I decided to share with you one of the old, but also most cryptic cases that I have resolved some time ago due to the fact there wasn't any related trace that I could find in the Internet showcasing this issue.
The problem has been observed several times in SCCM 2007 infrastructure in the past and it usually occurred after the power outage or any unexpected reboot of an SCCM server. After the system is back up and running users, who actually are configured to have access to SCCM are welcomed with the following view when starting the console:
Configuration Manager Console error
Another interesting aspect of the problem was, that the local admins could still access SCCM without any problem. Issue affected only SCCM admins without the local admin rights on the SCCM server. The temporary workaround was to provide such privileges to all users, but obviously it could not be considered a permanent solution.
Reason:
After numerous in depth investigations it turned out, that the root cause of the problem were missing permissions to WMI namespaces. The reason for the loss of such permissions remains unknown, but the problem is reproducible.
Resolution:
In order to fix the problem the following actions have to be performed:
1. Access Start Menu, open Run prompt, and execute mmc command
2. Once the Console is opened press Ctrl+M in order to add the snap-in
3. Navigate down, choose WMI Control and click on Add button
4. Choose to connect to the local computer and Click on Ok button
6. Click on the arrow next to WMI Control (local) Snap-in and when it disappears right-click on the Snap-In and access the properties
The permissions have to be set up in a proper way in order to allow SMS Admins group access SCCM Console again and perform delegated actions. The settings can be retrieved from a fresh SCCM 2007 installation by comparison. Or you can use below proper configuration's screenshots as a reference
Proper configuration of WMI permissions for the root\sms namespace
Proper configuration of WMI permissions for the root\sms\site_XXX namespace
