KB 841619 – when you can’t connect to SMS from an mmc console on a desktop
Here’s one that pisses me off royally, and another one that Microsoft seem unable to prove exists. At least there’s an answer though… Basically the scenario is: you give delegated access to SMS for a helpdesk user so they can provide remote assistance and diagnostics to users. You install the SMS console on their machine and when you connect and try to view the collections the egg-timer pops up, and you wait, and you wait, and then you get no collections! Zip, Nadda. Not a sausage. Eh!?
Well it seems to be caused by one things – XP Service Pack 2. The answer? Relax your security. Well done Microsoft…
Here’s the short of what to do to get around the problem:
1. Make sure the delegated user’s firewall is either off (if your in an Enterprise it probably will be off anyway) or make sure that tcp port 135 is open for your network, and %windir%system32wbemunsecapp.exe is added to the allowed applications list.
2. Run up dcomcnfg.exe, browse to “My Computer” in the console, choose properties of My Computer and choose the COM Security pane, and in the Access Permissions box click “Edit Limits…” and allow ANONYMOUS LOGON the Remote Access permission.
3. Now restart.
That should fix the issue. If it doesn’t then the user probably doesn’t have the right permissions in SMS, or the settings haven’t taken properly on the machine.
If you’re sure those settings taken then check that the user is a member of any groups that are in the “Distributed COM Users” local group on your SMS server/s.