Microsoft

System Center Configuration Manager Feedback

Suggestion box powered by UserVoice

How can we improve Configuration Manager?

SMSAdminUI should log the username which launched the console.

SMSAdminUI should log the user name which launched the console.

Currently SMSAdminUI does not log who launches the SCCM console instead reporting
------
[1, PID:4364][03/06/2019 16:49:13] :**************** Console: Trace started ****************
[4, PID:4364][03/06/2019 16:49:15] :Connecting using the current user's credentials
----

If this user does not have permissions in SCCM the following error is returned:
-----
[4, PID:4364][03/06/2019 16:49:18] :Transport error; failed to connect, message: 'The user account running the Configuration Manager console has insufficient permissions to read information from the Configuration Manager site database. The account must belong to a security role in Configuration Manager. The account must also have the Windows Server Distributed Component Object Model (DCOM) Remote Activation permission for the computer running the Configuration Manager site server and the SMS Provider.'\r\nMicrosoft.ConfigurationManagement.ManagementProvider.SmsConnectionWithDetailException\r\nThe user account running the Configuration Manager console has insufficient permissions to read information from the Configuration Manager site database. The account must belong to a security role in Configuration Manager. The account must also have the Windows Server Distributed Component Object Model (DCOM) Remote Activation permission for the computer running the Configuration Manager site server and the SMS Provider.\r\n at Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.ValidateConnectionParameters(ConnectionManagerBase connection)
at Microsoft.ConfigurationManagement.AdminConsole.SmsSiteConnectionNode.GetConnectionManagerInstance(String connectionManagerInstance)\r\nNo details are available for this error.\r\n
-----

Again the username is not mentioned.

The only place the UserName for this connection attempt is logged is in SMSProv.log
------
3/6/2019 4:49:16 PM Context: SMSAppName=Configuration Manager Administrator console
3/6/2019 4:49:16 PM Context: MachineName=PRI.Contoso.com
3/6/2019 4:49:16 PM Context: UserName=CONTOSO\SCCMUserA
3/6/2019 4:49:16 PM Context: ApplicationName=Microsoft.ConfigurationManagement.exe
3/6/2019 4:49:16 PM Context: ApplicationVersion=5.1810.1022.1000
3/6/2019 4:49:16 PM Execute WQL =SELECT * FROM SMS_RBACSecuredObject where ObjectTypeID not in (66,67)
-------

We can further confirm this entry is for the correct user by looking at the next set of entries where it reported the insufficient permissions
------
3/6/2019 4:49:16 PM Context: MachineName=PRI.Contoso.com
3/6/2019 4:49:16 PM Context: UserName=CONTOSO\SCCMUserA
3/6/2019 4:49:16 PM Context: ApplicationName=Microsoft.ConfigurationManagement.exe
3/6/2019 4:49:16 PM Try to refresh AdminSID mapping cache.
3/6/2019 4:49:16 PM Refresh AdminSID mapping cache. Done
3/6/2019 4:49:16 PM >>>>>>Current user do not any RBAC permissions.
----

UserName should be included in SMSAdminUI to make troubleshooting easier especially when the Admin Console is remote from the SMSProvider

1 vote
Vote
Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
You have left! (?) (thinking…)
David Clark shared this idea  ·   ·  Flag idea as inappropriate…  ·  Admin →

0 comments

Sign in
(thinking…)
Sign in with: facebook google
Signed in as (Sign out)
Submitting...

Feedback and Knowledge Base