Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.
On This Page
SYMPTOMS
After you deploy Microsoft Windows XP Service Pack 2 (SP2) to client computers that are running the Microsoft Systems Management Server (SMS) 2003 Advanced Client, you experience the following symptoms:
•
The Advanced Client no longer functions correctly on the client computer. In this situation, the Advanced Client no longer retrieves SMS policies. If you try to start an action in the Advanced Client on the client computer, you receive the following error message:
The action could not be initiated.
•
The following event is logged in the System log on the client computer:
Event Type: Error
Event Source: DCOM
Event Category: None
Event ID: 10016
Date: date Time: time User: SID Computer: computername Description:
The application-specific permission settings do not grant Local Launch permission
for the COM Server application with CLSID
{DC28D12E-B065-4EE4-9468-899D8C47B856}
to the user domain\username SID
(SID). This security permission can be
modified using the Component Services administrative tool.
•
When you view the SMS log files, information that resembles the following information is displayed:
In the %WINDIR%\System32\CCM\Logs\CcmExec.log file on the client computer
In the %WINDIR%\System32\CCM\Logs\execmgr.log file on the client computer
Command line = "\\<server>\<share>$\<folder>\update\update.exe" /q /f /forcerestart,
Working Directory = \\<server>\<share>$\<folder>\execmgr <date> <time> 3292
(0x0CDC)
Created Process for the passed command line execmgr <date> <time> 3292
(0x0CDC)
Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of SoftDistProgramStartedEvent
{
AdvertisementId = "<ID>";
ClientID = "GUID:<GUID>";
CommandLine = "\"\\\\<servre>\\<share>$\\<folder>\\update\\update.exe\" /q /f
/forcerestart";
DateTime = "<date and time>.572000+000";
MachineName = "<computername>";
PackageName = "<packagename>";
ProcessID = 228;
ProgramName = "Automated upgrade from XP or XPSP1";
SiteCode = "<siteCode>";
ThreadID = 3292;
UserContext = "NT AUTHORITY\\SYSTEM";
WorkingDirectory = "\\\\<server>\\<share>$\\<folder>\\";
};
execmgr <date> <time> 3292 (0x0CDC)
Raised Program Started Event for Ad:<ID>, Package:<package>, Program: Automated
upgrade from XP or XPSP1 execmgr <date> <time> 3292 (0x0CDC)
The user has logged off. execmgr <date> <time> 2656 (0x0A60)
Program Automated upgrade from XP or XPSP1 is running when user loggs
off execmgr <date> <time> 2656 (0x0A60)
Execution Manager timer has been fired. execmgr <date> <time> 1348
(0x0544)
Policy is updated for Program: MS04-028 - JPEG Update for XP, Package: <package>,
Advert: <ID> execmgr <date> <time> 1408 (0x0580)
Program exit code 3010 execmgr <date> <time> 2904 (0x0B58)
Looking for MIF file to get program status execmgr <date> <time> 2904
(0x0B58)
Script for Package:<package>, Program: Automated upgrade from XP or XPSP1 succeeded
with exit code 3010 execmgr <date> <time> 2904 (0x0B58)
Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of SoftDistProgramPrelimSuccessEvent
{
AdvertisementId = "<ID>";
ClientID = "GUID:<GUID>";
DateTime = "<date> <time>.781000+000";
ExitCode = "3010";
MachineName = "<computername>";
PackageName = "<package>";
ProcessID = 228;
ProgramName = "Automated upgrade from XP or XPSP1";
SiteCode = "<siteCode>";
ThreadID = 2904;
};
execmgr <date> <time> 2904 (0x0B58)
Raised Program Prelim Success Event for Ad:<ID>, Package:<package>, Program:
Automated upgrade from XP or XPSP1 execmgr <date> <time> 2904 (0x0B58)
Execution is complete for program Automated upgrade from XP or XPSP1. The exit code
is 3010, the execution status is SuccessRebootRequired execmgr <date> <time> 2904 (0x0B58)
Rebooting the computer - InitiateSystemShutdownEx failed 1115 execmgr <date> <time> 2904 (0x0B58)
In the drive:\SMS_CCM\Logs\SMSCliUi.log: file on the SMS server
Current Assigned Site: <siteCode> smscliui <date> <time> 3320 (0x0CF8)
Unable to get CacheInfo. Error: 0X80070005 smscliui <date> <time> 3320
(0x0CF8)
SMS Site code has not been changed. smscliui <date> <time> 3320 (0x0CF8)
Current Assigned Site: <siteCode> smscliui <date> <time> 3660 (0x0E4C)
Unable to get CacheInfo. Error: 0X80070005 smscliui <date> <time> 3660
(0x0E4C)
Failed to instantiate CLSID_CCMClientAction class, error:
0x80070005 smscliui <date> <time> 3660 (0x0E4C)
Method 1: Do not define the SMS Agent Host service in Group Policy
Modify the Group Policy object to no longer define the startup mode for the SMS Agent Host service. To do this, follow these steps:
1.
Log on to a domain controller, and then start the Active Directory Users and Computers tool. To do this, click Start, click Run, type dsa.msc in the Open box, and then click OK.
2.
Right-click the container in which the Group Policy object was created, and then click Properties. For example, right-click the domain container or right-click an organizational unit, and then click Properties.
3.
Click the Group Policy tab, click the Group Policy object in which the SMS Agent Host service is defined, and then click Edit.
4.
In the Group Policy Object Editor tool, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click System Services.
5.
In the right pane, double-click SMS Agent Host, click to clear the Define this policy setting check box, and then click OK.
6.
Exit the Group Policy Object Editor tool, and then click OK.
7.
Restart the Windows XP SP2-based client computers.
Method 2: Assign the NETWORK SERVICE account Full Control permissions to the SMS Agent Host object
Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.
You can keep the SMS Agent Host service automatic startup Group Policy if you assign the NETWORK SERVICE account Full Control permissions to the SMS Agent Host object in Group Policy. To do this, follow these steps:
1.
Log on to a domain controller, and then start the Active Directory Users and Computers tool. To do this, click Start, click Run, type dsa.msc in the Open box, and then click OK.
2.
Right-click the container in which the Group Policy object was created, and then click Properties. For example, right-click the domain container or right-click an organizational unit, and then click Properties.
3.
Click the Group Policy tab, click the Group Policy object in which the SMS Agent Host service is defined, and then click Edit.
4.
In the Group Policy Object Editor tool, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click System Services.
5.
In the right pane, double-click SMS Agent Host, and then click Edit Security.
6.
In the Security for SMS Agent Host dialog box, click Add.
7.
Type network service in the Enter the object names to select box, click Check Names, and then click OK.
8.
In the Permissions for NETWORK SERVICE box, click to select the Full Control check box in the Allow column, and then click OK.
9.
In the SMS Agent Host Properties dialog box, click OK.
10.
Exit the Group Policy Object Editor tool, and then click OK.
Need More Help? Contact a Support professional by Email, Online or Phone.
Customer Service For non-technical assistance with product purchases, subscriptions, online services, events, training courses, corporate sales, piracy issues, and more.
Newsgroups Pose a question to other users. Discussion groups and Forums about specific Microsoft products, technologies, and services.
Help and Support
Back to the top
