Jump to content


drewz99

ConfigMgr System Account Removal Errors

Recommended Posts

Question for all the SCCM 2012 R2 Admins:

 

Basic overview:

 

In an attempt to get a customers patching working correctly, I recently remoted in to find critical warnings at every turn.

I was able to resolve the storage issue by expanding the drive size.

I was able to resolve the sccmadm access errors by having the customer reset the password for that account ( I do not have that ability as a contractor for them)

I had to stop/delete/remove all applications/packages/and process that were "hung" due to the storage/access issues.

 

Here's where things get a little odd:

I went to remove the SUP role for reinstallation and within 6ms of doing so, the server started showing the below message in the Event Viewer along with nearly every CM log:

 

Login failed for user 'DOMAIN\SCCM2012$' Reason:Could not find a login matching the name provided. [CLIENT:<local machine>].

 

After a thorough investigation, the problem was located and it appears as if the NT Authority\System account no longer had access to the CM Site DB. Upon adding the NT Authority\System account back in, the errors stopped and all service started back up.

 

The problem here is now, that the customer is telling me this was caused by removing the SUP role and they are not willing to pay for the time to resolve that particular issue. I have never seen this issue before? Could this account have been removed some time ago and the call to remove the SUP role have initiated the NT Authority\System account for removal then noticed it was no longer there? If I understand correctly, the removal of a system account would need domain admin/DBA permissions which neither I, nor the local system account have. Any thoughts as the why this error presented itself during the uninstallation of the SUP role? This has turned into the customer pointing fingers at me, most likely, due to an issue they created for themselves at some point in time....

 

Thank you in advance for your time and the sharing of your knowlede.

 

 

Share this post


Link to post
Share on other sites


Sorry to hear your customer is being difficult.

 

Unfortunately this is a tough one to answer and a very rare scenario. First thing i would do is setup a lab environment and try to replicate what you suspected. Set up your lab, trash the "nt system" account and try to get a feel of how sccm behaves. I know you wont be able to replicate the issue like for like but at least youll be able to determine (and prove) that to tinker with "nt system" you need admin privileges which you say you didnt have at your customers site.

 

If possible the logs from the customers site would help too although depending on how long ago this issue occured they may have been overwritten

Share this post


Link to post
Share on other sites

I've performed the removal and addition of the SUS role in my lab and at another customers site. system account was not removed from the site db. Not sure what the previous customers did, but, I am certain that the error was not caused by the removal of the SUS role.

Share this post


Link to post
Share on other sites

I've performed the removal and addition of the SUS role in my lab and at another customers site. system account was not removed from the site db. Not sure what the previous customers did, but, I am certain that the error was not caused by the removal of the SUS role.

Then that is you answer to them. You tell them that you tested it again, in your environment and the account didn't get removed. and therefore it is something special within their environment.

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...

×
×
  • Create New...