BzowK Posted March 21, 2017 Report post Posted March 21, 2017 Hey Guys / Niall - I'm in need of assistance with an issue, please. Our company is moving all systems over to a new domain over the next few months. One other change will be that the new domain will have a new SCCM environment. Since I'd rather not manage multiple environments, the plan is to migrate all workstations over to the new SCCM environment over about a week's time before migrating the domain on the systems. I've already built the new environment and all site servers on the new domain so was ready to start client migration. Changing a system to the new SCCM site and new domain works great - however - changing the client to the new SCCM site while retaining the old domain is not working. Overall, I have ~10,000 workstations on our current domain which are members of the existing SCCM site. I'm needing to migrate the clients to a new SCCM site which is on a new domain, but without changing the domain. I'm using a VBS file to change the client's site code to the new environment. Once I do, communication isn't correct, though. Client's log files show: ClientIDManagerStartup.log RegTask: Failed to refresh MP. Error: 0x8000ffff LocationServices.log: There is no AMP for site code "BCD". LsRefreshManagementPointEx failed with 0x8000ffff Failed to refresh security settings over AD with error 0x87d00215 Failed to refresh security settings over MP with error 0x8000ffff The New SCCM environment's console shows the hostname of the test system plus shows that it's a member of the old domain. It shows that "No" client is installed on the system both prior to and after the test to migrate it. Finally, below are the things I've configured in preparation prior to the test: A two-way trust exists between the old and new domains Boundary added in New SCCM environment (ip range) for test system which is assigned to a Boundary group /w assigned site code & MP SRV record added to old domain so that new site code resolves and points to FQDN of the new SCCM server's primary server Discovery methods configured to scan for systems in the old domain Both SCCM sites are HTTP (not HTTPS) Any suggestions? Thanks!! Quote Share this post Link to post Share on other sites More sharing options...
Thomas@ehler.dk Posted March 21, 2017 Report post Posted March 21, 2017 (edited) Hi Did you publish successfully to the new domain (Administration, Hierarchy, Activ Directory forests)? Edited March 21, 2017 by Thomas@ehler.dk Quote Share this post Link to post Share on other sites More sharing options...
BzowK Posted March 24, 2017 Report post Posted March 24, 2017 Yes! - The schema has been extended, is showing entries for the Secondary sites I've added, plus clients installed onto workstation which are joined to the new domain are working perfectly. Any suggestions? Thanks! Quote Share this post Link to post Share on other sites More sharing options...
Thomas@ehler.dk Posted March 25, 2017 Report post Posted March 25, 2017 All PC's on the old domain are visible under devices on the new SCCM? Then you should be able to push the client to them from the new SCCM? What about new SCCM local Administrator rights on the Pc's in the old domain. Did you add that with a policy and is it effectuated? Quote Share this post Link to post Share on other sites More sharing options...
BzowK Posted March 29, 2017 Report post Posted March 29, 2017 Yes - In the new SCCM environment, boundaries & discovery are both configured for the old domain and workstations appear under Devices. I tried migrating another test VM today. I kept it in the old domain, but ran a script to change it's site code to the new SCCM environment on the new domain (even though staying on the old domain.) Still no luck. ClientIDManagerStartup.log keeps showing "RegTask: Failed to refresh MP Error: 0x8000ffff after I migrate it to the new site. I decided to ensure that the SRV record for the new sitecode was set up correctly in the old domain's DNS and it is. Attached is a screenshot which I executed from the test VM which I migrated to the new site code upon but was still on the old domain. The old domain ends in corporate.___.com and the new domain ___health.net. The new site code is "AH1" which is finds the primary site server (& MP) in the new domain as you can see. Below that, I queried "AHS" which is the old site code. This results in displaying the primary of the old domain. Doesn't look like the SRV record is the issue, but if not; why is it still saying "Failed to refresh MP Error"? Possibly due to permissions (despite being a two way trust between domains) or am I missing a pointer / record somewhere? Thanks! Quote Share this post Link to post Share on other sites More sharing options...
Thomas@ehler.dk Posted March 29, 2017 Report post Posted March 29, 2017 Hi I'm in deep here but old trustworthy Google turned up this: - Try looking under ClientIDManagerStartup.log: https://blogs.technet.microsoft.com/configurationmgr/2015/08/10/support-tip-configmgr-2012-client-fails-to-register-cross-forest-when-installed-using-the-command-line/ /Sam Quote Share this post Link to post Share on other sites More sharing options...
