image Here's a unique issue I came across the other day that I thought you might like hearing about.  In this case, we were unable to connect to a ConfigMgr 2007 Secondary Site server from Tools => Service Manager unless we were using a domain admin account.

When attempting to connect to the Secondary Site server in Service Manager we received the following error message:

ConfigMgr Service Manager

Error communicating with the specified ConfigMgr Site Server

This error can occur if the SMS Groups do not contain the proper Site Server computer accounts. 

You may also receive the following error when attempting to connect to the Secondary Site server in Service Manager if the logged on account is not a member of the Secondary Site Server's Local Administrators group:

ConfigMgr Service Manager

Access to the specified server has been denied. You might not have enough security rights to complete this operation

Cause

SMS Group membership and/or Local Administrator group membership configuration is not configured correctly.

Resolution

We found that the ConfigMgr Site Server Computer accounts were not added to the SMS_ groups correctly on the primary site server local groups.  To resolve this we did the following:

  1. We added the Secondary Site Server Computer accounts to the Primary Site servers SMS_SiteSystemToSiteServerConnection_ABC and SMS_SiteToSiteConnection_ABC groups (where ABC is the ConfigMgr Primary Site code).
  2. We added the Primary Site Server Computer accounts to the Secondary Site servers SMS_SiteSystemToSiteServerConnection_ABC and SMS_SiteToSiteConnection_ABC groups (where ABC is the ConfigMgr Secondary Site code).
  3. The account that was being used to logon to the server was added to the Secondary Site servers Local Administrators group

Once we completed these three things the connection from the ConfigMgr Service Manager tool was successful.

In some cases you may want to see if it is possible to get this to work without the account being a local admin on the Secondary Site server, however, this does not work in all cases and the TechNet article below outlines this:

http://technet.microsoft.com/en-us/library/bb632332.aspx

Service Manager
In Configuration Manager 2007 Service Manager, you must have the Administer right on the primary site object to perform the following tasks:

  • Query a service
  • Stop a service
  • Start a service
  • Configure service logging

On a secondary site, you must be a member of the local Administrators group to perform these tasks.

Clifton Hughes | Senior Support Engineer