Search the Community
Showing results for tags 'System Management'.
-
Hey Guys / Niall - I recently built a new SCCM environment with 4 Secondary servers for an upcoming domain migration and have just about finished it. When looking in the console under "Active Directory Forests", I see that under "Publishing Status" it says "Insufficient Access Rights." The permissions for the "Systems Management" container seem correct. Looking within it, I see that it has created objects for the Primary + 2 of the 3 Secondary sites - but that's it. Below you can see the contents of the Systems Management container currently. AH1 is the Primary site with ABQ & TUL Secondaries. The 3rd Secondary is missing completely... I personally didn't extend the schema or assign rights, but here's how it is currently configured. When looking under the Security tab of the System Management container's Properties, I see that there is an AD Security Group named "SCCM Site Servers" with full rights. I've also verified that all of the SCCM Site Servers (including the primary and all secondaries) have been added to this group. No specific user / service accounts have been added. Aside from that group, the following exist: SELF (No rights) Authenticated users (Read) SYSTEM (Full Rights) DOMAIN\Domain Admins (Full Rights) DOMAIN\Enterprise Admins (Full Rights - Inherited) DOMAIN\Administrators (Read & Write but not Full - Inherited) DOMAIN\Pre-Windows 2000 Compatible Access (No Rights) ENTERPRISE DOMAIN CONTROLLERS (No Rights) If I examine the Properties of the Forest within the console, the option to discover sites & subnets in the AD forest is enabled and set to use the computer account of the site server. The Publishing tab has all 4 (Primary + 3 Secondaries) checked and no domain / server specified. I tried adding the hostname of the Secondary site which wasn't listed in the SM container directly via Delegating Access. When viewing Advanced properties of the container's security, the added hostname looks to have the same configuration as the AD Group. Once added, I unchecked it's site under Publishing, applied, clicked ok, went back to Publishing, checked it, applied, then clicked OK again. So far, no changes. Not 100% sure if this would attempt to reinitiate it, though. After I make changes in attempts to resolve, how can I best verify they are successful if not the above? Finally, I looked through all ad* logs and even though I didn't look in great detail, I didn't see anything recent that stood out. Any suggestions for resolving this? Thanks!
- 2 replies
-
- Insufficient Access Rights
- Publishing Status
- (and 2 more)
-
Hi, I need your advice about migrated sccm2007 AD entries(SMS-MP-SiteCode-SiteServerName, SMS-SLP-SiteCode-SiteServerName and sccm2007 sitecode) that still exists in system management container, sccm 2012 client installation on some machines failing because they are still contacting with old sccm2007 MP and assigned to sccm2007 site code "Name: 'MP.x.x.x.com' HTTPS: 'N' ForestTrust: 'N' LocationServices 4/25/2016 1:38:12 PM 3780 (0x0EC4)" log file attached. we are using GPO for site assignment. please help to answer following Qs: - is deleting migrated sccm2007 AD entries from system management container, will help on sccm2012 client installation? - what is best practice to delete sccm2007 MP and site code from system management container? thanks in advance. LocationServices.txt
-
Hi, I have 1 site thats running SCCM 2007 with IP ranged boundaries and a site with SCCM 2012 running on same IP ranged boundaries. The problem is that the SCCM 2012 site automatically creates boundary groups and boundaries of the old SCCM, pointing the clients to the wrong distribution points. Is there any fix for this, to avoid clients being pointed to the wrong DPs. I have tried setting deny read in AD, on the System Management container, for both SCCM server objects, but they are still created.
