Deployment failed

[cmrapa]

I am having the worst luck with deployment....


I can install manually on the client however I want to deploy via Active Directory.

The error I get is on the attached .jpg


I am using the domain administrator account...  and the Firewall is completely disabled on the client and server.

[attachment deleted by admin]

[MichelB]

Hi cmrapa,

Is your ESM installed on a Win 7 or Win 2008 RC2 box? If so, please see if you can manage the target from the Windows msc console. Also please ensure that your ESM host can open admin$ on the target (Start > Run > \\target_name\admin$). If it cannot please enable file and printer sharing on the target.

Regards,
Michel.

[cmrapa]

CESM is on Windows Server 2008 R2 Standard 64-bit server
Target Windows 7 Professional 32-bit


I can open Computer Management on the CESM server, and remotely manage the TargetComputer
I can access \\TargetComputer\Admin$
File and Print Sharing is enabled on the target

[MichelB]

Is the domain administrator's name in the local machine's "Administrators" folder under "Local Users and Groups"?

Regards,
Michel

[cmrapa]

The domain\Domain Admins group is listed, i manually placed the single user entry on the server and client with the same result.

[MichelB]

ok, so server to client seems fine let's see what happens from client to server.

1) Please stop the ESM server service, enter the server's IP address in the Configuration Tool under "Main Settings" - "Server Addresses", restart the ESM server service.
2) Can you telnet to server_name port 9901 and/or server_IP port 9901 from the target to the server?

Michel.

[cmrapa]

When I type in from the client side in the command prompt:

telnet SERVERNAME 9901 or telnet  192.168.123.123 9901

I get a blank screen with a with flashing white cursor (no error messages though)

[MichelB]

Cool, that is what you should get. Next step-

Please run this command on the target (in a cmd prompt)

winrm get winrm/config

and post the output here.

One other question, is UAC enabled on the target?

Michel.

[cmrapa]

C:\Users\administrator.asdf>winrm get winrm/config
Config
    MaxEnvelopeSizekb = 150
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 15
        EnumerationTimeoutms = 60000
        MaxConnections = 25
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = false
        Auth
            Basic = false
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 180000
        MaxConcurrentUsers = 5
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 15
        MaxMemoryPerShellMB = 150
        MaxShellsPerUser = 5

[cmrapa]

Sorry that was the command info from the server I will post target in a sec

[cmrapa]

Ok on the first round on the target, I got...

C:\Users\cmrapa>winrm get winrm/config
WSManFault
    Message = The client cannot connect to the destination specified in the requ
est. Verify that the service on the destination is running and is accepting requ
ests. Consult the logs and documentation for the WS-Management service running o
n the destination, most commonly IIS or WinRM. If the destination is the WinRM s
ervice, run the following command on the destination to analyze and configure th
e WinRM service: "winrm quickconfig".

Error number:  -2144108526 0x80338012
The client cannot connect to the destination specified in the request. Verify th
at the service on the destination is running and is accepting requests. Consult
the logs and documentation for the WS-Management service running on the destinat
ion, most commonly IIS or WinRM. If the destination is the WinRM service, run th
e following command on the destination to analyze and configure the WinRM servic
e: "winrm quickconfig".


So I checked the services and Windows Remote Management (WS-Management) is set to manual...  I started the service and got...

C:\Users\cmrapa>winrm get winrm/config
Config
    MaxEnvelopeSizekb = 150
    MaxTimeoutms = 60000
    MaxBatchItems = 32000
    MaxProviderRequests = 4294967295
    Client
        NetworkDelayms = 5000
        URLPrefix = wsman
        AllowUnencrypted = false
        Auth
            Basic = true
            Digest = true
            Kerberos = true
            Negotiate = true
            Certificate = true
            CredSSP = false
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        TrustedHosts
    Service
        RootSDDL = O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GWGX;;;WD)
        MaxConcurrentOperations = 4294967295
        MaxConcurrentOperationsPerUser = 15
        EnumerationTimeoutms = 60000
        MaxConnections = 25
        MaxPacketRetrievalTimeSeconds = 120
        AllowUnencrypted = false
        Auth
            Basic = false
            Kerberos = true
            Negotiate = true
            Certificate = false
            CredSSP = false
            CbtHardeningLevel = Relaxed
        DefaultPorts
            HTTP = 5985
            HTTPS = 5986
        IPv4Filter = *
        IPv6Filter = *
        EnableCompatibilityHttpListener = false
        EnableCompatibilityHttpsListener = false
        CertificateThumbprint
    Winrs
        AllowRemoteShellAccess = true
        IdleTimeout = 180000
        MaxConcurrentUsers = 5
        MaxShellRunTime = 2147483647
        MaxProcessesPerShell = 15
        MaxMemoryPerShellMB = 150
        MaxShellsPerUser = 5

I attempted to redeploy to the client(target) and I received the same error.

[MichelB]

please run (from a cmd prompt)...

winrm quickconfig

accept all options.Please then reboot the target. UAC disabled please.

Michel.

[cmrapa]

I just got done fixing the issue...

I ended up on the server, going to services -> right click on COMODO ESM Server -> properties... going to the Log On tab ->  selecting This account -> and inputting the domain administrator information -> clicking apply -> stopping and restarting the service.


No idea why Local System does not work but this fixed it for me.

Thanks.

[MichelB]

you installed ESM 3  as a domain admin - yes?

Regards,
Michel

[cmrapa]

Yes I installed it as the domain admin...

Thanks,
Carlos