Service Manager software deployment issue “System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))”

2017-12-08T17:25:41+00:00 March 28th, 2011|Azure, Cloud, Windows|

We came across the below issue recently in Service manager , we were using the self service portal which was set up so that users were able to request software and get it installed on there machine.

The System Center configuration manager had been set up and was syncing every day, however when users requested software the software request would come through but would fail and never get installed on the users machine.

The first thing i did was check the ‘Software Deployment workflow’ status, so i could see the reason of the failure. I viewed the log of the failed deployment and expanded the failure details and the following error was given. “System.UnauthorizedAccessException: Access is denied. (Exception from HRESULT: 0x80070005 (E_ACCESSDENIED))”

image

We managed to get this resolved by giving the correct permissions to the Service manager accounts, please see below.

On the SCCM Server

  1. Add the Service Manager Services and Service Manager Workflow accounts to the SMS Admins group
  2. Grant the SMS Admin group the appropriate DCOM perms to SCCM console connections
  3. Add appropriate permissions to the Service Manager services and workflow accounts in configuration manager
  4. Reboot SCCM Server

Step 1 – Add Service Manager Accounts into the SMS Admins

 

  1. Open Local Users and Groups
  2. Navigate to Groups and SMS Admins
  3. Add the Service Manager Services and Service Manager Workflow accounts

Step 2 – How to Configure DCOM Permissions

 

  1. Open Component Services on the SCCM Server
  2. Expand Component Services > Computers
  3. Right Click on My Computer and go to properties
  4. Navigate to the COM Security Tab and Edit Limits under Launch and Activate Permissions
  5. Add SMS Admins and give it the Local Launch and Remote Activation Permission

Step 3 – Permissions for the Service Manager Accounts

 

Grant the following rights to the “Service Manager services account” within SCCM

Site – Read

Configuration Items – Read, Modify, Administer, Create and Network Access

Collections – Read

Advertisements – Read , Administer, Manage Folders

Packages – Read

Grant the following rights to the “service manager workflow account” within SCCM

Site – Read

Configuration Items – Read, Modify, Administer, Create and Network Access

Collections – Read, Modify, Delete, Advertise, Modify Resource, Administer, Delete Resource, Create, Read Resource, Modify Collection String and View Management Controllers

Advertisement – Read, Modify, Delete, Administer, Create and Managed Folders

Packages – Read, Modify and Administer

 

Step 4 – Reboot Server

Rebooted the SCCM Server , tested requesting software and all Service Manager software deployments worked Smile

image