Tech Community Live: Microsoft Intune
Oct 01 2024, 07:30 AM - 11:30 AM (PDT)
Microsoft Tech Community

DMZ MP not upgrading

Copper Contributor

I recently upgraded to CM version 2303.  I have a management point in an untrusted DMZ.  The installation status shows the upgrade completed successfully.  But the management point in the DMZ will not upgrade.  I have the site system role for that server configured to use a service account as the site system installation account, that is configured as an admin on that server.  If I look in the sitecomp.log I see the following errors:

 

NetUseAdd failed : 1326 : dwParamError = 0 for user domain.dmz/user connecting to server DMZSCCM.DOMAIN.DMZ

CmSspiLogonUser failed for ["Display=\\DMZSCCM.PUSD.DMZ\"]MSWNET:["SMS_SITE=PWY"]\\DMZSCCM.DOMAIN.DMZ\. SMS_SITE_COMPONENT_MANAGER 10/17/2023 9:14:39 AM 57136 (0xDF30)

Failed to make a network connection to \\DMZSCCM.DOMAIN.DMZ\ADMIN$ (0x52e). SMS_SITE_COMPONENT_MANAGER 10/17/2023 9:14:39 AM 57136 (0xDF30).

 

If I manually UNC to that same share in Windows Explorer from the site server to the server in the DMZ with that same account I can connect.  Also, from the CM console I can go to Security => Accounts, select the service account properties and can successfully verify access to the same share.  So, I don't know why that error is being thrown.  The account obviously has rights and can connect from the site server. Any help is appreciated.  Thanks.

 

 

4 Replies

Hi @edbachta did you have any luck with this? 

 

Having the same issue here when trying to make a cross domain connection.  Like you I can connect manually to admin$ from the Site Server to the client and the verification test from the console works successfully.  I also did a port test via PS for 135, 445 and the high RPC range and all is open.  Still getting the 1326 error in ccm.log.

In our case it was some GPO hardening settings that were applied to the server. However, I'm not sure specifically which setting.
Hi, What GPO hardering settings? I think it's something with GPO with My MP too.
The same error. After upgrade. And it was GPO on MP or on main sccm server?

I ended up getting rid of the server hosting the MP in our DMZ and using enrollment tokens with our Cloud Management Gateway to managed our DMZ servers