Microsoft KB Archive/227033

= SMS: Changing the SMSClient_ Password Can Cause Account Lockouts =

Article ID: 227033

Article Last Modified on 10/27/2006

-

APPLIES TO


 * Microsoft Systems Management Server 2.0 Standard Edition

-



This article was previously published under Q227033



SYMPTOMS
This article describes potential problems that can occur when Systems Management Server (SMS) version 2.0 is deployed in a domain that has the account lockout policy enabled. The default setting for account lockout is to lock the account after five incorrect logon attempts with an incorrect password and to unlock the account after waiting one half hour.

If the Client Connection account (SMSClient_ ) password is changed in User Manager for Domains, the account is locked out. The SMS 2.0 clients store the password for this account locally and attempt to use the old password until the client is updated with the new password. The client updates the local copy of the password when the install process is run by running Smsls.bat or Smsman.exe.

Until every client has run the installation process and updated the password, the SMSClient_ account is locked out shortly after it is re-enabled. If the client cannot connect to the Client Access Point (CAP), it tries every hour. The client never becomes aware of the new passwords until it runs the install process. After 60 days without being able to contact the CAP, the client uninstalls itself.



WORKAROUND
To prevent lockouts from occurring, create at least one additional Client Connection account and have every SMS 2.0 client run the install process. This updates the client with the new account information and allows new clients to have access to the CAP. The SMSClient_ account continues to be locked out until every client is updated. Administrators can leave this account locked out or delete it from User Manager for Domains as well as the SMS 2.0 interface. Clients that have not been updated continue to use the wrong password for the SMSClient_ account, continuing to lock it out if it is not deleted, but do not lock out the new Client Connection account.



STATUS
Microsoft has confirmed this to be a problem in Systems Management Server version 2.0.

Additional query words: prodsms

Keywords: kbbug kbprb KB227033

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.