SMS: APM Does Not Install Software on BDCs Using a Software Installation Account

ID: Q242011

The information in this article applies to:
  • Microsoft Systems Management Server versions 2.0, 2.0 SP1

SYMPTOMS

Smsapm32 may not run an advertisement on backup domain controllers (BDCs) when a program is configured to use the client software installation account. Advertised Programs Manager (APM) is trying to add the Microsoft Windows NT client software installation account to the local Administrators group.

You receive an error message similar to the following example in the Smsapm32.log file on the BDC:

ACCOUNT MGR : Granting Local admin rights to user 'domain1\SMSCliSftAcct'
ACCOUNT MGR : ERROR: NetLocalGroupAddMembers error for user domain1\SMSCliSftAcct. (2226)
ACCOUNT MGR : Failed to add admin rights to user domain1\SMSCliSftAcct
NOTE: he client software installation account e.g. SMSCliSftAcct is a user defined account, configurable in the Systems Management Server Admin console.


CAUSE

This behavior occurs because the account modification operation is incorrectly being performed against the BDC instead of the primary domain controller (PDC).


RESOLUTION

A supported fix that corrects this problem is now available from Microsoft, but it has not been fully regression tested and should be applied only to systems experiencing this specific problem.

To resolve this problem, contact Microsoft Product Support Services to obtain the fix. For a complete list of Microsoft Product Support Services phone numbers and information on support costs, please go to the following address on the World Wide Web:

http://www.microsoft.com/support/supportnet/overview/overview.asp
The English-language version of this update should have the following file attributes or later: 

   Date      Time     Version      Size    File name      Platform
   ---------------------------------------------------------------
   12/6/99   9:51am   2.0.1250.9  147,744  Nconnect.exe   I386
   12/6/99   9:52am   2.0.1250.9  254,224  Nconnect.exe   Alpha


WORKAROUND

To work around this issue, manually add the Windows NT client software installation account to the local Administrators group in the domain.


STATUS

Microsoft has confirmed this to be a problem in Systems Management Server version 2.0.


MORE INFORMATION

Prior to running a program, you can use Nconnect.exe to specify universal naming convention (UNC) paths to network servers that each client connects to using one of the Systems Management Server client network connection accounts. Nconnect.exe lets APM run programs under the smsclitokn& account and gain access to specific network resources.

The Windows NT client software installation account also provides this ability, but has the limitation regarding BDCs described in the Symptoms section of this article.

Disadvantages of the Nconnect.exe Approach

  • You must specify the paths in the static Nconnect.ini file. The network path cannot be determined by the target program at run time.


  • You must modify the package contents to contain Nconnect.exe and Nconnect.ini.


  • You must grant access to the target shares to each client network connection account used in your enterprise.


  • You must use separate programs for Windows NT clients and Microsoft Windows 95/98 clients, because Nconnect.exe is only supported on Windows NT clients.


Advantages of the Nconnect.exe Approach

  • Works on BDCs.


  • Does not require you to configure a Windows NT client software installation account because this method uses the Systems Management Server client network connection accounts.


You must place Nconnect.exe in the same location as the program you want to run, along with a configuration file that lists the UNC paths to which the program needs to connect. You need to change the program command line to insert the tool at the beginning of the command line. For example, if the following example is the current program command line:
myapp.exe /option1
the new command line looks like the following example:
nconnect.exe myapp.exe /option1
The tool makes a connection to each path listed in the configuration file, starts the program, waits for the program to stop, and then releases the connections and passes the program's exit code back to Systems Management Server. If the tool cannot create one or more of the connections, the program is not started and a status Management Information Format (MIF) causes Systems Management Server to report a status message containing the unsuccessful path and a description of the problem.

Example of an Nconnect.ini file: 

[Status MIF]
Manufacturer=Microsoft
Product=Testpkg4 - nconnect
Version=1.0
Locale=English
[Paths]
Path1=\\Server2\nconnect\logs
Path2=\\someserver\someshare

Additional query words: prodsms 2226 fail fails spawn spawned

Keywords : kberrmsg kbSMS120 kbSMS120bug
Version : winnt:2.0,2.0 SP1
Platform : winnt
Issue type : kbbug


Last Reviewed: December 30, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.