Agent Deployment Results in error: "Unable to contact the specified machine" 1087

Version 6

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    Description

    When trying to push a new agent configuration to unmanaged devices, the scheduled task fails with the following error message:

    Unable to contact the specified machine. The machine may be off or unreachable.

     

    Cause

    1. The LANDesk Scheduler Service account does not have permissions to write to the clients C$ or Admin$ share.
       

      Note:For ease of user management for deployment, devices should be part of an Active Directory Domain.
    2. Simple file sharing is enabled on the target workstation.

    3. File and printer sharing for Microsoft networks is disabled on the target workstation.

    4. The Windows Firewall (enabled by default in Windows XP with Service Pack 2) will block remote connections when enabled.

    5. Other third party firewalls can block remote connections if enabled.

     

     

     

    Resolution

    Depending on the cause, different resolutions may be required.  Below is a list of possible resolutions to this issue.

     

    1. Configure the Scheduler Service account on the Core Server to run as a user account that has administrative privileges on the target workstations.

      1. On the core server, open the LANDesk Management Suite console.

      2. Go to Configure | Services | Scheduler.

      3. Click on Change Login.

      4. Change the service login account to be that of a user with administrator permissions on the target devices of the scheduled task. This is normally a domain administrator account. Ensure all domain accounts use the format Domain\UserName. If some of your targets are not part of a domain, you may also specify additional accounts in the Alternate credentials section.

      5. Click OK.

      6. When prompted, restart the Scheduler service.

      7. Restart the Agent Deployment scheduled task.

    2. If there is a Domain Policy (GPO) to Force Security Accounts enabled on the Domain Controller. Disable this to resolve the rights issue.

    3. If the target workstation is not a member of a Domain, disable simple file sharing on the target workstation.

      1. Within windows on the target workstation, open Explorer.

      2. Select Tools | Folder Options | View.

      3. Scroll to the end of the list under Advanced Settings and remove the check mark from Use simple file sharing (Recommended).
         

        Note:To make the change from the registry, open regedit and browse to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa and edit the ForceGuest REG_DWORD and change the value to decimal 0.
    4. If File and Printer Sharing for Microsoft networks is disabled, it must be enabled. 

      1. Within windows on the client machine open up properties on "My Network Places".

      2. Choose properties for the appropriate network connection.

      3. Ensure that File and Printer Sharing for Microsoft networks is checked. 

    5. Install the agent manually by browsing to
      CoreServer\ldlogon and running WSCFG32.EXE.

    6. Verify the problem isn't a firewall issue.

      1. Disable the Windows firewall on the XP machines.  Use a Domain GPO if needed.

      2. Deploy the Agent Configuration
         

        Note:Once the agent is installed, the agent services are automatically registered with the Firewall as exception.  The Firewall can now be enabled. 
    7. Verify that access to the C$ and Admin$ shares is not being blocked.

      1. If access is being blocked to the and Admin$ shares, have them determine the reason this is so in their environment and test again once the issue is resolved. 
         

        Note:Have the administrator contact Microsoft or search the web for common reasons for why the C$ and Admin$ shares are unavailable.