Jump to content

Failed to create remote service


Recommended Posts

I'm using the management console to push out the client to two of our laptops running Windows 7.

Both are logged in with a domain admin account.

When pushing the client, I am using my domain admin credentials.

It has worked on 12 other clients so far, but these 2 laptops receive the error

"Installation failed. Access is denied. Failed to create remote service"

 

I've run windows update several times on one laptop and is up to date.

 

Any advice?

Link to post
Share on other sites

Hello Pyzro,

 

To preface, this may require us to pull some logs. These logs could potentially contain private information you may not want shared on a public forum. If this kind of information is required we can move this over to a private support ticket.

 

So let us start with, when performing the push install did you use the "Enable WMI" option? If you did not please try using this option.

Link to post
Share on other sites

When installing using the WMI option, I receive the error:

"Installation failed. The RPC server is unavailable. Please allow WMI through Windows Firewall"

 

Windows Firewall is not enabled, and we are running Symantec Endpoint Protection.

 

Looking at services, the 'Remote Procedure Call' is set to 'Automatic' and is currently started.

the 'Remote Procedure Call Locator' was not started.  I have started the service and tried again. 

 

Same result.

Link to post
Share on other sites

Alright let's look at the settings on the Laptop. Please ensure the following settings are in place then attempt a push.

 

- NetBIOS is enabled

- File sharing is enabled

- Network discovery is enabled

 

If this push fails please check the communication to the server from the laptop using the following methods.

 

- Ping test from Client to Server

- Telnet from Client to Server over port 18457

Link to post
Share on other sites

Netbios was set to default. Selected the enabled option and tried again- same result.

File Sharing and Network discovery for home/work was enabled

File Sharing and Network discovery for the Domain was disabled

-I enabled network discovery and tested using WMI- failed

-I enabled file and printer sharing and tested using WMI- failed

- I tested with everything enabled without WMI- failed to create remote service.

 

Restarted the computer and ran install again

with WMI- failed

without- failed

 

Ping test successful.

telnet does not seem to want to connect through that port

After a long connection attempt, I get a blank screen with a message saying press any key to continue, then I lose connection to host after pressing a key.

If I try pinging the standard port 23, I immediately get a connection failed error

Link to post
Share on other sites

Let's try a different kind of test. From the policy pane within the management console you have the option to generate a installation package. Please create one as an exe out whichever policy you would like. Then try manually installing this onto the laptop. We are looking for two things here. First, whether or not the client software can be installed on the system. Second, is if the client software will register to the server. If you are able to install, please check the management server to see if the laptop shows up in the client list on the client pane. Please let me know the results.

Link to post
Share on other sites

That was my solution for the other laptop. 

It did connect and shows up in the client list as of yesterday.

Today it appears that the system is showing up with the status of 'Offline'

The computer is powered on and logged in using another users domain admin credentials.

 

I've attempted to use the update database command, but it does not come back online.

I can ping from the server to the client and from the client to the server.

Link to post
Share on other sites

Alright. There is a file, the Sccomm log, that the client software creates. This file shows the communication between the server and client. I would like to look at it. It may help us to determine what kind of communication issues you are facing. It is important to note that this file can contain network addresses and mac addresses. I would recommend that we take this to a private support ticket, as this content is generally considered to be confidential. Please send me a private message including your contact email. I will then open the ticket and send instructions on pulling this log.

Link to post
Share on other sites

Alright- I have found a resolution.

 

Even though Symantec Endpoint Protection has windows firewall disabled, there was still some settings in the windows firewall that was preventing access.

These are the steps that I went through:

 

·  In your search box type "wf.msc",  this will open the Windows Firewall settings.

·  On the tree in the left panel,  click on "inbound rules".

·  In the inbound rules find and enable the # (There were 6 listed for me)  rules named "Windows Management Instrumentation (***)".

 

I then pushed the client through WMI successfully (without WMI still failed)

I do not know which ones specifically effected this situation, but there is a column labeled profile, which selects the different network profiles (Private, Public, Domain, All)

I’m assuming that the Domain profiles are the culprit.

 

I did the same steps to the other laptop- While only enabling the firewall rules pertaining to the domain, and was able to successfully install the software via WMI.

Link to post
Share on other sites

  • 1 year later...
  • Staff

Pyzro - so you had to manually enable the Windows Management rule on every PC? I'm having the same exact problems you mention. I'm hoping I do not have to visit each machine! Let me know... 

 

Hello Philly,

 

I can assist you with this if you want to bring it to a private support ticket. If you happen to have a GPO on your environment, you can push out a group policy to change this on all of your machines which may make things a lot easier for you. There is a Microsoft forum post that has helped other customers that I have worked with that gives detailed steps for this:

 

https://social.technet.microsoft.com/Forums/windowsserver/en-US/84c78946-eb05-4068-877d-489153419d13/how-to-enable-the-wmi-entry-in-the-firewall-configuration-using-gpo-on-win7?forum=winserverGP

 

Thank you,

 

Ron S

Link to post
Share on other sites

  • 2 years later...

out of 11 client systems, only one will not install.

 

I have gone through all the previous steps in this topic.

I have created an install file using the default policy and have been able to successfully install Malwarebytes on this client, however, the console still thinks it is not installed and shows the status "failed to create remote service"

I have also gone into the local firewall and created both in an outgoing and incoming rule to allow MBAM.exe traffic. on the client.

 

Any advice would be helpful!

Link to post
Share on other sites

  • 2 weeks later...

Hi @jforman, you are looking at a cached historic result from the last action the client push tool made. You can disregard the client push tool still showing old info, it will not update unless you use the option "scan and detect client software'. If the machine shows up in the client view and is seen as online, there's nothing more you need to do.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.