Issue with user based deployment
Question
Hello Expert,
I need help in resolving issue related to userbased deployment
1. Package is created and user based deployment is done based on ad group memnership.
2. Application not getting available for few users.however those are part of ad group.
3. this users are gettingchine based policy on there device
4. while checking logs i found error in ccm messaging.log, which occurs only for user based policy is initiated.
error as below :
post using domainuser id security context failed due to integrated window authentication failure.
post to http://servername/ccm_system_windowsauth/request failed with 0x80070005
outgoing messages(queue=’mp_[http]mp_policymanager’,id ={} ; will ne discarded (0x80070005).
Answers ( 13 )
Is there a specific reason that the application is deployed to user collection vs computer collection?
Deploying to user collections can create additional issues especially when the users are logging into multiple computers or to a computer which is not his or her primary device, etc. Whenever they login to any device, the policies and detection will determine if the app is on that device or not for that user. If it’s not, then it installs, even though it shouldn’t because that is not the primary device of the user.
I always deploy applications to computer collections. If you are concerned that you need more control of who can install the app on their device, you can set the request for approval flag during the deployment steps and the end users will have to request to install and the SCCM admin can approve or decline from the SCCM console.
But, if the clients can’t find the MP, then that’s a different issue altogether.
cliet req. it is…..
also found an error in policyagent.log related to user based policy – synchronous policy assignment request with correlation guid () for user id() completed with status 80070005….
same accdss denied issue as well
If users were not downloading the policy object…. Can you please check the solutions or already checked –
http://blog.configmatt.com/2018/03/resolving-issues-with-user-policy.html
Thank you for providing link, I have checked but not yet applied. Can you please help in understanding? we have to make those two registry addition on our primary server where client trying to report..
Am i correct?
Yes! Its suggested to change on site server.
Hello Manisha –
-Check whether multiple users not connected to a devices.
– This is also happening when user associated with multiple AD groups.
Could you please check the reference link for possible reasons in details
– http://networksteve.com/enterprise/topic.php/Application_Not_Visible_to_user_published_to_user_collection./?TopicId=93432&Posts=8
Please let us update!!
Hi Jitesh,
Yes, I have checked dis link already but still issue persist….. we have informed user to get it removed from not required ad groups instead of making changes as suggested
1. Was the AD group newly created for this deployment ? if yes, then make sure users have re-logged in for this new group membership to apply.
2. Is there any schedule configured for the deployment to be available and to install ? if yes, then check UTC / Client Local time
3. Make sure the target collection in SCCM is updated and there is no issue in discovery from AD to SCCM
Hi Kayyum,
AD group is old… deployment is available install and it is working for other users except few user
Are these few affected users visible in the SCCM Collection which is created for this deployment ?
Correct…. not all users are facing dis issue
sorry, I am confused 🙂
“Correct” means you see users in the collection or you don’t see users in collection ?
only few users are facing this issue..now also found error in locationservice.log, it is not able to find mp