SCCM Client Push Installation Failed with Error 0x800706ba

Issue:

The Configuration Manager client push installation failed with below error.

Unable to connect to remote machine “Computer1.domain.com” using Kerberos with alternate account, error – 0x800706ba.

ccm.log on ConfigMgr site server shows below details:

---> Connected to administrative share on machine Computer1.domain.com using account 'Domain\Account'
---> Attempting to make IPC connection to share <\Computer1.domain.com\IPC$> with Kerberos authentication
---> SspiEncodeStringsAsAuthIdentity succeeded for IPC$ authentication!
---> SspiExcludePackage succeeded for IPC$ authentication!
---> SspiMarshalAuthIdentity succeeded for IPC$ authentication!
---> NetUseAdd succeeded for IPC$ authentication!
---> Searching for SMSClientInstall.* under '\Computer1.domain.com\admin$\'
Submitted request successfully
---> Unable to connect to remote machine "Computer1.domain.com" using Kerberos with alternate account, error - 0x800706ba.
--> NTLM fallback is enabled, remote machine "Computer1.domain.com" is continuing with client push.
---> Unable to connect to remote machine "Computer1.domain.com" using Kerberos with alternate account, error - 0x800706ba.
---> Unable to connect to remote machine "Computer1" using Kerberos with machine account, error - 0x80070005.
---> Unable to connect to WMI on remote machine "Computer1.domain.com", error = 0x800706ba.
---> Unable to connect to WMI on remote machine "Computer1", error = 0x80070005.
--> NTLM fallback is enabled, remote machine "Computer1" is continuing with client push.
---> Unable to connect to WMI on remote machine "Computer1", error = 0x80070005.
---> Deleting SMS Client Install Lock File '\Computer1.domain.com\admin$\SMSClientInstall.P01'

Cause:

The above error indicates that SCCM site server was unable to establish a connection with client over RPC ports. This may happen due to below reasons:

• The RPC port 135 / Dynamic Ports are not opened between SCCM site server and client
• The firewall application installed on client machine is blocking inbound traffic over RPC ports

Solution:

Ensure that all the ports required for ConfigMgr Client Push deployment method are opened in network firewalls.

Ports Required for ConfigMgr Client Push Installation

The following ports are required between SCCM site server and clients for client push installation to work.

Server Message Block (SMB) TCP Port 445 : The SCCM site server use this port to connect with admin$ share and copy batch file to client.

Remote Procedure Call (RPC) – TCP & UDP Port 135: The SCCM site server use this port to connect with Windows Management Instrumentation (WMI) on client. Once connection is established, SCCM site server execute the batch file to initiate client installation.

Remote Procedure Call (RPC) Dynamic ports ( TCP 1024-5000, TCP 49152-65535) – The SCCM site server establish initial connection with client over TCP/UDP port 135. The consecutive connections are established on dynamic ports picked randomly from the range specified above.

If all the above mentioned ports are allowed in the network firewall and you are still getting 0x800706ba error then firewall application installed on the machine might be blocking inbound connection. You can disable the firewall application on a machine and then retry client push. If that works then you need to work with your organization security team to allow necessary exceptions in firewall applications to allow inbound traffics on above mentioned ports.

The following applications should be allowed in Windows defender firewall.

• File and Print Sharing
• Windows Management Instrumentation
• Remote Procedure Call

Related Posts:

• SCCM Application Deployment Failed with Error 0x87d01106 | ConfigMgr
• SCCM Client Installation Failed With Error Code 0x87d00215
• PXE-E99: Unexpected network error – SCCM OSD
• Configuration Manager OSD task sequence fails with error code 0x80004005
• MECM OSD Task Sequence Failed with Error 0x80072EE7
• SCCM Client Push Installation Failed with Error 0x800706ba
• Failed to Add Update Source for WUAgent of type (2) and id ({ID). Error = 0x80004005
• SCCM OSD – Domain Join Failed with Error code 0x54b on HP Elitebook 840 G8
• ccmsetup failed with error code 0x87d00227
• Fix Application Deployment error 0x87d00213 in ConfigMgr
• CMG Connection Point Status Disconnected | SCCM | ConfigMgr
• CMG Setup – Subscription ID drop down not populating
• CMG Setup – Error when granting Contributor permission to the Azure AD app
• Failed to connect with DP – Error Code 0x8004100e | ConfigMgr | SCCM
• SCCM Client Installation Failed with error 0x87d0027e
• ConfigMgr OSD – PXE Troubleshooting
• SCCM WSUS sync error – Sync Failed – WSUS server not configured
• SCCM Software Distribution Troubleshooting