At work we’ve had intermittent issues with SCCM’s remote control functionality for a week. Some days it seems like we can connect to every machine and other days it felt like it was a 50/50 chance of it working. We’ve used workarounds (Lync/SfB screen sharing) since no one had the time to actually dig into what is happening.
Yesterday I had enough and started looking.
I tried to connect to a machine I knew previously have had issues. It did’t work this time either. First thing to check is obviously log files. From my computer, the machine initiating the remote control request, I went to %TEMP% which in my case resolved the path to C:\Users\username\AppData\Local\Temp but it’s common to also resolve to a subfolder to AppData\Local\Temp. I opened CmRcViewer.log in CMTrace.exe (the preferred log file reading tool).
Big red errors. But “Unknown error” is not very helpful at all.
CMTrace has a wonderful error lookup feature which will translate many hexadecimal error codes (and sometimes decimal also I believe) into more meaningful text. Looking up the error codes 8007274C and 80072AF9 gives the following back:
1. “A connection attempt failed because the connected party did not properly respond after a period of time, or established connection failed because connected host has failed to respond.”
2. “No such host is known.”
Pinging the remote computer worked and DNS resolved correctly as well, from both my computer and the SCCM server, so it couldn’t be that.
The more general error message listed in clear text below the two “Unknown error” kinda shoots from the hip and lists the most common causes of not being able to connect. In this case it was actually right. The port used for remote control, 2701, was not reachable from my computer to the remote computer. I found this out by running the PowerShell cmdlet Test-NetConnection.
Test-NetConnection -Port 2701 -ComputerName RemoteComputerNameHere
Of course you can use the old school telnet client or Putty as well.
telnet RemoteComputerNameHere 2701
So why wasn’t the port reachable? First thought for me was that it had to be a firewall issue. There is no firewall between the two subnets, but the Windows Firewall is enabled on all machines in our environment.
I logged on to the remote computer via RDP instead and started poking around. The firewall exception was there. Why wasn’t this working then?
What I found out was that the network location settings was in some kind of limbo on the remote computer. It was spinning on “Identifying” even though the computer had been turned on for more than 24 hours.
PowerShell to the rescue once more (even though I of course could’ve opened services.msc since I RDP’d into this machine anyway, but where’s the fun in that?). I simply restarted the service.
Get-Service -ComputerName RemoteComputerNameHere -Name NlaSvc | Restart-Service -Force -Verbose
After this remote control started working. The reason being that the network location was correctly identified as “Domain network”, thus making the firewall exception for port 2701 actually apply.
Now I just have to find out why some computers cannot correctly identify their network location, which is very worrisome. Please comment if you have any ideas or tips or other thoughts.