3 Replies Latest reply on Feb 21, 2013 9:11 AM by Angelo Gagliano

    Agent Access Failure During Windows Provision

    Robert Stinnett

      I am provisiong a new Windows 2008 R2 system.  The default "Administrator" account is put on the box.  However our RBAC BLAdmin role is mapped to "xxxyyyzzz" which is what we rename Administrator too.


      The problem is that after the provisioning happens, Bladelogic is trying to access the RSCD agent on that box as xxxyyyzzz even though the Administrator account hasn't been renamed yet and I get "No authorization to access host".


      Now I looked into using Automation Principles and user mapping, the problem the post-batch job that is supposed to run will change the Administrator account.  So even if I map to Administrator then during the post-install batch job I will be renaming the Administrator account and the mapping will no longer be valid.


      Has anyone faced this challenege before and any ideas on how to get out of the woods?

        • 1. Re: Agent Access Failure During Windows Provision
          Newton Nyante

          Instead of using a post-install batch job to rename the Administator account, could this be added as a post-provision script within the system package?  The post-provision script will execute on the targee before any BSA jobs execute to avoid the situation.

          • 2. Re: Agent Access Failure During Windows Provision
            Jim Wilson

            Hi Robert,


            Did Newton's response help solve the problem?

            Can you share any more information with the community?


            Thanks & Regards,

            Jim (Forum Manager/Facilitator)

            • 3. Re: Agent Access Failure During Windows Provision

              We use a GPO to automatically rename our Administrator account. Since it is possible that the timing of the rename from the GPO is not always the same, I wrote a simple script that runs during provissioning to make sure that the agent is mapped to a valid account.


              Ours looks like this:


              net user svcBMCBSAadmin randompassword /add

              net localgroup Administrators svcBMCBSAadmin /add

              echo BLAdmins:BLAdmin                                     rw,map=svcBMCBSAadmin>>%WINDIR%\rsc\users.local


              So you could just do that echo into users.local for map=Administrator and then let your rename script do the echo back to your xxxyyyzzz account. Then do acl push to make sure your files are all clean.


              I know that isn't a pretty solution, but it is really just adding to "echo"s to your existing process.



              1 of 1 people found this helpful