Applications and Windows Updates are not downloaded on clients which are in a workgroup or not in the same domain like the SCCM primary site server. The Network Access Account is specified in the site settings and is used for downloading Packages during OSD. When the OSD task sequence starts an “install application” step it fails. In the ContentTransferManager.log I found, that the Download failed because of an access denied:
<![LOG[Starting CTM job {41390251-33FE-406E-A4D4-47D80F3F36B3}.]LOG]!><time="08:26:09.663-120" date="07-03-2012" component="ContentTransferManager" context="" type="1" thread="4916" file="ctmjob.cpp:2980"> <![LOG[Created CTM job {41390251-33FE-406E-A4D4-47D80F3F36B3} for user S-1-5-18]LOG]!><time="08:26:09.667-120" date="07-03-2012" component="ContentTransferManager" context="" type="1" thread="4916" file="ctmanager.cpp:487"> <![LOG[Created and Sent Location Request '{96CD2545-35FB-4DDD-A84A-E01C4FDB1BEE}' for package dd43f1d8-f8e9-4a2d-a3b4-4dd1c80a1610]LOG]!><time="08:26:09.721-120" date="07-03-2012" component="ContentTransferManager" context="" type="1" thread="2980" file="ccmpkglocation.cpp:83"> <![LOG[CTM job {41390251-33FE-406E-A4D4-47D80F3F36B3} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA]LOG]!><time="08:26:09.721-120" date="07-03-2012" component="ContentTransferManager" context="" type="1" thread="2980" file="ctmjob.cpp:1432"> <![LOG[Queued location request '{96CD2545-35FB-4DDD-A84A-E01C4FDB1BEE}' for CTM job '{41390251-33FE-406E-A4D4-47D80F3F36B3}'.]LOG]!><time="08:26:09.722-120" date="07-03-2012" component="ContentTransferManager" context="" type="1" thread="2980" file="ctmjob.cpp:151"> <![LOG[Persisted locations for CTM job {41390251-33FE-406E-A4D4-47D80F3F36B3}: (LOCAL) http://SPCH1784.zrh.local/SMS_DP_SMSPKG$/dd43f1d8-f8e9-4a2d-a3b4-4dd1c80a1610]LOG]!><time="08:26:09.805-120" date="07-03-2012" component="ContentTransferManager" context="" type="1" thread="4916" file="ctmjob.cpp:1894"> <![LOG[CTM job {41390251-33FE-406E-A4D4-47D80F3F36B3} (corresponding DTS job {BF198017-32A1-4071-97FA-3BCFDC302DFA}) started download from 'http://SPCH1784.zrh.local/SMS_DP_SMSPKG$/dd43f1d8-f8e9-4a2d-a3b4-4dd1c80a1610' for full content download.]LOG]!><time="08:26:09.810-120" date="07-03-2012" component="ContentTransferManager" context="" type="1" thread="4916" file="ctmjob.cpp:413"> <![LOG[CTM job {41390251-33FE-406E-A4D4-47D80F3F36B3} entered phase CCM_DOWNLOADSTATUS_DOWNLOADING_DATA]LOG]!><time="08:26:09.845-120" date="07-03-2012" component="ContentTransferManager" context="" type="1" thread="3040" file="ctmjob.cpp:1432"> <![LOG[CTM job {41390251-33FE-406E-A4D4-47D80F3F36B3} encountered error 0x80070005 during download ('Error processing manifest.')- The error maps to denied access.]LOG]!><time="08:26:10.034-120" date="07-03-2012" component="ContentTransferManager" context="" type="3" thread="2980" file="ctmjob.cpp:2489"> In the DataTransferService.log I found, that he is impersonating as Network Access Account: <![LOG[Job {7F6583EF-07F8-414B-9597-5B314CCC1620} impersonating Network Access Account.]LOG]!><time="08:20:26.752-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5108" file="netaccessaccount.cpp:429"> <![LOG[[CCMHTTP] ERROR: URL=http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/4f058605-3b88-4208-8d77-3847173a77b3, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="08:20:26.757-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5108" file="ccmhttperror.cpp:291"> <![LOG[Raising event: instance of CCM_CcmHttp_Status { ClientID = "GUID:D0220B78-F06A-4B36-A4C6-E0BE2306385E"; DateTime = "20120703062026.758000+000"; HostName = "SPCH1784.zrh.local"; HRESULT = "0x87d0027e"; ProcessID = 5548; StatusCode = 401; ThreadID = 5108; }; ]LOG]!><time="08:20:26.758-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5108" file="event.cpp:729"> <![LOG[UpdateURLWithTransportSettings(): OLD URL - http://SPCH1784.zrh.local/SMS_DP_SMSPKG$/e1abc7a6-0fb6-4306-b790-0cd97d4ce847]LOG]!><time="08:20:26.771-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="2288" file="ccmutillib.cpp:3083"> <![LOG[UpdateURLWithTransportSettings(): NEW URL - http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/e1abc7a6-0fb6-4306-b790-0cd97d4ce847]LOG]!><time="08:20:26.771-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="2288" file="ccmutillib.cpp:3095"> <![LOG[DTSJob {46515960-CFEC-4732-874B-AA1B3A84594E} created to download from 'http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/e1abc7a6-0fb6-4306-b790-0cd97d4ce847' to 'C:\Windows\ccmcache\26'.]LOG]!><time="08:20:26.774-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="2288" file="datatransferservice.cpp:186"> <![LOG[DTSJob {46515960-CFEC-4732-874B-AA1B3A84594E} in state 'DownloadingManifest'.]LOG]!><time="08:20:26.774-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5400" file="dtsjob.h:157"> <![LOG[[CCMHTTP] ERROR: URL=http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/3fe62967-58a6-43e5-94cc-0de1495d5c5b, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="08:20:26.795-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="3440" file="ccmhttperror.cpp:291"> <![LOG[Raising event: instance of CCM_CcmHttp_Status { ClientID = "GUID:D0220B78-F06A-4B36-A4C6-E0BE2306385E"; DateTime = "20120703062026.796000+000"; HostName = "SPCH1784.zrh.local"; HRESULT = "0x87d0027e"; ProcessID = 5548; StatusCode = 401; ThreadID = 3440; }; ]LOG]!><time="08:20:26.797-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="3440" file="event.cpp:729"> <![LOG[DTSJob {4343A1DC-E6AB-4D1E-90C9-51CDD799A876} in state 'Cancelled'.]LOG]!><time="08:20:26.797-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="1248" file="dtsjob.h:157"> <![LOG[DTSJob {4343A1DC-E6AB-4D1E-90C9-51CDD799A876} cancelled by client.]LOG]!><time="08:20:26.798-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="1248" file="dtsjob.cpp:2771"> <![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="08:20:26.864-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5812" file="ccmhttperror.cpp:395"> <![LOG[Error sending DAV request. HTTP code 401, status 'Unauthorized']LOG]!><time="08:20:26.864-120" date="07-03-2012" component="DataTransferService" context="" type="3" thread="5812" file="util.cpp:629"> <![LOG[GetDirectoryList_HTTP('http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/063e00dd-e1d4-4524-a5fa-a101b9c2112f') failed with code 0x80070005.]LOG]!><time="08:20:26.864-120" date="07-03-2012" component="DataTransferService" context="" type="3" thread="5812" file="util.cpp:688"> <![LOG[[CCMHTTP] ERROR: URL=http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/949e026e-6fea-472a-a1bc-19c5eeb48dbe, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="08:20:26.871-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="1760" file="ccmhttperror.cpp:291"> <![LOG[Job {D0BD367A-6DD6-4D93-907F-AD7D8452FA12} impersonating Network Access Account.]LOG]!><time="08:20:26.871-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5812" file="netaccessaccount.cpp:429"> <![LOG[Raising event: instance of CCM_CcmHttp_Status { ClientID = "GUID:D0220B78-F06A-4B36-A4C6-E0BE2306385E"; DateTime = "20120703062026.872000+000"; HostName = "SPCH1784.zrh.local"; HRESULT = "0x87d0027e"; ProcessID = 5548; StatusCode = 401; ThreadID = 1760; }; ]LOG]!