Wednesday, May 16, 2012

Network Access Account in ConfigMgr 2012

Last week I installed ConfigMgr 2012 at a customer location and did some default configuration in it also. I've configured Software Updates, Exchange Connector and Endpoint Protection. Today I started with Operating Systems and imported Windows 7 source files to Build and Capture a reference image. This on a Hyper-V host to build a driver free reference image.

When starting the Build and Capture task sequence, errors where displayed almost immediately after starting it. These are the error messages seen:

- GetMPLocation failed (0x80004005)
- Failed to Run Task Sequence (0x80070057)
- Failed to query http://xxxxx for MP location

On most forums I read that I need to configure the Network Access Account right and create Boundary Groups to get the job done. But I configured everything right, why still the error messages where displayed?

So I checked the Network Access Account again. Just go to the Software Distribution Component properties for that. By default the following is selected: "Use the computer account of the Configuration Manager client". That way it didn't start the task sequence at all. I changed it to "Specify the account that accesses network locations" and selected my Network Access Account.

Beneath Security - Accounts is possible to edit the account credentials again. Strange enough when verifying the account it was running fine. Test connection to different shares where all okay. Because I didn't trust it, I changed it to a totally different password and still the account verification was fine. How is that possible?

Long story short, I typed in the password again and started the Build and Capture task sequence another time. All was running fine now! It was my password which wasn't correct, but there's no way to see that? ConfigMgr let you know all is running okay, and "Test connection" will let you see that "The connection was successfully verfied". Even with a bad password! (a bug maybe?)

I think there's something really strange with the Network Access Account password verfication. Maybe it's functionality is not good in the RTM version? Because in Beta2/RC the same thing cannot be done. Then the following error message will be displayed: "The specified network password is not correct"

Hopefully this will be fixed by Microsoft at a later time.

4 comments:

  1. Is this preventing you from capturing an OS? I've not gotten that error message, and I've capture two OSs.

    ReplyDelete
  2. No, it's not preventing you from capturing an OS. But when the NAA password is wrong it isn't working. Badly enough the control mechanism for both NAA password and Network share is not working as expected.

    ReplyDelete
  3. Thanks, I had the exact same problem - boundaries and NAA was configured, but somehow the NAA couldn't authenticate with AD. Changed the PW in AD and SCCM and things were up and running again.

    ReplyDelete
  4. Hi, I have the same issue NAA and boundaries are configured but OSD task sequence is very slow and SMSTS.log I found Failed to access the share http://servername/SMS_DP_SMSPKG$/ABC0000C with network access account

    ReplyDelete