Issue with user based deployment


Hello Expert,

I need help in resolving issue related to userbased deployment

1. Package is created and user based deployment is done based on ad group memnership.

2. Application not getting available for few users.however those are part of ad group.

3. this users are gettingchine based policy on there device

4. while checking logs i found error in ccm messaging.log, which occurs only for user based policy is initiated.

error as below :
post using domainuser id security context failed due to integrated window authentication failure.

post to http://servername/ccm_system_windowsauth/request failed with 0x80070005

outgoing messages(queue=’mp_[http]mp_policymanager’,id ={} ; will ne discarded (0x80070005).

Answers ( 13 )


    Is there a specific reason that the application is deployed to user collection vs computer collection?
    Deploying to user collections can create additional issues especially when the users are logging into multiple computers or to a computer which is not his or her primary device, etc. Whenever they login to any device, the policies and detection will determine if the app is on that device or not for that user. If it’s not, then it installs, even though it shouldn’t because that is not the primary device of the user.

    I always deploy applications to computer collections. If you are concerned that you need more control of who can install the app on their device, you can set the request for approval flag during the deployment steps and the end users will have to request to install and the SCCM admin can approve or decline from the SCCM console.

    But, if the clients can’t find the MP, then that’s a different issue altogether.


    Hello Manisha –

    -Check whether multiple users not connected to a devices.

    – This is also happening when user associated with multiple AD groups.

    Could you please check the reference link for possible reasons in details

    Please let us update!!


      Hi Jitesh,
      Yes, I have checked dis link already but still issue persist….. we have informed user to get it removed from not required ad groups instead of making changes as suggested


    1. Was the AD group newly created for this deployment ? if yes, then make sure users have re-logged in for this new group membership to apply.
    2. Is there any schedule configured for the deployment to be available and to install ? if yes, then check UTC / Client Local time
    3. Make sure the target collection in SCCM is updated and there is no issue in discovery from AD to SCCM

Leave an answer

Sorry, you do not have permission to answer to this question .