Advertisement

SCCM 2012 Untrusted Forest Remote DP InstallationError 0x800706BA

This happens only in complex environments 🙂 . I’ve loads of remote DPs  in untrusted forests. One of the remote DP installation was not going very well. DP was not getting installed at all. Checked and confirmed all the requirements like a) Require the Site server to Initiate Connection to this Site System  b) Use another account for installing this site system (this account must have local admin rights on remote DP).

UntrustedDP

Following are the errors in distmgr.log :-

Upgrading DP with ID 33554439. Thread 0x2490. Used 1 threads out of 5.

CWmi::Connect() failed to connect to \\[“Display=\\RemoteDP.com\”]MSWNET:[“SMS_SITE=RSP”]\\RemoteDP.com\\root\CIMv2. Error = 0x800706BA

DPConnection::ConnectWMI() – Failed to connect to  RemoteDP.com.

Failed to install DP files on the remote DP. Error code = 1722

The error 0x800706BA translates to “The RPC Server is unavailable”. I tried remote WMI tests using wmimgmt.msc and wbemtest with no luck.  Telnet was not working for remote DP ip for the port 135 from the primary server. The port 135 is used for RPC services. The cause to this problem was very simple. The RPC port 135 was not opened between primary server and remote DP in untrusted forest.  We opened the port 135 and remote DP got installed successfully.

About Author 

Anoop is Microsoft MVP and Veeam Vanguard ! He is a Solution Architect on enterprise client management with more than 13 years of experience (calculation done on the year 2014) in IT. He is Blogger, Speaker and Local User Group Community leader. His main focus is on Device Management technologies like SCCM 2012,Current Branch, Intune. He writes about the technologies like SCCM, SCOM, Windows 10, Azure AD, Microsoft Intune, RMS, Hyper-V etc...

    Find more about me on:
  • googleplus
  • twitter
  • facebook
  • linkedin
  • youtube
Posted in: CM2012, Configmgr2012, SCCM 2012, SCCM 2012 SP1

7 Comments

  1. Manu Krishnan says:

    Anoop, if you have seen this,
    http://social.technet.microsoft.com/Forums/systemcenter/en-US/0322417f-cc8c-474a-89ed-ca040f56ab9e/error-while-configuring-remote-dp-on-sccm2012-on-different-forest the issue is similar, i get it in where there is trust established, and the ports are opened. I am able to telnet to and from remote DP and Primary server on port 135.
    Just the issue is that the Remote DP is acting as a DC :(.

    Have you seen such a problem?

    • Anoop's says:

      I’ve replied to your post in technet forum.
      I know, you must have seen this post about Untrsuted Forest Remote DP Error 0x800706BA. As I mentioned in the post whether you tried to access wmimgrmt.msc and wbemtest.msc with domain admin user? Also worth enabling WMI logs (on DC) to check whether any error while attempting to connect to wmi from primary server. If you’ve Win2k8 and above see how to enable wmi tracing

      It seems to me like a FW issue. The error mentioned above is remote procedure call (RPC) server unavailable that can happen if the dynamic ports are NOT open other than 135.

      It worth checking following ports as well. To get more details you may need to perform network trace so that you will come to which port is blocking it,

      – tcp 135,
      – tcp/udp – 389
      – tcp 3268
      – tcp/udp – 88
      – tcp/udp – 53
      – tcp 3268
      – tcp 445
      – dynamic rpc ports for NTDS. Netlogon

    • Anoop's says:

      I’ve replied to your post in technet forum.
      I know, you must have seen this post about Untrsuted Forest Remote DP Error 0x800706BA. As I mentioned in the post whether you tried to access wmimgrmt.msc and wbemtest.msc with domain admin user? Also worth enabling WMI logs (on DC) to check whether any error while attempting to connect to wmi from primary server. If you’ve Win2k8 and above see how to enable wmi tracing

      It seems to me like a FW issue. The error mentioned above is remote procedure call (RPC) server unavailable that can happen if the dynamic ports are NOT open other than 135.

  2. Manu Krishnan says:

    issue solved. It was indeed a firewall issue. Had a detailed check with the FW team. Ephemeral ports are created dynamically and assigned to each client which opens a session. In case of Windows Server 2003 both TCP and UDP ephemeral ports are within the range 1025-5000. We had to set an exception of port # between 1025 and 5000. This fixed the issue

  3. Sam says:

    My Problem was that our DP was running on a HyperV server on a physical server. The physical servers firewall was stopped causing an issue. Started the firewall, restarted the VM and voila.

  4. Jay smiley says:

    Hi Anoop, we have a same situation here but the ports 80, 445 and 135 are opened in both sides. Please help me.

Leave a Comment and Contact Anoop