Using a service account from a different domain

Comments

8 comments

  • Adam Ruth

    One thing you can try is to disable the service manager TCP connection option, so that it only uses named pipes.  TCP has issues when connecting across domains which named pipes doesn't have.  In Preferences -> Performance set the Service Manager TCP Connection to Disabled.  

    0
    Comment actions Permalink
  • Jeff Inkster

    Thanks Adam,

    I tried your suggestion and rescanned the collection.

    The Scan Status now says, "Access Denied - Failed to connect to ADMIN$ share"

    0
    Comment actions Permalink
  • SelfMan

    Are you entering the credentials as domain\UserName ?

    0
    Comment actions Permalink
  • Adam Ruth

    It sounds like the service isn't fully authenticating to the target computers.  Are the background service user and the scan user the same?  Are you able to open the ADMIN$ share on the target computers with Windows Explorer using the scanning credentials?  

    0
    Comment actions Permalink
  • Jeff Inkster

    @ Selfman: Yes, domain\username are being used. In fact, these credentials are successfully being used in it's home domain.

    @Adam: I actually logged into a local laptop with what I'll call the, 'Domain B Admin account' and found that it doesn't have admin access on the laptop; even though it's part of the Builtin/administrators group in this, 'Domain A'...

    Definitely looking like a Windows credentials issue.

    The weird part is, there are a few computers that do check out in the PDQ inventory list ok.

    A couple more tidbits of info:

    • all machines are Windows 7
    • group policy is enforcing the firewall OFF successfully
    0
    Comment actions Permalink
  • Adam Ruth

    One thing we've found is that turning the firewall off on Windows 7 can cause connectivity problems, since the firewall service is used to perform some of the authentication.  Try turning the firewall on and see if it helps.  Make sure to set these exceptions:

    http://support.adminarsenal.com/entries/21531976-Windows-Firewall-Ports-and-Exceptions

    0
    Comment actions Permalink
  • Jeff Inkster

    Thanks Adam,

    I'll move a couple machines into a test OU and try this out.

    0
    Comment actions Permalink
  • SelfMan

    Once I had some issues with stored credentials which were in conflict. The simplest thing is to clean them up.

    Control Panel\User Accounts and Family Safety\Credential Manager

    0
    Comment actions Permalink

Please sign in to leave a comment.