The Systems Management Server 2003 Advanced Client no longer works after you deploy Windows XP Service Pack 2 (SP2) (919592)


The information in this article applies to:

  • Microsoft Systems Management Server 2003
Important This article contains information that shows you how to help lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you implement this workaround, take any appropriate additional steps to help protect your system.

SYMPTOMS

After you deploy Microsoft Windows XP Service Pack 2 (SP2) to client computers that are running the Microsoft Systems Management Server (SMS) 2003 Advanced Client, you experience the following symptoms:
  • The Advanced Client no longer functions correctly on the client computer. In this situation, the Advanced Client no longer retrieves SMS policies. If you try to start an action in the Advanced Client on the client computer, you receive the following error message:
    The action could not be initiated.
  • The following event is logged in the System log on the client computer:Event Type: Error
    Event Source: DCOM
    Event Category: None
    Event ID: 10016
    Date: date
    Time: time
    User: SID
    Computer: computername
    Description: The application-specific permission settings do not grant Local Launch permission for the COM Server application with CLSID {DC28D12E-B065-4EE4-9468-899D8C47B856} to the user domain\username SID (SID). This security permission can be modified using the Component Services administrative tool.
  • When you view the SMS log files, information that resembles the following information is displayed:

    In the %WINDIR%\System32\CCM\Logs\CcmExec.log file on the client computer

    Error calling CoResumeClassObjects.	CcmExec	<date> <time>	3304 (0x0CE8)
Phase 1 initialization failed (0x80004015).	CcmExec	<date> <time>	3304 
(0x0CE8)
Phase 1 initialization failed (0x80004015).	CcmExec	<date> <time>	3304 
(0x0CE8)

    In the %WINDIR%\System32\CCM\Logs\execmgr.log file on the client computer

    Command line = "\\<server>\<share>$\<folder>\update\update.exe" /q /f /forcerestart, 
Working Directory = \\<server>\<share>$\<folder>\execmgr	<date> <time>	3292 
(0x0CDC)
Created Process for the passed command line	execmgr	<date> <time>	3292 
(0x0CDC)
Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of SoftDistProgramStartedEvent
{
	AdvertisementId = "<ID>";
	ClientID = "GUID:<GUID>";
	CommandLine = "\"\\\\<servre>\\<share>$\\<folder>\\update\\update.exe\" /q /f 
/forcerestart";
	DateTime = "<date and time>.572000+000";
	MachineName = "<computername>";
	PackageName = "<packagename>";
	ProcessID = 228;
	ProgramName = "Automated upgrade from XP or XPSP1";
	SiteCode = "<siteCode>";
	ThreadID = 3292;
	UserContext = "NT AUTHORITY\\SYSTEM";
	WorkingDirectory = "\\\\<server>\\<share>$\\<folder>\\";
};
	execmgr	<date> <time>	3292 (0x0CDC)
Raised Program Started Event for Ad:<ID>, Package:<package>, Program: Automated 
upgrade from XP or XPSP1	execmgr	<date> <time>	3292 (0x0CDC)
The user has logged off.	execmgr	<date> <time>	2656 (0x0A60)
Program Automated upgrade from XP or XPSP1 is running when user loggs 
off	execmgr	<date> <time>	2656 (0x0A60)
Execution Manager timer has been fired.	execmgr	<date> <time>	1348 
(0x0544)
Policy is updated for Program: MS04-028 - JPEG Update for XP, Package: <package>, 
Advert: <ID>	execmgr	<date> <time>	1408 (0x0580)
Program exit code 3010	execmgr	<date> <time>	2904 (0x0B58)
Looking for MIF file to get program status	execmgr	<date> <time>	2904 
(0x0B58)
Script for  Package:<package>, Program: Automated upgrade from XP or XPSP1 succeeded 
with exit code 3010	execmgr	<date> <time>	2904 (0x0B58)
Raising event:
[SMS_CodePage(437), SMS_LocaleID(1033)]
instance of SoftDistProgramPrelimSuccessEvent
{
	AdvertisementId = "<ID>";
	ClientID = "GUID:<GUID>";
	DateTime = "<date> <time>.781000+000";
	ExitCode = "3010";
	MachineName = "<computername>";
	PackageName = "<package>";
	ProcessID = 228;
	ProgramName = "Automated upgrade from XP or XPSP1";
	SiteCode = "<siteCode>";
	ThreadID = 2904;
};
	execmgr	<date> <time>	2904 (0x0B58)
Raised Program Prelim Success Event for Ad:<ID>, Package:<package>, Program: 
Automated upgrade from XP or XPSP1	execmgr	<date> <time>	2904 (0x0B58)
Execution is complete for program Automated upgrade from XP or XPSP1. The exit code 
is 3010, the execution status is SuccessRebootRequired	execmgr	<date> <time>	2904 (0x0B58)
Rebooting the computer - InitiateSystemShutdownEx failed 1115	execmgr	<date> <time>	2904 (0x0B58)

