<server ip>/connect , but not http://<servername>/connect
  ). Connector installs but it still tells me the server is offline when trying to use dashboard or launchpad on the client.
  Note: I can add a network location or Map a network drive to ther server after inputting my network password from Windows.
  Any Services to check? Firewalls exceptions to ensure? Advice?
  EDIT: Dashboard on Server shows Client, sometimes as online, sometimes as offline. 

  Sounds like name resolution issue to me.
  Are all your clients set to use the IP of the Essentials Server for their primary DNS?
  Robert Pearman SBS MVP
  itauthority.co.uk |
  Title(Required)
  Facebook |
  Twitter |
  Linked in |
  Google+

• Non-domain computer cannot connect to server

  I have a unique issue. 
  I have a Windows 2008 server running Exchange 2010 (all roles on single server )
  I have a Windows 7 Pro client that is not a member of the domain.
  When setting up Outlook 2010 I enter user's name, email address and password.  The system starts configuring, it successfully searches for [email protected] settings.  It then prompts for credentials.  I cannot get it to take them.
  However, If I user the domain admin account I can successfully setup the domain admin email in Outlook.  I just cannot do it with a standard user.
  Also, I noticed that this non-domain computer can access domain member server if I provide credentials (domain\username). This does not work with this or any of my other Windows 2008 servers.
  I have been fighting this with no relief in sight...
  Thanks
  Wayne 

  Let me be clear about my symptoms.
  Exchange with domain joined computers autodiscover/Outlookworks fine....
  DC's and exchange server all have same time/date otherwise nobody would be able to authenticate.
  The problem only exists with non-domain computers (both within the network and outside of the network)
  The autodiscover tests fine with exchange connectivity tester.  I cannot test outlook as I have a certificate from an untrusted root that is installed manually on the non-domain computers.
  The non-domain computers can connect to windows 2003 member server (with appropriate domain credentials) but not to this 2008 (or the other 2 2008 member servers)
  Update-  If I configure the domain administrator account on that same non-domain connected machine, it retrieves the domain admin email just fine.....

• Unable to install SCCM client on Windows Server 2008 R2 - certificate permission error?

  I am trying to comply with corporate policy, which is, have an SCCM agent or client on every Windows device. I have successfully used the provided SCCM installer on other Windows 2008 R2 servers. However for one particular server I cannot get the SCCM agent
  to install successfully. I've searched forums and documentation, but can't find a solution. Part of the problem is the lack of feedback by SCCM on what is wrong. I think I have narrowed down the symptom to the following error messages from the "C:\Windows\CCM\Logs\ClientIDManagerStartup.log":
  [LOG[Certificate [Thumbprint C559304C1598F17641D0732EB9EB787169A25FA7] issued to 'SMS' doesn't have private key or caller doesn't have access to private key.
  [LOG[Failed in GetCertificate(...): 0x87d00281]LOG]!><time="10:56:59.014+300" date="04-17-2014" component="ClientIDManagerStartup" context="" type="3" thread="3024" file="ccmcert.cpp:2122">
  [LOG[CCMCreateAuthHeaders failed (0x8009200b).]LOG]!><time="10:56:59.014+300" date="04-17-2014" component="ClientIDManagerStartup" context="" type="3" thread="3024" file="clientauthutil.cpp:978">
  When I use the Certificates MMC snap in to look at installed certs on this Windows Server 2008 R2 machine, there are plenty of normal and expected certificates there. There is also a branch called SMS with hundreds of entries, I have no idea what that is.
  The above error seems to indicate a permissions issue. What do I do to fix this SCCM install? It seems like a server cert issue, not an SCCM issue, so I'm posting to the Windows Server forums.
  Thanks in advance.
  Thanks

  this maybe helpful...
  http://www.jamesbannanit.com/2011/04/certificate-requirements-for-sccm-2012/
  should be asked in SCCM forum...
  http://social.technet.microsoft.com/Forums/en-US/home?forum=configmanagerdeployment
  Best,
  Howtodo

• SCCM 2012 R2 Install - Reporting Services Point, Remote SRS Server

  Hi all,
  Here's a brief run down of the setup so far. SCCM 2012 R2 installed on Windows 2012 R2 (SCCM01). SQL 2012 back end is off box, on a separate cluster (SQL01C01). Reporting Services for SQL 2012 is due to be installed on a different server (SRS01).
  My question is, when I come to sort out Reporting Services in SCCM, will I simply need to add SRS01 into SCCM as a Site System Server and install the Reporting Services Point onto SRS01?
  I realise I could simply wait for the sql guys to sort the install of SRS and then test it myself but it might be a while before that gets done so I thought I'd ask....Thanks for the help

   will I simply need to add SRS01 into SCCM as a Site System Server and install the Reporting Services Point onto SRS01?
  Correct, although the other way around. Remember you have to make SCCM01$ a local administrator on SRS01.
  Gerry Hampson | Blog:
  www.gerryhampsoncm.blogspot.ie | LinkedIn:
  Gerry Hampson | Twitter:
  @gerryhampson

• Trouble connecting to OSX server from XP domain members

  Can someone help me out with a problem connecting to our OS X server from Windows XP? Basically, I only have trouble connecting from XP machines that are members of the domain.
  Here are some details:
  OS X Server 10.3.9, bound to domain through Active Directory.
  Windows Services role = Domain Member.
  Computer name (under Windows Services) = macserver
  Connects fine from Macs via Network>Domain>macserver
  macserver IP address: 192.168.1.5
  Sharing 1 folder to all members of the domain.
  I can connect fine from OS X computers and XP computers that are NOT members of the domain
  I can connect from XP domain members via the IP address \\192.168.1.5
  I cannot connect from XP domain members via Network Neighborhood>Domain>macserver, or by entering the computer name. Error message recieved: "The account is not authorized to log on from this location."
  I can ping macserver from any xp machine and it resolves the IP address.
  I can browse the webserver on OSX Server via http://macserver.
  Any thoughts?
  Thanks,
  Eric
  PowerMac G4, MDD   Mac OS X (10.3.9)  
  PowerMac G4, MDD   Mac OS X (10.3.8)  

  I can't remember how I resolved this. I think I had a number of problems, for instance, spaces in fileshare names. I might also have set up the domain incorrectly. Who knows.

