Last day I came across a strange validation error when I was running a SCCM 2012 installation using the Jumpstart Hydration Wizard. The error itself is not strange, but the solution to it had never crossed my mind. Until now.
The machine I was trying to hydrate was a clean workgroup Windows Server 2012 R2. Firewall was turned off, UAC was tured off, I used the local admin account. Everything looked good, but I couldn’t connect to it using remote WMI. The WMI call the Hydration Wizard is trying to do is the following:
Namespace: \\192.168.19.35\root\cimv2
Query: SELECT SessionId FROM Win32_Process WHERE Name = 'explorer.exe' User: 192.168.19.25\Administrator Password: ***
I actually got the same result (Access denied) when trying to connect to the remote machine with wbemtest.
The solution, in this case, was to add a registry key that disabled Remote UAC. Turning the “regular” UAC off wasn’t enough obviously. If you encounter the same issue try add the following key to your remote machine:
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System] "LocalAccountTokenFilterPolicy"=dword:00000001
Once the key was added everything worked fine. No reboots, no nothing.