5 Replies Latest reply on Feb 13, 2014 4:09 PM by bwoods

    Access to read the target machines registry...

    Rookie

      We have a fairly secure environment that has a large number of GPOs in place to lock things down.  I am fairly sure that one of them is preventing Shavlik from working correctly.

       

      Here is a same of the ST.ServiceHost.managed.log:

      --------

      2014-02-10T23:15:56.7378449Z 0009 I RescanManager.cs:411|No more rescan items, shutting down rescan thread.

      2014-02-10T23:16:01.2052916Z 0016 I MachineDeployment.cs:1141|Machine name: %HostName%.

      2014-02-10T23:16:01.3353046Z 0016 E MachineDeployment.cs:1093|%HostName%: Access to read the target machines registry using the configured credential was denied

      2014-02-10T23:16:01.3893100Z 0016 E AgentDeployment.cs:213|System.UnauthorizedAccessException: Attempted to perform an unauthorized operation.

         at Microsoft.Win32.RegistryKey.Win32ErrorStatic(Int32 errorCode, String str)

         at Microsoft.Win32.RegistryKey.OpenRemoteBaseKey(RegistryHive hKey, String machineName, RegistryView view)

         at ST.Deployment.MachineDeployment.RemoteSystemDirectory()

         at ST.Deployment.MachineDeployment.get_RemoteSystemDirectoryUnc()

         at ST.BusinessObjects.Deployment.AgentDeployment.DeployAgent()

      2014-02-10T23:16:01.3973108Z 0016 E MachineDeployment.cs:1093|%HostName%: Unable to connect using the configured credential.

      2014-02-10T23:16:25.3887097Z 0016 I MachineDeployment.cs:1141|Machine name: %HostName%.

      2014-02-10T23:16:25.4627171Z 0016 E MachineDeployment.cs:1093|%HostName%: Access to read the target machines registry using the configured credential was denied

      --------

       

      FIPS is required in the environment, but I have it disabled in .config files using:

      --------

      ...

      </st>

      <runtime>

      <enforceFIPSPolicy enabled="false"/>

      </runtime>

      <system.diagnostics>

      ...

      --------

       

      I had this working at one point, but something changed and now only agents that are currently installed will work, and even then, only "kinda".

       

      What is broken:

      - Agent deploys.

      - Manual agent installs (fails to get a policy list).

      - Automatic patching for currently installed agains.

       

       

      Ideas?