- 2 replies
-
- boundary group
- sccm 2012
-
(and 3 more)
Tagged with:
-
Hello Thanks for reading my post To start with some basic info about my VM test lab Part one – My Lab I have two Windows 2012 Servers: Main DC called – NEW-DC01-W12 – Running DHCP – IP address 10.0.0.1 SCCM Server called – NEW-SCCM-W12 10.0.0.1 On my DC I made a container called System Management and give the SCCM server (NEW-SCCM-W12$) and my SCCM admin (SCCMADMIN) account full Control permissions to the System Management container and all its child objects. Not sure where the $ came from but it adds it when I enter my SCCM server name. I used http://technet.microsoft.com/en-gb/library/bb680711.aspx Here is a copy of the file after I ran the file on the CD to extended Active Directory schema <03-17-2013 00:04:45> Modifying Active Directory Schema - with SMS extensions. <03-17-2013 00:04:45> DS Root:CN=Schema,CN=Configuration,DC=Thomas-NEW,DC=local <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Site-Code. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Assignment-Site-Code. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Site-Boundaries. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Roaming-Boundaries. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Default-MP. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Device-Management-Point. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-MP-Name. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-MP-Address. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Health-State. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Source-Forest. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Ranged-IP-Low. <03-17-2013 00:04:46> Defined attribute cn=MS-SMS-Ranged-IP-High. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Version. <03-17-2013 00:04:46> Defined attribute cn=mS-SMS-Capabilities. <03-17-2013 00:04:46> Defined class cn=MS-SMS-Management-Point. <03-17-2013 00:04:47> Defined class cn=MS-SMS-Server-Locator-Point. <03-17-2013 00:04:47> Defined class cn=MS-SMS-Site. <03-17-2013 00:04:47> Defined class cn=MS-SMS-Roaming-Boundary-Range. <03-17-2013 00:04:47> Successfully extended the Active Directory schema. <03-17-2013 00:04:47> Please refer to the ConfigMgr documentation for instructions on the manual <03-17-2013 00:04:47> configuration of access rights in active directory which may still <03-17-2013 00:04:47> need to be performed. (Although the AD schema has now be extended, <03-17-2013 00:04:47> AD must be configured to allow each ConfigMgr Site security rights to <03-17-2013 00:04:47> publish in each of their domains.) I can see the System Management in ad but there is nothing in it I then installed SQL server and SCCM – after adding all the windows features it needs I am now trying to install the client on to a Windows 8 VM and its not working. Looking at the log file for ccmsetup – see below <![LOG[==========[ ccmsetup started in process 2236 ]==========]LOG]!><time="18:00:02.464+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:8115"> <![LOG[CcmSetup version: 5.0.7711.0000]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:761"> <![LOG[Running on OS (6.2.9200). Service Pack (0.0). SuiteMask = 256. Product Type = 1]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:894"> <![LOG[Ccmsetup command line: "C:\Windows\SysWOW64\CCMSetup\ccmsetup.exe"]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3030"> <![LOG[DhcpGetOriginalSubnetMask entry point is supported.]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmiputil.cpp:117"> <![LOG[begin checking Alternate Network Configuration]LOG]!><time="18:00:02.479+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmiputil.cpp:1069"> <![LOG[Finished checking Alternate Network Configuration]LOG]!><time="18:00:02.495+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmiputil.cpp:1146"> <![LOG[Adapter {17619596-8225-4A57-99B8-59401B9ED738} is DHCP enabled. Checking quarantine status.]LOG]!><time="18:00:02.495+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmiputil.cpp:416"> <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="18:00:02.635+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="lsad.cpp:601"> <![LOG[Attempting to query AD for assigned site code]LOG]!><time="18:00:02.635+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1610"> <![LOG[Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=167772190)(MSSMSRangedIPHigh>=167772190))))]LOG]!><time="18:00:02.791+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1645"> <![LOG[Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.0.0.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1706"> <![LOG[Failed to get assigned site from AD. Error 0x80004005]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="2" thread="1260" file="ccmsetup.cpp:363"> <![LOG[GetADInstallParams failed with 0x80004005]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="3" thread="1260" file="ccmsetup.cpp:403"> <![LOG[sslState value: 224]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmsetup.cpp:3646"> <![LOG[Ccmsetup was run without any user parameters specified. Running without registering ccmsetup as a service.]