3 Replies Latest reply on May 18, 2017 7:06 AM by phoffmann

    LocalSystem / sdclient.exe error when deploying distribution packages

    1977-ITGuy Apprentice

      Have a strange issue here.  I have a software depot set up with the appropriate permissions (I think.)  I have several packages on this share and many of them deploy without any issues (batch, msi, exe.)  Other packages on this share however give me the infamous "sdclient.exe or the installation program was terminated at the client" error.  If I change from LocalSystem to my sysadmin account, it deploys successfully.  If I change it back to LocalSystem, it fails with the sdclient error.  What is so confusing to me is some work and some don't but they all reside on the same network share.

       

      This probably is related to permissions on the share.  What frustrates me is the fact that the same exact share has successes (using both sysadmin and localsystem) but failures using LocalSystem for some.  How does one successfully create a software network share that allows LocalSystem access to the share? Is there something else going on that I am missing?

       

      _____

      LD 9.6 SP2

        • 1. Re: LocalSystem / sdclient.exe error when deploying distribution packages
          masterpetz ITSMMVPGroup

          Hi,

           

          the problem with local system is, it can't access network shares because local system acts as the computer itself. If you want to have access to a network share with local system, you have to give the AD computer account read rights to the network share. For a client in you domain with hostname "client1" you have to configue read rights on your share permission for "client1$" for example. Not very scaling but doable...

           

          Second option, you can create a so called null session share which grants access to shares without any permission needed. This means a security risk and I wouldn't do this and to be honest, I don't know if this works on server versions above 2008.

           

          The third option, this is the one I would prefer is to define a preferred server where you can configure an account that has read right on your share. If a client connects to this share while software distribution, it will always use this account and you don't have to worry about anything else. You will find a short description how to create a preferred package server here:

           

          How to configure a Preferred Package Server

           

          Hope this helps...

           

          Kind regards

          Christian

          • 2. Re: LocalSystem / sdclient.exe error when deploying distribution packages
            1977-ITGuy Apprentice

            I will give that a try.  I am still confused as to why I can deploy packages from the same share as localsystem and not have any issues yet others seem to cause me grief.

            • 3. Re: LocalSystem / sdclient.exe error when deploying distribution packages
              phoffmann SupportEmployee

              NTFS shares *used to* be able to be accessible to "LocalSystem" by adding the "Domain Computers" account (granted, this is going back quite a while, I hope that's still true).

               

              It's one of the reasons why HTTP-shares are as popular (they're not hard to set up) - because you don't have to worry about NT-authentication slipping you up / "deciding to misbehave" for whatever reason.

               

              You can also run an installer / downloader "in a specific user context" ... which then allows you to access said NTFS share "as that user" instead of "Local System". If you want to script / batch up download commands using LANDesk tech - that's quite doable. See the article here -- How to use PEDownloader.exe to Duplicate / Troubleshoot Software Distribution -- on how to do that (not hard) .

               

              Hope this helps a bit .