    In the drive:\SMS_CCM\Logs\SMSCliUi.log: file on the SMS server

    Current Assigned Site: <siteCode>	smscliui	<date> <time>	3320 (0x0CF8)
Unable to get CacheInfo. Error: 0X80070005	smscliui	<date> <time>	3320 
(0x0CF8)
SMS Site code has not been changed.	smscliui	<date> <time>	3320 (0x0CF8)
Current Assigned Site: <siteCode>	smscliui	<date> <time>	3660 (0x0E4C)
Unable to get CacheInfo. Error: 0X80070005	smscliui	<date> <time>	3660 
(0x0E4C)
Failed to instantiate CLSID_CCMClientAction class, error: 
0x80070005	smscliui	<date> <time>	3660 (0x0E4C)

CAUSE

This problem occurs if a Group Policy object is configured to set the SMS Agent Host service (CcmExec.exe) startup mode to Automatic.

Note By default, the SMS Agent Host service is not configured by using Group Policy.

RESOLUTION

To resolve this issue, use one of the following methods:

Method 1: Do not define the SMS Agent Host service in Group Policy

Modify the Group Policy object to no longer define the startup mode for the SMS Agent Host service. To do this, follow these steps:
  1. Log on to a domain controller, and then start the Active Directory Users and Computers tool. To do this, click Start, click Run, type dsa.msc in the Open box, and then click OK.
  2. Right-click the container in which the Group Policy object was created, and then click Properties. For example, right-click the domain container or right-click an organizational unit, and then click Properties.
  3. Click the Group Policy tab, click the Group Policy object in which the SMS Agent Host service is defined, and then click Edit.
  4. In the Group Policy Object Editor tool, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click System Services.
  5. In the right pane, double-click SMS Agent Host, click to clear the Define this policy setting check box, and then click OK.
  6. Exit the Group Policy Object Editor tool, and then click OK.
  7. Restart the Windows XP SP2-based client computers.

Method 2: Assign the NETWORK SERVICE account Full Control permissions to the SMS Agent Host object

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. We do not recommend this workaround but are providing this information so that you can implement this workaround at your own discretion. Use this workaround at your own risk.

You can keep the SMS Agent Host service automatic startup Group Policy if you assign the NETWORK SERVICE account Full Control permissions to the SMS Agent Host object in Group Policy. To do this, follow these steps:
  1. Log on to a domain controller, and then start the Active Directory Users and Computers tool. To do this, click Start, click Run, type dsa.msc in the Open box, and then click OK.
  2. Right-click the container in which the Group Policy object was created, and then click Properties. For example, right-click the domain container or right-click an organizational unit, and then click Properties.
  3. Click the Group Policy tab, click the Group Policy object in which the SMS Agent Host service is defined, and then click Edit.
  4. In the Group Policy Object Editor tool, expand Computer Configuration, expand Windows Settings, expand Security Settings, and then click System Services.
  5. In the right pane, double-click SMS Agent Host, and then click Edit Security.
  6. In the Security for SMS Agent Host dialog box, click Add.
  7. Type network service in the Enter the object names to select box, click Check Names, and then click OK.
  8. In the Permissions for NETWORK SERVICE box, click to select the Full Control check box in the Allow column, and then click OK.
  9. In the SMS Agent Host Properties dialog box, click OK.
  10. Exit the Group Policy Object Editor tool, and then click OK.
Modification Type:MajorLast Reviewed:7/5/2006
Keywords:kbprb kbtshoot KB919592 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.