Access Denied error from agent install in remote office after update to 10.1.2137.9

Access Denied error from agent install in remote office after update to 10.1.2137.9

Early apologies for the wall of text...

We've been running with local + 2 remote offices for a few months without any trouble when today I noticed a new workstation that was deployed at one of the remote offices did not pick up the agent. The message in MEDC showed "Access denied" for the agent installation on that workstation. We verified the remote domain credentials had not been changed and confirmed AD sync still worked successfully.

I contacted chat support about it and was basically told "there is a problem with Windows 10 version 1903 and later that causes this. We're studying the issue; go install agents some other way." Except it has been working fine for months on 21H1 builds... Not to mention how baffled I am that this could still be an open issue almost 3 years after the release of 1903...

After looking through the Central Server agent install log (C:\Program Files\DesktopCentral_Server\logs) I could see:
  1. [11:26:20:250]|[01-21-2022]|[AgentInstallerLogger]|[WARNING]|[21880]|[SERVER-22f14c98-xxxxxxxxxxxx]: Copying msi Files to '\\xxx.xxx.local\Admin$\TEMP\DesktopCentralAgent\DesktopCentralAgent.msi' Failed(5)|
  2. [11:26:20:250]|[01-21-2022]|[AgentInstallerLogger]|[INFO]|[21880]|[SERVER-22f14c98-xxxxxxxxxxxx]: PrintErrMsgFromID:  Error Message: Access is denied.
After MUCH digging I found that the Central Server is pushing the agent to the remote office instead of using the remote Distribution Server (which seems wrong..) AND was using the remote credentials to do the copy. This resulted in an "Access Denied" message on the local files when copying because the remote credential has no access to the local (Central Server) file system.

Lucky for me we have domain trust set up so I was able to grant the remote office credentials "read" access to the following folders (found in the log mentioned above):
  1. C:\Program Files\DesktopCentral_Server\webapps\DesktopCentral\agent
  2. C:\Program Files\DesktopCentral_Server\webapps\DesktopCentral\client-data
After making the permission change on the Central Server I re-initiated the agent installation from the MEDC web interface and watched the agent finally install without error. I verified I could see the workstation in "Inventory" and it was assigned to the correct remote office.

Any other folks having the same issue after the update? Is it expected that agent installs are pushed from the Central Server instead of the local Distribution Server?

      New to M365 Manager Plus?
      New to M365 Manager Plus?
        New to RecoveryManager Plus?
        New to RecoveryManager Plus?
          New to Exchange Reporter Plus?
          New to Exchange Reporter Plus?
            New to SharePoint Manager Plus?
            New to SharePoint Manager Plus?
              See all integrations
              New to ADManager Plus?
              See all integrations
              New to ADManager Plus?

                New to ADSelfService Plus?

                Start your free trial
                Start your free trial



                          Related Products