If you add the AppIdentity account to the BUILTIN\Administrators group on a system, just as a test, does this change anything?  It should work without this change, but it's worth a try.

ebarcelos,

is the "server" service running ok on your target servers?

80070005 - is "access denied" - the account you're using to deploy has local admin rights but is it a local or domain account?

thanks

@EDIT: Known issue:

http://www.symantec.com/business/support/index?pag...

I have the same problem here with a Windows 7 SP1 client (x86) in my test environment (7.1 SP1b).

- Firewall off (Client and server)

- Trying to push with domain admin

- Can access c$ and so on

- RPC services up and running

- Can push Deployment Agent (6.9)

Last time i had this error i rejoined the domain with the client and it worked. Now i rejoined the domain with the client and the server... nothing changed. Same error.

I also tried the local administrator on the client ... same.

This is what i see in the client security event log:

--------------------------------------------------------------

Special privileges assigned to new logon.

Subject:
    Security ID:        TRAINING\Administrator
    Account Name:        Administrator
    Account Domain:        TRAINING
    Logon ID:        0xc6335

Privileges:        SeSecurityPrivilege
            SeBackupPrivilege
            SeRestorePrivilege
            SeTakeOwnershipPrivilege
            SeDebugPrivilege
            SeSystemEnvironmentPrivilege
            SeLoadDriverPrivilege
            SeImpersonatePrivilege

-------------------------------------------------------------- and after this event:

An account was successfully logged on.

Subject:
    Security ID:        NULL SID
    Account Name:        -
    Account Domain:        -
    Logon ID:        0x0

Logon Type:            3

New Logon:
    Security ID:        TRAINING\Administrator
    Account Name:        Administrator
    Account Domain:        TRAINING
    Logon ID:        0xc6335
    Logon GUID:        {5026175a-69f1-a89d-785f-7f88c802cfde}

Process Information:
    Process ID:        0x0
    Process Name:        -

Network Information:
    Workstation Name:    
    Source Network Address:    10.0.0.250
    Source Port:        1750

Detailed Authentication Information:
    Logon Process:        Kerberos
    Authentication Package:    Kerberos
    Transited Services:    -
    Package Name (NTLM only):    -
    Key Length:        0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
    - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
    - Transited services indicate which intermediate services have participated in this logon request.
    - Package name indicates which sub-protocol was used among the NTLM protocols.
    - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.

This is a known issue happeing on windows 7 and windows 2008 server.

I have tried a pull install & that worked for me

We pushed out the client using another method, and it worked fine.  Also, pull installation works fine, too.  

A Pointfix is available at

http://www.symantec.com/business/support/index?pag...