Unable to deploy the landesk agent remotely on Windows 10 client computers in a Workgroup environment

Version 4

    Verified Product Versions

    Endpoint Manager 9.5Endpoint Manager 9.6Endpoint Manager 2016.xEndpoint Manager 2017.x

    Environment

     

    Workgroup environment

     

    Core server:

    LDMS 9.6 SP2

    LD96-CP_BASE-2015-0812F patch for Windows 10 support

    Windows 2012 R2 standard

     

    Client computer:

    Windows 10

     

    Both client computers and core server are part of the same workgroup

     

    Issue

     

    Even though everything is properly configured in the Core server and the proper permissions were given to the Alternate Credential in the Core server itself and the target clients,  the Scheduler Service account is not able to push the agent to the target clients.

     

    In the Landesk console, the agent deployment task fails with error code 1087 - "Unable to contact the specified machine"

     

    Additionally, the Raxfer.log on the core server shows the following entries:

     

    creating dir C:\$ldcfg$

    7044: WNetAddConnection2() failed 5, user="user_test"

    7044: WNetAddConnection2() with local domain failed 2202,user="user_test"

    7236: WNetAddConnection2() failed 5, user="user_test"

    7236: WNetAddConnection2() with local domain failed 2202,user="user_test"

    RemoteExecute failed retCode=-2147482239, No response from the target machine. Some common causes are the machine

    Done: retCode=-1 mStatus=3 mRetCode=1087

     

    Resolution

     

    By default, in Windows 10 the remote UAC feature is enabled in a workgroup environment. Remote UAC prevents local accounts from running in an elevated mode when connecting from the network.

    As a result, access to the ADMIN$ share will fail even if the account provided in the Scheduler tab has administrative rights on the target machine.

     

    You can disable the remote UAC feature by editing the Windows registry on the client computer:

     

    1) Navigate to

     

    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System.

     

    2) Create a DWORD value called LocalAccountTokenFilterPolicy

     

    3) Enter "1" as value

     

    4) Reboot the machine

     

    image 1.jpg

     

    Now the agent should be successfully deployed to the Windows 10 client computers


    For further information on this topic: https://community.landesk.com/support/docs/DOC-2112