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3698"> <![LOG[No sitecode is specified or detected. Assume AUTO sitecode.]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3703"> <![LOG[CCMHTTPPORT: 80]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7336"> <![LOG[CCMHTTPSPORT: 443]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7351"> <![LOG[CCMHTTPSSTATE: 224]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7369"> <![LOG[CCMHTTPSCERTNAME: ]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7387"> <![LOG[FSP: ]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7439"> <![LOG[CCMFIRSTCERT: 1]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:7497"> <![LOG[No MP or source location has been explicitly specified. Trying to discover a valid content location...]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3907"> <![LOG[Looking for MPs from AD...]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3916"> <![LOG[DHCP entry points already initialized.]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmiputil.cpp:75"> <![LOG[begin checking Alternate Network Configuration]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmiputil.cpp:1069"> <![LOG[Finished checking Alternate Network Configuration]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmiputil.cpp:1146"> <![LOG[Adapter {17619596-8225-4A57-99B8-59401B9ED738} is DHCP enabled. Checking quarantine status.]LOG]!><time="18:00:02.838+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="ccmiputil.cpp:416"> <![LOG[Current AD site of machine is Default-First-Site-Name]LOG]!><time="18:00:02.854+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="lsad.cpp:601"> <![LOG[Attempting to query AD for assigned site code]LOG]!><time="18:00:02.854+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1610"> <![LOG[Executing query (&(ObjectCategory=MSSMSRoamingBoundaryRange)(|(&(MSSMSRangedIPLow<=167772190)(MSSMSRangedIPHigh>=167772190))))]LOG]!><time="18:00:02.854+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1645"> <![LOG[Executing query (&(ObjectCategory=mSSMSSite)(|(mSSMSRoamingBoundaries=10.0.0.0)(mSSMSRoamingBoundaries=Default-First-Site-Name)))]LOG]!><time="18:00:02.854+00" date="03-23-2013" component="ccmsetup" context="" type="0" thread="1260" file="lsad.cpp:1706"> <![LOG[Failed to get assigned site from AD. Error 0x80004005]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="2" thread="1260" file="ccmsetup.cpp:363"> <![LOG[GetADInstallParams failed with 0x80004005]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="3" thread="1260" file="ccmsetup.cpp:403"> <![LOG[Couldn't find an MP source through AD. Error 0x80004005]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3935"> <![LOG[Current directory 'C:\Windows\SysWOW64\CCMSetup' is not a valid source location.]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:3975"> <![LOG[No valid source or MP locations could be identified to download content from. Ccmsetup.exe cannot continue.]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="3" thread="1260" file="ccmsetup.cpp:3985"> <![LOG[invalid ccmsetup command line: ]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="3" thread="1260" file="ccmsetup.cpp:3789"> <![LOG[A Fallback Status Point has not been specified. Message with STATEID='100' will not be sent.]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:8443"> <![LOG[A Fallback Status Point has not been specified. Message with STATEID='307' will not be sent.]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:8443"> <![LOG[CcmSetup failed with error code 0x80004005]LOG]!><time="18:00:02.869+00" date="03-23-2013" component="ccmsetup" context="" type="1" thread="1260" file="ccmsetup.cpp:9454"> I am runing this command CCMsetup.exe /mp:NEW-SCCM-W12 SMSSITECODE=PRI FSP=NEW-SCCM-W12 Under Active Directory Forests I have the message “Insufficient access rights under Publishing Status” And in Site under messages I have “Configuration Manager could not locate the "System Management" container in Active Directory (Thomas-NEW.local). Nor could it create a default container. This will prevent Site Component Manager and Hierarchy Manager from updating or adding any objects to Active Directory. Possible cause: The site server's machine account might not have the correct rights to update active directory. Solution: Either give the Service Account rights to update the domain's System Container, or manually create the "System Management" container in this domain's Active Directory system container, and give the site server computer account full rights to that container (and all children objects.)" I am not sure why my site can’t talk to AD - What account is the "The site server's machine account" Thanks for your help
-
- Client manager
- AD
-
(and 2 more)
Tagged with: