XP SP2 에서 SMS Admin console사용

.

저희 회사는 SMS사이트가 구성되어있는데요.. SMS는 문자전송시스템을 말하는 것이 아니라 “System Management Server”의 약자이죠.. Windows기반의 AD사이트가 되어있는 회사라면.. 이 SMS 서버를 이용해서 helpdesk업무를 효율적으로 볼수있구요 프로그램배포,하드웨어/소프트웨어 자산관리등을 효과적으로 할수있답니다… SMS2003를 관리하기위해 XP노트북에 SMS console을 설치할수있습니다. 하지만 XP SP2의 경우.. 아래와 같은 조치를 먼저 해야합니다.. 원문을 그대로 썼습니다… 어차피 이바닥은 영어로 문서관리하는게 편하다는….. 영문으로 된 link를 클릭하셔서.. 참조하세요..


[#M_ You cannot connect to the SMS database or expand nodes in the SMS Administrator console tree when you run SMS in Windows XP SP2 (841619)
more.. | You cannot connect to the SMS database or expand nodes in the SMS Administrator console tree when you run SMS in Windows XP SP2 (841619)
more.. | less.. less.. | Important This article contains information that shows you how to help to lower security settings or how to turn off security features on a computer. You can make these changes to work around a specific problem. Before you make these changes, we recommend that you evaluate the risks that are associated with implementing this workaround in your particular environment. If you choose to implement this workaround, take any appropriate additional steps to help to protect your system.

SUMMARY

After you apply Microsoft Windows XP Service Pack 2 (SP2) to a computer that is running the Systems Management Server (SMS) Administrator console, you may not be able to connect to the SMS database or to expand some nodes in the console tree. This issue occurs because of the new settings in the service pack. You can resolve this issue by modifying the Windows Firewall settings. You may also have to set anonymous remote access rights in DCOM or modify local security policy settings.

SYMPTOMS
When you run the Microsoft Systems Management Server (SMS) Administrator console on a computer that is running Microsoft Windows XP Service Pack 2 (SP2), you may not be able to connect to the SMS database. Additionally, you may not be able to expand some nodes in the console tree. When you try to troubleshoot this issue by using the Wbemtest.exe utility to connect to the RootSms namespace of the site server, you may receive the following error message:

Error Number: 0x8007000e
Facility: Win32
Description: Not enough storage is available to complete this operation.

CAUSE
In Windows XP SP2, this issue occurs because of the configuration of Windows Firewall. Windows Firewall has three settings:

On

On with no exceptions

Off

When the Don’t allow exceptions check box is selected, the SMS Administrator console cannot connect to any SMS site database. If Windows Firewall is turned on, and no exceptions are defined, the SMS Administrator console cannot display all the items in the console tree. This is the default setting.

RESOLUTION
To resolve this issue, follow these steps:

1. Click Start, click Control Panel, and then click Windows Firewall.

2. On the General tab, make sure that Windows Firewall is turned on, and that the Don’t allow exceptions setting is not selected.

3. On the Exceptions tab, click Add Program.

4. Click the Browse button, and then open the following file:

%WINDIR%System32WbemUnsecapp.exe

If you have to define the scope, click Change scope, and then click OK.

5. In the Programs and Services list, click to select the Unsecapp.exe check box.

6. Click the Add Port button.

7. Type 135 in the Port number box, make sure that TCP is selected, and then type a name for the exception in the Name box.

If you have to define the scope, click Change scope, and then click OK.

8. In the Programs and Services list, click to select the check box for the exception that you added in step 7.

9. Click OK.

Sometimes, adding these exceptions to Windows Firewall may not resolve the issue. You may also have to set anonymous remote access rights in DCOM or modify the local security policy settings for the client computer. Do not make these changes unless adding Unsecapp.exe and TCP port 135 to the exceptions list does not resolve the issue.

Warning This workaround may make your computer or your network more vulnerable to attack by malicious users or by malicious software such as viruses. Microsoft does not recommend this workaround but is providing this information so that you can choose to implement this workaround at your own discretion. Use this workaround at your own risk.
To set anonymous remote access rights in DCOM, follow these steps:

1. Click Start, click Run, and then type dcomcnfg.exe in the Open box.

2. Locate the Console root node, expand Component Services, expand Computers, and then click My Computer.

3. Right-click My Computer, and then click Properties.

4. In My Computer Properties, click the COM Security tab.

5. In Access Permissions, click Edit Limits.

6. Click ANONYMOUS LOGON.

7. In Permissions for ANONYMOUS LOGON, click to select the Allow setting for Remote Access.

8. Click OK two times.

You can modify the local security policy settings locally or by using Group Policy. For more information about how to use Group Policy, see the “References” section. To modify the policy settings locally, follow these steps.

Note Local policy settings may be overridden by domain policy settings.

1. Click Start, click Run, and then type Secpol.msc in the Open box.

2. Expand Local Policies, and then click Security Options.

3. Locate and then right-click Network Access: Let Everyone permissions apply to anonymous users.

4. Click Properties.

5. Click Enabled, and then click OK.

STATUS
This behavior is by design.

REFERENCES
For additional information, click the following article numbers to view the articles in the Microsoft Knowledge Base:

317872 Troubleshooting SMS Administrator console connectivity

278259 Everyone group does not include anonymous security identifier

To view a list of frequently asked questions about Microsoft Systems Management Server 2003 clients, visit the following Microsoft Web site:

http://www.microsoft.com/technet/prodtechnol/sms/sms2003/techfaq/tfaq03.mspx

To view a complete list of Group Policy settings, visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?linkid=23277

The information in this article applies to:
Microsoft Systems Management Server 2003

Microsoft Systems Management Server 2.0

the operating system: Microsoft Windows XP Service Pack 2 (SP2)

Last Reviewed:
8/18/2004 (1.1)

Keywords:
kbtshoot kbUpgrade kbProdComp kbsmsAdmin kbprb KB841619_M#]

답글 남기기

이메일은 공개되지 않습니다. 필수 입력창은 * 로 표시되어 있습니다.