Please Read: Significant Update Planned, Migrating Forum Software This Month

See more
See less

SBS 2011 Console Security Status?

  • Filter
  • Time
  • Show
Clear All
new posts

  • SBS 2011 Console Security Status?

    Morning all,

    Completed a SBS2003 - SBS2011 migration last week and have noticed that 2 client PCs will not report they're status

    It also says OS not available & Hardware not available.

    I've checked the firewall, also disabled it, the AV, also disabled it, ran gpupdate /force. Everything else is working fine and its really annoying that these 2 PC's get a warning. Any idea what I should look at next?



    PS I've also extensively checked DNS & DHCP but everything is listed properly there...
    Last edited by QuattroDave; 19th February 2013, 12:45. Reason: Extra Info

  • #2
    Re: SBS 2011 Console Security Status?

    Ok, so after 2 days of trying to solve this issue we finally did it. I can't take all the credit, a colleague and I eventually got to the bottom of it.

    This is what we did:-

    1. On the Win XP client PC, Control Panel > Network Connections > Local Area Connection [Right Click] Properties. 'Client for MS networks' & 'File and Printer sharing for MS networks' MUST be installed and ticked!!!

    2. DCOM. On the XP client Start > Run > Dcomcnfg.exe
    Component Services > Computers > My Computer [Right Click] Properties.
    COM Security > (Access Permissions) Edit Limits
    Anonymous Logon - Local = Allow
    Everyone - Local = Allow & Remote = Allow

    Click OK

    COM Security > (Launch and Activation Permissions) Edit Limits
    Administrators (local machine\Administrators) - All 4 = Allow
    Everyone - Local Launch & Local Activation = Allow
    Offer Remote Assistance Helpers - All 4 = Allow

    Click OK
    ** I Suspect it was this step that actually solved our issue **
    Default Properties Tab
    Enable Distributed COM on this computer - Ticked
    Enable COM Internet Services on this computer - UnTicked
    Default Authentication Level - Connect
    Default Impersonation Level - Identify

    Click OK

    3. WMI. On the XP Client Start > Run > wmimgmt.msc
    WMI Control (local) [Right Click] Properties
    Security > Root > Security
    Administrators - all 9 = Allow
    Authenticated Users - Execute Methods, Provider Write, Enable Account = Allow
    Everyone - Execute Methods, Provider Write & Enable Account = Allow
    Local Service - Execute Methods, Provider Write & Enable Account = Allow
    Network Service - Execute Methods, Provider Write & Enable Account = Allow

    4. Rebuild WMI repository (We didn't need this one but I'll list it anyway)

    On XP Client. Start > Run > cmd

    rundll32 wbemupgd, UpgradeRepository
    winmgmt /clearadap
    winmgmt /kill
    winmgmt /unregserver
    winmgmt /regserver
    winmgmt /resyncperf

    Hope that helps...!!

    Last edited by QuattroDave; 21st February 2013, 11:20.


    • #3
      Re: SBS 2011 Console Security Status?

      What OU in AD is the PC in? Or, how did you join the PC to the SBS Domain?

      All of that should be done automatically, but the GPOs link to the Computers OU under My Business. That's where the SBS connect computer wizard automatically puts new clients, but joining them to the domain the usual way puts them in the default Computers container.

      I also can't think of any reason to have the protocols unbound from the client's NIC: the only time I've ever configured that is on the WAN interface of an ISA/TMG Server.
      BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
      Cruachan's Blog


      • #4
        Re: SBS 2011 Console Security Status?

        All the Client PC's were in the ADUC > Domain > MyBusiness > Computers > SBSComputers OU.

        I don't know how the client PC's were joined as it was a migration and the site was about 6 years old. To be honest my next step would have been to remove from the domain and re-join using the SBS Connect util.

        I agree there is no reason to have the protocols unbound from the NIC, I was just listing the steps we went through to get this issue sorted...