Oct 17 2023 10:38 AM - edited Oct 17 2023 10:41 AM
I recently upgraded to CM version 2303. I have a management point in an untrusted DMZ. The installation status shows the upgrade completed successfully. But the management point in the DMZ will not upgrade. I have the site system role for that server configured to use a service account as the site system installation account, that is configured as an admin on that server. If I look in the sitecomp.log I see the following errors:
NetUseAdd failed : 1326 : dwParamError = 0 for user domain.dmz/user connecting to server DMZSCCM.DOMAIN.DMZ
CmSspiLogonUser failed for ["Display=\\DMZSCCM.PUSD.DMZ\"]MSWNET:["SMS_SITE=PWY"]\\DMZSCCM.DOMAIN.DMZ\. SMS_SITE_COMPONENT_MANAGER 10/17/2023 9:14:39 AM 57136 (0xDF30)
Failed to make a network connection to \\DMZSCCM.DOMAIN.DMZ\ADMIN$ (0x52e). SMS_SITE_COMPONENT_MANAGER 10/17/2023 9:14:39 AM 57136 (0xDF30).
If I manually UNC to that same share in Windows Explorer from the site server to the server in the DMZ with that same account I can connect. Also, from the CM console I can go to Security => Accounts, select the service account properties and can successfully verify access to the same share. So, I don't know why that error is being thrown. The account obviously has rights and can connect from the site server. Any help is appreciated. Thanks.
Jan 12 2024 05:01 AM
Hi @edbachta did you have any luck with this?
Having the same issue here when trying to make a cross domain connection. Like you I can connect manually to admin$ from the Site Server to the client and the verification test from the console works successfully. I also did a port test via PS for 135, 445 and the high RPC range and all is open. Still getting the 1326 error in ccm.log.
Jan 12 2024 02:46 PM
Aug 26 2024 05:34 AM
Aug 26 2024 02:31 PM
I ended up getting rid of the server hosting the MP in our DMZ and using enrollment tokens with our Cloud Management Gateway to managed our DMZ servers