SCCM 2012: Local content cache failed for Workgroup machine

I have an SCCM 2012 single primary site infrastructure with two DPs configured for HTTP. Test clients are not joined to the domain. Network Access Account is properly configured.

All deployments configured to run directly from DP work fine.

Issue: Deployments configured to “Download content from distribution point and run locally” including all Windows Updates fail.

Errors (example – a windows update):

 

UpdatesHandler.log	CAS failed to download update (4dfda4a4-f124-4589-bd1b-a6f45b71db16). Error = 0x80070005. Releasing content request.
DataTransfer.log	Error sending DAV request. HTTP code 401, status ‘Unauthorized’
CAS.log	Download failed for content 0e47d69c-240c-44e1-89c5-12333cd5fcf9.1 under context System, error 0x80070005

I am not sure why Network Access Account was not used. But it looks like it tried to use Local System Account for the Workgroup machine and failed with “Access Denied”.

Resolution: I enabled Anonymous Authentication for SMS_DP_SMSPKG$ folder in IIS and verified it set for IUSR user (I am using Server 2008 R2)

Note: the settings periodically flipped back to “Disabled”   I finally found a KB explaining the behaviour. http://support.microsoft.com/kb/2682514 .  You basically need to enable anonymous connection in properties of DP:

 

Cheers,

Alex

Advertisements