• Need help with a simple Rename/Join Domain/Install SCCM Client Task Sequence

  Good morning everyone,
  I need to create a very simple task sequence that will run an .exe that we have created that renames the computer based on a prefix-serialnumber...then restarts, adds it to our domain, restarts, and then installs the SCCM client.
  1) run rename program 
  2) join to domain
  3) install sccm client
  Can someone help me with the steps that will be required for this?
  Thank you very much!
  **note, these will not be formatted/have an OS installation ran on it with this task sequence.  The situation is that we are receiving 400+ custom configured laptops, and we're going to have to rename/join/install sccm on each...trying to simplify
  this
  any recommendations are greatly appreciated!

  Narcoticoo : Which boot image am i supposed to be using to insure that it boots into Standard Windows, NOT WinPE?  I have a standard x86 package / boot image i've been using.  If it boots up with this, it goes into WinPE (correct me if I'm wrong,
  for this seems to be what happens each time it boots off the boot image...it does not go into windows standard/full)
  When I go into properties of the one i'm using, and take the check off of "Use a boot image", where it will not boot to WinPE, it will not even show up in my list of available task sequences for
  1) when I PXE boot to try the task sequence, or
  2) when I try to make stand-alone media for this task sequence as you have suggested
  When I run the standalone media, the only log files I find are the following with errors:
  PackageID = 'MPS0014E' InstallSoftware
  12/8/2014 12:28:36 PM 2344 (0x0928)
  BaseVar = '', ContinueOnError='' InstallSoftware
  12/8/2014 12:28:36 PM 2344 (0x0928)
  ProgramName = 'MPHS - Rename Computer' InstallSoftware
  12/8/2014 12:28:36 PM 2344 (0x0928)
  SwdAction = '0002' InstallSoftware
  12/8/2014 12:28:36 PM 2344 (0x0928)
  IsSMSV4PlusClient() == true, HRESULT=80004005 (e:\nts_sccm_release\sms\client\osdeployment\installsoftware\main.cpp,332)
  InstallSoftware 12/8/2014 12:28:36 PM
  2344 (0x0928)
  Configuration Manager client is not installed
  InstallSoftware 12/8/2014 12:28:36 PM
  2344 (0x0928)
  Process completed with exit code 2147500037
  TSManager 12/8/2014 12:28:36 PM
  1544 (0x0608)
  TSManager 12/8/2014 12:28:36 PM
  1544 (0x0608)
  Failed to run the action: Install Package. 
  Unspecified error (Error: 80004005; Source: Windows)
  TSManager 12/8/2014 12:28:36 PM
  1544 (0x0608)
  Failed to run the action: Install Package. Execution has been aborted
  TSManager 12/8/2014 12:28:36 PM
  1544 (0x0608)
  Do not send status message in full media case
  TSManager 12/8/2014 12:28:36 PM
  1544 (0x0608)
  Failed to run the last action: Install Package. Execution of task sequence failed.
  Unspecified error (Error: 80004005; Source: Windows)
  TSManager 12/8/2014 12:28:36 PM
  1544 (0x0608)
  Do not send status message in full media case
  TSManager 12/8/2014 12:28:36 PM
  1544 (0x0608)
  Execution::enExecutionFail != m_eExecutionResult, HRESULT=80004005 (e:\nts_sccm_release\sms\client\tasksequence\tsmanager\tsmanager.cpp,866)
  TSManager 12/8/2014 12:43:48 PM
  1544 (0x0608)
  Task Sequence Engine failed! Code: enExecutionFail
  TSManager 12/8/2014 12:43:48 PM
  1544 (0x0608)
  TSManager 12/8/2014 12:43:48 PM
  1544 (0x0608)
  Task sequence execution failed with error code 80004005
  TSManager 12/8/2014 12:43:48 PM
  1544 (0x0608)

• Non Domain User Access to Report Server

  HI Team,
  I am Back with another question. These days i am working on SSRS web services as a part of that i need to provide user access to non domain users to the report manager which is residing in a virtual machine and also when i use the report service web service
  URL it is asking for virtual machine's windows credentials and as per my client's requirement i should not be prompted with VM'S windows credentials.
  Also, we are providing end users with a login page and this login page is connected to a separate User's database  in the VM and how to register these non domain users in the report server database
  and also reort manager. please help me out of this issue. 
  Thank you.

  Hi NB515,
  In Reporting Services, if we connect to Report Manager out of domain, then we need provide a domain username and password can we access to it. If you want to skip this step, you can configure anonymous access for the report server. However,anonymous access
  is not recommended as it may give direct access to your report server or report projects to any one who know the URL of your Reporting Services. But in case you still want to try it, you can refer to the link below to see it:
  http://blog.quasarinc.com/ssrs/sql-server-reporting-services-2012-anonymous-access/
  If you have any questions, please feel free to ask.
  Regards,
  Charlie Liao
  TechNet Community Support