SCCM Client Push Installation Failed with Error 0x800706ba

Issue:

The Configuration Manager client push installation failed with below error.

Unable to connect to remote machine “Computer1.domain.com” using Kerberos with alternate account, error – 0x800706ba.

ccm.log on ConfigMgr site server shows below details:

---> Connected to administrative share on machine Computer1.domain.com using account 'Domain\Account'
---> Attempting to make IPC connection to share <\Computer1.domain.com\IPC$> with Kerberos authentication
---> SspiEncodeStringsAsAuthIdentity succeeded for IPC$ authentication!
---> SspiExcludePackage succeeded for IPC$ authentication!
---> SspiMarshalAuthIdentity succeeded for IPC$ authentication!
---> NetUseAdd succeeded for IPC$ authentication!
---> Searching for SMSClientInstall.* under '\Computer1.domain.com\admin$\'
Submitted request successfully
---> Unable to connect to remote machine "Computer1.domain.com" using Kerberos with alternate account, error - 0x800706ba.
--> NTLM fallback is enabled, remote machine "Computer1.domain.com" is continuing with client push.
---> Unable to connect to remote machine "Computer1.domain.com" using Kerberos with alternate account, error - 0x800706ba.
---> Unable to connect to remote machine "Computer1" using Kerberos with machine account, error - 0x80070005.
---> Unable to connect to WMI on remote machine "Computer1.domain.com", error = 0x800706ba.
---> Unable to connect to WMI on remote machine "Computer1", error = 0x80070005.
--> NTLM fallback is enabled, remote machine "Computer1" is continuing with client push.
---> Unable to connect to WMI on remote machine "Computer1", error = 0x80070005.
---> Deleting SMS Client Install Lock File '\Computer1.domain.com\admin$\SMSClientInstall.P01'

Cause:

The above error indicates that SCCM site server was unable to establish a connection with client over RPC ports. This may happen due to below reasons:

  • The RPC port 135 / Dynamic Ports are not opened between SCCM site server and client
  • The firewall application installed on client machine is blocking inbound traffic over RPC ports

Solution:

Ensure that all the ports required for ConfigMgr Client Push deployment method are opened in network firewalls.

Ports Required for ConfigMgr Client Push Installation

The following ports are required between SCCM site server and clients for client push installation to work.

Server Message Block (SMB) TCP Port 445 : The SCCM site server use this port to connect with admin$ share and copy batch file to client.

Remote Procedure Call (RPC) – TCP & UDP Port 135: The SCCM site server use this port to connect with Windows Management Instrumentation (WMI) on client. Once connection is established, SCCM site server execute the batch file to initiate client installation.

Remote Procedure Call (RPC) Dynamic ports ( TCP 1024-5000, TCP 49152-65535) – The SCCM site server establish initial connection with client over TCP/UDP port 135. The consecutive connections are established on dynamic ports picked randomly from the range specified above.

If all the above mentioned ports are allowed in the network firewall and you are still getting 0x800706ba error then firewall application installed on the machine might be blocking inbound connection. You can disable the firewall application on a machine and then retry client push. If that works then you need to work with your organization security team to allow necessary exceptions in firewall applications to allow inbound traffics on above mentioned ports.

The following applications should be allowed in Windows defender firewall.

  • File and Print Sharing
  • Windows Management Instrumentation
  • Remote Procedure Call

Related Posts:

Subscribe to Techuisitive Newsletter

Be the first to know about our new blog posts. Get our newsletters directly in your inbox and stay up to date about Modern Desktop Management technologies & news.

Scroll to Top