DOCUMENT:Q263398 20-OCT-2000 [sms] TITLE :ITG: Site Component Manager Reinstalls Repeatedly PRODUCT :Microsoft Systems Management Server PROD/VER:winnt:2.0,2.0 SP1,2.0 SP2 OPER/SYS: KEYWORDS:kbsms200 kbsms200preSP3 ====================================================================== ------------------------------------------------------------------------------- The information in this article applies to: - Microsoft Systems Management Server versions 2.0, 2.0 SP1, 2.0 SP2 ------------------------------------------------------------------------------- SYMPTOMS ======== When you run various Microsoft Systems Management Server services in both Microsoft Windows NT 4.0 and Microsoft Windows 2000, you may find that the services are unable to establish communication with a site system and the site system is flagged to be reinstalled. CAUSE ===== This behavior can occur if the following conditions are true: - A server is unavailable during the Systems Management Server services normal polling cycle, because of scheduled downtime or transient network failure. - The security policy is modified to prevent domain administrators from making policy changes. - The security policy is configured to deny "logon as a service" rights to all domain accounts. When Systems Management Server services are configured to use one of these accounts and the Systems Management Server Administrator configures either logon discovery/installation or configures a domain controller as a client access point (CAP), the logon server manager or site component manager configures itself on the new site system. The security policy prevents "logon as a service" rights and a new account is created to support the new service. The new account works until the security policy is applied to the system at the next logon or refresh interval. The new account does not have "logon as a service" rights and the service cannot start again. When the failed service is detected, the site system is marked for reinstallation. This cycle continues until the security policy is corrected. WORKAROUND ========== To work around this issue, try one of the following: - Grant the Systems Management Server Service account the rights to add this policy to accounts. - Change the default policy to allow any account to log on as a service on domain controllers. - Do not use Logon Discovery. Use logon installation or Network Discovery - Remote Client Installation to install clients. - Do not use domain controllers as CAPs. Additional query words: prodsms ====================================================================== Keywords : kbsms200 kbsms200preSP3 Technology : kbSMSSearch kbSMS200 kbSMS200SP1 kbSMS200SP2 Version : winnt:2.0,2.0 SP1,2.0 SP2 Issue type : kbprb Solution Type : kbnofix ============================================================================= THE INFORMATION PROVIDED IN THE MICROSOFT KNOWLEDGE BASE IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND. MICROSOFT DISCLAIMS ALL WARRANTIES, EITHER EXPRESS OR IMPLIED, INCLUDING THE WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. IN NO EVENT SHALL MICROSOFT CORPORATION OR ITS SUPPLIERS BE LIABLE FOR ANY DAMAGES WHATSOEVER INCLUDING DIRECT, INDIRECT, INCIDENTAL, CONSEQUENTIAL, LOSS OF BUSINESS PROFITS OR SPECIAL DAMAGES, EVEN IF MICROSOFT CORPORATION OR ITS SUPPLIERS HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. SOME STATES DO NOT ALLOW THE EXCLUSION OR LIMITATION OF LIABILITY FOR CONSEQUENTIAL OR INCIDENTAL DAMAGES SO THE FOREGOING LIMITATION MAY NOT APPLY. Copyright Microsoft Corporation 2000.