SMS: Systems Management Server Services May Reinstall Repeatedly (263398)

SYMPTOMS

When you run various Microsoft Systems Management Server services in both Microsoft Windows NT 4.0 and Microsoft Windows 2000, you may find that the services are unable to establish communication with a site system and the site system is flagged to be reinstalled.

CAUSE

This behavior can occur if the following conditions are true:

A server is unavailable during the Systems Management Server services normal polling cycle, because of scheduled downtime or transient network failure.
The security policy is modified to prevent domain administrators from making policy changes.
The security policy is configured to deny "logon as a service" rights to all domain accounts. When Systems Management Server services are configured to use one of these accounts and the Systems Management Server Administrator configures either logon discovery/installation or configures a domain controller as a client access point (CAP), the logon server manager or site component manager configures itself on the new site system. The security policy prevents "logon as a service" rights and a new account is created to support the new service. The new account works until the security policy is applied to the system at the next logon or refresh interval. The new account does not have "logon as a service" rights and the service cannot start again. When the failed service is detected, the site system is marked for reinstallation. This cycle continues until the security policy is corrected.

WORKAROUND

To work around this issue, try one of the following:

Grant the Systems Management Server Service account the rights to add this policy to accounts.
Change the default policy to allow any account to log on as a service on domain controllers.
Do not use Logon Discovery. Use logon installation or Network Discovery - Remote Client Installation to install clients.
Do not use domain controllers as CAPs.