><time="08:20:26.873-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="1760" file="event.cpp:729"> <![LOG[[CCMHTTP] ERROR: URL=http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/063e00dd-e1d4-4524-a5fa-a101b9c2112f, Port=80, Options=224, Code=0, Text=CCM_E_BAD_HTTP_STATUS_CODE]LOG]!><time="08:20:26.876-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5812" file="ccmhttperror.cpp:291"> <![LOG[Raising event: instance of CCM_CcmHttp_Status { ClientID = "GUID:D0220B78-F06A-4B36-A4C6-E0BE2306385E"; DateTime = "20120703062026.878000+000"; HostName = "SPCH1784.zrh.local"; HRESULT = "0x87d0027e"; ProcessID = 5548; StatusCode = 401; ThreadID = 5812; }; ]LOG]!><time="08:20:26.878-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5812" file="event.cpp:729"> <![LOG[UpdateURLWithTransportSettings(): OLD URL - http://SPCH1784.zrh.local/SMS_DP_SMSPKG$/a855c8db-248d-49e9-8cf2-e80561ad9462]LOG]!><time="08:20:26.890-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="1248" file="ccmutillib.cpp:3083"> <![LOG[UpdateURLWithTransportSettings(): NEW URL - http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/a855c8db-248d-49e9-8cf2-e80561ad9462]LOG]!><time="08:20:26.890-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="1248" file="ccmutillib.cpp:3095"> <![LOG[DTSJob {62A554F3-4290-48A0-B07E-383F8B66ECCC} created to download from 'http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/a855c8db-248d-49e9-8cf2-e80561ad9462' to 'C:\Windows\ccmcache\27'.]LOG]!><time="08:20:26.892-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="1248" file="datatransferservice.cpp:186"> <![LOG[DTSJob {62A554F3-4290-48A0-B07E-383F8B66ECCC} in state 'DownloadingManifest'.]LOG]!><time="08:20:26.892-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="5884" file="dtsjob.h:157"> <![LOG[Successfully sent location services HTTP failure message.]LOG]!><time="08:20:26.955-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="3960" file="ccmhttperror.cpp:395"> <![LOG[Error sending DAV request. HTTP code 401, status 'Unauthorized']LOG]!><time="08:20:26.955-120" date="07-03-2012" component="DataTransferService" context="" type="3" thread="3960" file="util.cpp:629"> <![LOG[GetDirectoryList_HTTP('http://SPCH1784.zrh.local:80/SMS_DP_SMSPKG$/3aeb56f9-4cd2-4f97-b8aa-6452f4524967') failed with code 0x80070005.]LOG]!><time="08:20:26.955-120" date="07-03-2012" component="DataTransferService" context="" type="3" thread="3960" file="util.cpp:688"> <![LOG[Job {68E8DDA5-CF34-437C-AD98-199165BFF89C} reverted impersonation.]LOG]!><time="08:20:26.955-120" date="07-03-2012" component="DataTransferService" context="" type="1" thread="3960" file="netaccessaccount.h:93">
In the IIS Log I see that the client connects without credentials.
Solution
Install KB2522623 on the clients before installing applications or updates.
Principal Security Consultant | MVP at baseVISION AG
I’m a consultant, trainer and architect for modern workplace and enterprise mobility projects with Microsoft Technologies in the past ten years. I love to push and design the modern workplace based on Microsoft 365 for my customers which is the only answer for the current security threats, agile world and the fast-changing business requirements of my customers. Important for me is to simplify and automate the operational processes, because there are the highest costs.
Latest posts by Thomas Kurth (see all)
- Microsoft Sentinel ASIM Parser demystified - March 31, 2024
- Enhancing Network Security Insights with IDS/IPS of Ubiquiti Dream Machine Pro and Microsoft Sentinel - March 10, 2024
- Ubiquiti Dream Machine Pro Logs to Microsoft Sentinel - February 6, 2024
0 Comments