IUSR account and SCCM 2007 R3 agent

I recently started working with SCCM and rolling the agent out with machine having IIS 7.x installed.  I ran into issues where the SCCM agent wouldn’t install.  The errors mostly were 0x80004005 and 1603, another key one I found was Return Value 3 in the SCCM setup log.  During the troubleshooting, I found a cool utility called WMI Diag  WMI diag is a VBS script that reads the local WMI store and helps diagnose issue.  Anyone working with SMS or SCCM should keep this handy tool around.  The good thing my particular case WMI was healthy. 


The issue turned out I changed the Anonymous Authentication module from using the IUSR account to inherit Application Pool identity.  Once we temporarily switched back to IUSR, installed the agent, then switched the setting back to inherit application pool identity, the SCCM agent installed with no issues. I’m not sure why switching back to the IUSR account solved my issue, if I find out I’ll update the post. 


More information on IIS 7 builtin accounts


http://learn.iis.net/page.aspx/140/understanding-built-in-user-and-group-accounts-in-iis-7


Specify an application pool identity 


http://technet.microsoft.com/en-us/library/cc771170(WS.10).aspx


SCCM resources (Config Mgr Setup  / Deployment forums)


http://social.technet.microsoft.com/Forums/en-US/configmgrsetup/threads


http://www.myitforum.com (the best independent SCCM community resource)


Hope this helps.


Steve Schofield
Microsoft MVP – IIS