We are going to see, how we can check and confirm the WMI permissions Required for SCCM / ConfigMgr console access. Also, some very useful links which would help you in console-related troubleshooting.
Log file to look into SMSADMINUI.log. Location -> \Program Files\Microsoft Configuration Manager\AdminConsole\AdminUILog
- Run wmimgmt.msc from the primary site server.
- Go to WMI control –> properties
- In Security tab, expand root, and click SMS
- Click security in the results pane to see the permission
- Click advanced, click SMS Admin, then view-edit
- If the SMS Admins group does not have Enable Account and Remote Enable permission, grant the permission
- Repeat this procedure for other groups used in addition to SMS Admins
More detailed Troubleshooting on console issues, please refer the following TechNet Article and More Troubleshooting Tips
Sccm primary site join to aaa.local and Added a security group to this sms admin local group, however the members (members comprise of aaa.local and bb. aaa.local) in that security group but members from bb.aaa.local are unable to access the console too. Any clue?
Are you sure the Firewall ports are open from all those networks? And is there any two way trust between AAA and BBB?
It use to be working well, however we have restore the wsus dbs and that caused the issue.
Yes aaa and bbb is a parent-child domain.
We have tried to access from the same laptop that aaa.local users were able to access. But not for user from bbb.aaa.local