MEM Remote Control Failing on Initiating Handshake

Question

MEM Remote Control Failing on Initiating Handshake

Mark Broughton 1

I'm getting this same error inconsistently across differing models of machines and seemingly at random. been looking for an answer for about 1 1/2 months now.
We can image 4 and 3 we can remote control just fine but 1 will fail at the initiating handshake.
we've tried the obvious things and then some not so obvious things. have tried all these on various machines over the time, ran repair on client, uninstall/reinstall client, re-image the machine, check rsop to make policy is right, confirmed registry is right for allowed access, ran dism /online /cleanup-image /restorehealth, tried winmgmt /salvagerepository and /resetrepository, check out the DCOM, checked DNS for stale entries, did a rename with a slightly different name and rejoined (that worked on 1 machine and then we named it back and still worked but that didn't work on other machines). checked the hostfile to make sure it was good. found two more things to try: deleting the contents of the CmRcService.log apparently worked for someone and then saw another say to stop the SMS Agent Host service then delete a system file starting with 19c5 in ProgramData>MachineKeys so tried those. no joy.
PKI certs are in place. Remote Control Group is present and correctly populated. (can't be something as easy as that!)
Errors in the logs are saying Class not Registered 80040154
and connection was forcibly closed by the remote host 80072746
and failed to open WMI namespace error 80070005 Permissions may be configured incorrectly. Access is Denied.
Haven't identified any specific, consistent cause but the errors do seem consistently the same. Thoughts? Suggestions? Ideas.

Answer 1

AllenLiu-MSFT 35,116 Microsoft Vendor

Hi, @Mark Broughton

Thank you for posting in Microsoft Q&A forum.

Have we checked below article to troubleshoot the handshake issue.
If the local security group: ConfigMgr Remote Control Users is empty like the article mentioned, we may need to either add the permitted viewers using GPO or compliance baseline using SCCM.

Here is the article link for your reference:
https://eskonr.com/2020/01/sccm-remote-control-failed-to-do-handshake-in-server-an-existing-connection-was-forcibly-closed-by-the-remote-host-error-80072746/
(Note: This is a third-party link, Just for your reference)

If the answer is the right solution, please click "Accept Answer" and kindly upvote it. If you have extra questions about this answer, please click "Comment".
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.

Mark Broughton 1 Reputation point

2022-03-31T14:48:50.693+00:00

Yes, I had seen that same article and have confirmed that the group exists and is properly populated. A few more bits of information. MEM version is 2107 running on Server 2019 Std. on current client version as well.
Mark Broughton 1 Reputation point

2022-03-31T15:39:27.023+00:00

also just tried stopping the AV service and connecting, no joy.
On a whim, thought I'd try Quick Assist, probably not the same engine but worth trying I thought. Could remote in just fine. Tried again from MEM after that with AV service still stopped, JIC, still no joy. re-confirmed that Dell drivers are current and that updates are current.
machine is hardwired to the network. only 1 ethernet and 1 wifi adapter showing. turned off power saving on the ethernet adapter. no joy.
AllenLiu-MSFT 35,116 Reputation points Microsoft Vendor

2022-04-01T07:00:41.293+00:00

Hi, @Mark Broughton

Media disconnect occurred at MSNdis_StatusMediaDisconnect via class Intel(R) Ethernet Connection (4) I219-LM

It seems the network connection was severed for some reason.
You may open a support case for a dedicated support.

Here is the link of CSS support:
https://support.microsoft.com/en-us/hub/4343728/support-for-business
Mark Broughton 1 Reputation point

2022-04-04T15:52:45.397+00:00

Interesting test. I removed the machine from the domain, renamed it by adding -1 to the end, rejoined it to the domain and attempted the remote session and it worked just fine. undid all that and put back to the original name and the remote reverted back to not working. seems like there must be some attribute that's attached to the name that isn't consistently getting cleared when the imaging is done. that seems weird. I thought maybe a SID history issue but, from what I read, that only is affected when changing domains, not a rename. we do reuse the same machine names so it definitely could be tied to some sort of legacy attribute. now if we only knew what that was and how to clear it. definitely is sounding like time for a support ticket but thought you might find that interesting.

MEM Remote Control Failing on Initiating Handshake

1 answer

Activity