RE: SMS is not seeing all computers
- From: RobM <RobM@xxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Wed, 12 Apr 2006 03:24:02 -0700
It could be something as simple as rebooting those site servers so their
computer token is updated with new global group membership that gives them
rights to pubish in to the systems management container?
Or, check the "publish identity data to active directory" under Site
properties\advanced ... this is on by default but maybe somehow has been
switched off?
Check out the sitecomp.log on your central site server or any of the
primaries underneath it. You'll probably see permission denied (error 5) when
SMS tries to publish in to A/D.
use adsiedit.msc to permission the system management container. Make sure
all your site servers are in a global group and assign that global group to
the permission list allowing replication to all child objects.
Here check this article out, it's on a site that hasn't been brought up
fully yet but the link will stay alive for a few more weeks:
http://cs.koobel.co.uk/content/SMS2003PublishingtoActiveDirectory.aspx
"Jon" wrote:
Configuration:.
I am trying to setup SMS 2003 SP2 with SQL 2005 on a Win 2003 server. We
have a single forrest with four domains. Domain A and B are equal with each
other and Domains B1 and B2 are equal with each other but are children to
Domain B. The SMS site/server are in B allong with other member servers, all
user accounts, and a few desktops. The majority of our desktops are in B1
with a few other desktops in B2. All of this is in one geographic location,
one SMS Site, and one AD site. All desktops are running Win XP SP2 and so my
SMS site is using Advanced security. I have extended the AD Schema (first
for SMS 2003, then AGAIN after I upgraded to SMS 2003 SP2). I checked the
log file to verify the schema extention was successfull (both times) SMS was
able to successfully create the System Management container within the System
container. The SMS Server has full controll of the System contain and all
subcontainers and objects.
SMS Can do:
SMS has correctly detected AD Security Groups, Users, and Servers and
Desktops from domain B. Client push is successful for desktops/servers in
domain B. Manual install of client is successful on desktops in domain B1.
Hardward inventory collection and software inventory collection is successful
for all clients regardless of what domain they are in or how they became
clients.
Problem:
1) SMS does not see any servers or desktops in any of the domains other
than those that are joined to domain B. This is a show stopper for us since
most of our desktops are in domain B1. I am confident we could "Force" it to
work by implementing a script or something but I really want to use SMS's AD
System Discovery to discover them so that we can *KNOW* that our harware
information is accurate as time goes on.
2) Nothing has been published in the AD Systems Management container the
SMS server created during the initial install/setup.
3) Site Status messages make me believe there is a permissions problem
somewhere but I cannot find it since the SMS server has full control
permissions
4) Site Status messages also say that I need to extend the schema. This is
equally baffling because I've already successfully extended the schema twice.
I think these problems are all related but I am at a loss for how to "fix"
them because everything I have read that I should do, I have already done.
Please help.
Thanks,
Jon
- Follow-Ups:
- RE: SMS is not seeing all computers
- From: Jon
- RE: SMS is not seeing all computers
- Prev by Date: Re: SMS 2003: advanced client won't start, CryptGenKey failed error
- Next by Date: Re: SMS_AD_SYSTEM_GROUP_DISCOVERY_AGENT Message ID 5503
- Previous by thread: Re: Login script to reinstall sms 2003
- Next by thread: RE: SMS is not seeing all computers
- Index(es):
Relevant Pages
|
|
